CPUM.cpp@ 100101

Last change on this file since 100101 was 99775, checked in by vboxsync, 18 months ago
*: Mark functions as static if not used outside of a given compilation unit. Enables the compiler to optimize inlining, reduces the symbol tables, exposes unused functions and in some rare cases exposes mismtaches between function declarations and definitions, but most importantly reduces the number of parfait reports for the extern-function-no-forward-declaration category. This should not result in any functional changes, bugref:3409
Property svn:eol-style set to `native` Property svn:keywords set to `Id Revision`
File size: 247.2 KB

Line
1	/* $Id: CPUM.cpp 99775 2023-05-12 12:21:58Z vboxsync $ */
2	/** @file
3	* CPUM - CPU Monitor / Manager.
4	*/
5
6	/*
7	* Copyright (C) 2006-2023 Oracle and/or its affiliates.
8	*
9	* This file is part of VirtualBox base platform packages, as
10	* available from https://www.virtualbox.org.
11	*
12	* This program is free software; you can redistribute it and/or
13	* modify it under the terms of the GNU General Public License
14	* as published by the Free Software Foundation, in version 3 of the
15	* License.
16	*
17	* This program is distributed in the hope that it will be useful, but
18	* WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	* General Public License for more details.
21	*
22	* You should have received a copy of the GNU General Public License
23	* along with this program; if not, see <https://www.gnu.org/licenses>.
24	*
25	* SPDX-License-Identifier: GPL-3.0-only
26	*/
27
28	/** @page pg_cpum CPUM - CPU Monitor / Manager
29	*
30	* The CPU Monitor / Manager keeps track of all the CPU registers. It is
31	* also responsible for lazy FPU handling and some of the context loading
32	* in raw mode.
33	*
34	* There are three CPU contexts, the most important one is the guest one (GC).
35	* When running in raw-mode (RC) there is a special hyper context for the VMM
36	* part that floats around inside the guest address space. When running in
37	* raw-mode, CPUM also maintains a host context for saving and restoring
38	* registers across world switches. This latter is done in cooperation with the
39	* world switcher (@see pg_vmm).
40	*
41	* @see grp_cpum
42	*
43	* @section sec_cpum_fpu FPU / SSE / AVX / ++ state.
44	*
45	* TODO: proper write up, currently just some notes.
46	*
47	* The ring-0 FPU handling per OS:
48	*
49	* - 64-bit Windows uses XMM registers in the kernel as part of the calling
50	* convention (Visual C++ doesn't seem to have a way to disable
51	* generating such code either), so CR0.TS/EM are always zero from what I
52	* can tell. We are also forced to always load/save the guest XMM0-XMM15
53	* registers when entering/leaving guest context. Interrupt handlers
54	* using FPU/SSE will offically have call save and restore functions
55	* exported by the kernel, if the really really have to use the state.
56	*
57	* - 32-bit windows does lazy FPU handling, I think, probably including
58	* lazying saving. The Windows Internals book states that it's a bad
59	* idea to use the FPU in kernel space. However, it looks like it will
60	* restore the FPU state of the current thread in case of a kernel \#NM.
61	* Interrupt handlers should be same as for 64-bit.
62	*
63	* - Darwin allows taking \#NM in kernel space, restoring current thread's
64	* state if I read the code correctly. It saves the FPU state of the
65	* outgoing thread, and uses CR0.TS to lazily load the state of the
66	* incoming one. No idea yet how the FPU is treated by interrupt
67	* handlers, i.e. whether they are allowed to disable the state or
68	* something.
69	*
70	* - Linux also allows \#NM in kernel space (don't know since when), and
71	* uses CR0.TS for lazy loading. Saves outgoing thread's state, lazy
72	* loads the incoming unless configured to agressivly load it. Interrupt
73	* handlers can ask whether they're allowed to use the FPU, and may
74	* freely trash the state if Linux thinks it has saved the thread's state
75	* already. This is a problem.
76	*
77	* - Solaris will, from what I can tell, panic if it gets an \#NM in kernel
78	* context. When switching threads, the kernel will save the state of
79	* the outgoing thread and lazy load the incoming one using CR0.TS.
80	* There are a few routines in seeblk.s which uses the SSE unit in ring-0
81	* to do stuff, HAT are among the users. The routines there will
82	* manually clear CR0.TS and save the XMM registers they use only if
83	* CR0.TS was zero upon entry. They will skip it when not, because as
84	* mentioned above, the FPU state is saved when switching away from a
85	* thread and CR0.TS set to 1, so when CR0.TS is 1 there is nothing to
86	* preserve. This is a problem if we restore CR0.TS to 1 after loading
87	* the guest state.
88	*
89	* - FreeBSD - no idea yet.
90	*
91	* - OS/2 does not allow \#NMs in kernel space IIRC. Does lazy loading,
92	* possibly also lazy saving. Interrupts must preserve the CR0.TS+EM &
93	* FPU states.
94	*
95	* Up to r107425 (2016-05-24) we would only temporarily modify CR0.TS/EM while
96	* saving and restoring the host and guest states. The motivation for this
97	* change is that we want to be able to emulate SSE instruction in ring-0 (IEM).
98	*
99	* Starting with that change, we will leave CR0.TS=EM=0 after saving the host
100	* state and only restore it once we've restore the host FPU state. This has the
101	* accidental side effect of triggering Solaris to preserve XMM registers in
102	* sseblk.s. When CR0 was changed by saving the FPU state, CPUM must now inform
103	* the VT-x (HMVMX) code about it as it caches the CR0 value in the VMCS.
104	*
105	*
106	* @section sec_cpum_logging Logging Level Assignments.
107	*
108	* Following log level assignments:
109	* - Log6 is used for FPU state management.
110	* - Log7 is used for FPU state actualization.
111	*
112	*/
113
114
115	/*********************************************************************************************************************************
116	* Header Files *
117	*********************************************************************************************************************************/
118	#define LOG_GROUP LOG_GROUP_CPUM
119	#define CPUM_WITH_NONCONST_HOST_FEATURES
120	#include <VBox/vmm/cpum.h>
121	#include <VBox/vmm/cpumdis.h>
122	#include <VBox/vmm/cpumctx-v1_6.h>
123	#include <VBox/vmm/pgm.h>
124	#include <VBox/vmm/apic.h>
125	#include <VBox/vmm/mm.h>
126	#include <VBox/vmm/em.h>
127	#include <VBox/vmm/iem.h>
128	#include <VBox/vmm/selm.h>
129	#include <VBox/vmm/dbgf.h>
130	#include <VBox/vmm/hm.h>
131	#include <VBox/vmm/hmvmxinline.h>
132	#include <VBox/vmm/ssm.h>
133	#include "CPUMInternal.h"
134	#include <VBox/vmm/vm.h>
135
136	#include <VBox/param.h>
137	#include <VBox/dis.h>
138	#include <VBox/err.h>
139	#include <VBox/log.h>
140	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
141	# include <iprt/asm-amd64-x86.h>
142	#endif
143	#include <iprt/assert.h>
144	#include <iprt/cpuset.h>
145	#include <iprt/mem.h>
146	#include <iprt/mp.h>
147	#include <iprt/rand.h>
148	#include <iprt/string.h>
149
150
151	/*********************************************************************************************************************************
152	* Defined Constants And Macros *
153	*********************************************************************************************************************************/
154	/**
155	* This was used in the saved state up to the early life of version 14.
156	*
157	* It indicates that we may have some out-of-sync hidden segement registers.
158	* It is only relevant for raw-mode.
159	*/
160	#define CPUM_CHANGED_HIDDEN_SEL_REGS_INVALID RT_BIT(12)
161
162
163	/** For saved state only: Block injection of non-maskable interrupts to the guest.
164	* @note This flag was moved to CPUMCTX::eflags.uBoth in v7.0.4. */
165	#define CPUM_OLD_VMCPU_FF_BLOCK_NMIS RT_BIT_64(25)
166
167
168	/*********************************************************************************************************************************
169	* Structures and Typedefs *
170	*********************************************************************************************************************************/
171
172	/**
173	* What kind of cpu info dump to perform.
174	*/
175	typedef enum CPUMDUMPTYPE
176	{
177	CPUMDUMPTYPE_TERSE,
178	CPUMDUMPTYPE_DEFAULT,
179	CPUMDUMPTYPE_VERBOSE
180	} CPUMDUMPTYPE;
181	/** Pointer to a cpu info dump type. */
182	typedef CPUMDUMPTYPE *PCPUMDUMPTYPE;
183
184
185	/*********************************************************************************************************************************
186	* Internal Functions *
187	*********************************************************************************************************************************/
188	static DECLCALLBACK(int) cpumR3LiveExec(PVM pVM, PSSMHANDLE pSSM, uint32_t uPass);
189	static DECLCALLBACK(int) cpumR3SaveExec(PVM pVM, PSSMHANDLE pSSM);
190	static DECLCALLBACK(int) cpumR3LoadPrep(PVM pVM, PSSMHANDLE pSSM);
191	static DECLCALLBACK(int) cpumR3LoadExec(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass);
192	static DECLCALLBACK(int) cpumR3LoadDone(PVM pVM, PSSMHANDLE pSSM);
193	static DECLCALLBACK(void) cpumR3InfoAll(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
194	static DECLCALLBACK(void) cpumR3InfoGuest(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
195	static DECLCALLBACK(void) cpumR3InfoGuestHwvirt(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
196	static DECLCALLBACK(void) cpumR3InfoGuestInstr(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
197	static DECLCALLBACK(void) cpumR3InfoHyper(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
198	static DECLCALLBACK(void) cpumR3InfoHost(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
199
200
201	/*********************************************************************************************************************************
202	* Global Variables *
203	*********************************************************************************************************************************/
204	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
205	/** Host CPU features. */
206	DECL_HIDDEN_DATA(CPUHOSTFEATURES) g_CpumHostFeatures;
207	#endif
208
209	/** Saved state field descriptors for CPUMCTX. */
210	static const SSMFIELD g_aCpumCtxFields[] =
211	{
212	SSMFIELD_ENTRY( CPUMCTX, rdi),
213	SSMFIELD_ENTRY( CPUMCTX, rsi),
214	SSMFIELD_ENTRY( CPUMCTX, rbp),
215	SSMFIELD_ENTRY( CPUMCTX, rax),
216	SSMFIELD_ENTRY( CPUMCTX, rbx),
217	SSMFIELD_ENTRY( CPUMCTX, rdx),
218	SSMFIELD_ENTRY( CPUMCTX, rcx),
219	SSMFIELD_ENTRY( CPUMCTX, rsp),
220	SSMFIELD_ENTRY( CPUMCTX, rflags),
221	SSMFIELD_ENTRY( CPUMCTX, rip),
222	SSMFIELD_ENTRY( CPUMCTX, r8),
223	SSMFIELD_ENTRY( CPUMCTX, r9),
224	SSMFIELD_ENTRY( CPUMCTX, r10),
225	SSMFIELD_ENTRY( CPUMCTX, r11),
226	SSMFIELD_ENTRY( CPUMCTX, r12),
227	SSMFIELD_ENTRY( CPUMCTX, r13),
228	SSMFIELD_ENTRY( CPUMCTX, r14),
229	SSMFIELD_ENTRY( CPUMCTX, r15),
230	SSMFIELD_ENTRY( CPUMCTX, es.Sel),
231	SSMFIELD_ENTRY( CPUMCTX, es.ValidSel),
232	SSMFIELD_ENTRY( CPUMCTX, es.fFlags),
233	SSMFIELD_ENTRY( CPUMCTX, es.u64Base),
234	SSMFIELD_ENTRY( CPUMCTX, es.u32Limit),
235	SSMFIELD_ENTRY( CPUMCTX, es.Attr),
236	SSMFIELD_ENTRY( CPUMCTX, cs.Sel),
237	SSMFIELD_ENTRY( CPUMCTX, cs.ValidSel),
238	SSMFIELD_ENTRY( CPUMCTX, cs.fFlags),
239	SSMFIELD_ENTRY( CPUMCTX, cs.u64Base),
240	SSMFIELD_ENTRY( CPUMCTX, cs.u32Limit),
241	SSMFIELD_ENTRY( CPUMCTX, cs.Attr),
242	SSMFIELD_ENTRY( CPUMCTX, ss.Sel),
243	SSMFIELD_ENTRY( CPUMCTX, ss.ValidSel),
244	SSMFIELD_ENTRY( CPUMCTX, ss.fFlags),
245	SSMFIELD_ENTRY( CPUMCTX, ss.u64Base),
246	SSMFIELD_ENTRY( CPUMCTX, ss.u32Limit),
247	SSMFIELD_ENTRY( CPUMCTX, ss.Attr),
248	SSMFIELD_ENTRY( CPUMCTX, ds.Sel),
249	SSMFIELD_ENTRY( CPUMCTX, ds.ValidSel),
250	SSMFIELD_ENTRY( CPUMCTX, ds.fFlags),
251	SSMFIELD_ENTRY( CPUMCTX, ds.u64Base),
252	SSMFIELD_ENTRY( CPUMCTX, ds.u32Limit),
253	SSMFIELD_ENTRY( CPUMCTX, ds.Attr),
254	SSMFIELD_ENTRY( CPUMCTX, fs.Sel),
255	SSMFIELD_ENTRY( CPUMCTX, fs.ValidSel),
256	SSMFIELD_ENTRY( CPUMCTX, fs.fFlags),
257	SSMFIELD_ENTRY( CPUMCTX, fs.u64Base),
258	SSMFIELD_ENTRY( CPUMCTX, fs.u32Limit),
259	SSMFIELD_ENTRY( CPUMCTX, fs.Attr),
260	SSMFIELD_ENTRY( CPUMCTX, gs.Sel),
261	SSMFIELD_ENTRY( CPUMCTX, gs.ValidSel),
262	SSMFIELD_ENTRY( CPUMCTX, gs.fFlags),
263	SSMFIELD_ENTRY( CPUMCTX, gs.u64Base),
264	SSMFIELD_ENTRY( CPUMCTX, gs.u32Limit),
265	SSMFIELD_ENTRY( CPUMCTX, gs.Attr),
266	SSMFIELD_ENTRY( CPUMCTX, cr0),
267	SSMFIELD_ENTRY( CPUMCTX, cr2),
268	SSMFIELD_ENTRY( CPUMCTX, cr3),
269	SSMFIELD_ENTRY( CPUMCTX, cr4),
270	SSMFIELD_ENTRY( CPUMCTX, dr[0]),
271	SSMFIELD_ENTRY( CPUMCTX, dr[1]),
272	SSMFIELD_ENTRY( CPUMCTX, dr[2]),
273	SSMFIELD_ENTRY( CPUMCTX, dr[3]),
274	SSMFIELD_ENTRY( CPUMCTX, dr[6]),
275	SSMFIELD_ENTRY( CPUMCTX, dr[7]),
276	SSMFIELD_ENTRY( CPUMCTX, gdtr.cbGdt),
277	SSMFIELD_ENTRY( CPUMCTX, gdtr.pGdt),
278	SSMFIELD_ENTRY( CPUMCTX, idtr.cbIdt),
279	SSMFIELD_ENTRY( CPUMCTX, idtr.pIdt),
280	SSMFIELD_ENTRY( CPUMCTX, SysEnter.cs),
281	SSMFIELD_ENTRY( CPUMCTX, SysEnter.eip),
282	SSMFIELD_ENTRY( CPUMCTX, SysEnter.esp),
283	SSMFIELD_ENTRY( CPUMCTX, msrEFER),
284	SSMFIELD_ENTRY( CPUMCTX, msrSTAR),
285	SSMFIELD_ENTRY( CPUMCTX, msrPAT),
286	SSMFIELD_ENTRY( CPUMCTX, msrLSTAR),
287	SSMFIELD_ENTRY( CPUMCTX, msrCSTAR),
288	SSMFIELD_ENTRY( CPUMCTX, msrSFMASK),
289	SSMFIELD_ENTRY( CPUMCTX, msrKERNELGSBASE),
290	SSMFIELD_ENTRY( CPUMCTX, ldtr.Sel),
291	SSMFIELD_ENTRY( CPUMCTX, ldtr.ValidSel),
292	SSMFIELD_ENTRY( CPUMCTX, ldtr.fFlags),
293	SSMFIELD_ENTRY( CPUMCTX, ldtr.u64Base),
294	SSMFIELD_ENTRY( CPUMCTX, ldtr.u32Limit),
295	SSMFIELD_ENTRY( CPUMCTX, ldtr.Attr),
296	SSMFIELD_ENTRY( CPUMCTX, tr.Sel),
297	SSMFIELD_ENTRY( CPUMCTX, tr.ValidSel),
298	SSMFIELD_ENTRY( CPUMCTX, tr.fFlags),
299	SSMFIELD_ENTRY( CPUMCTX, tr.u64Base),
300	SSMFIELD_ENTRY( CPUMCTX, tr.u32Limit),
301	SSMFIELD_ENTRY( CPUMCTX, tr.Attr),
302	SSMFIELD_ENTRY_VER( CPUMCTX, aXcr[0], CPUM_SAVED_STATE_VERSION_XSAVE),
303	SSMFIELD_ENTRY_VER( CPUMCTX, aXcr[1], CPUM_SAVED_STATE_VERSION_XSAVE),
304	SSMFIELD_ENTRY_VER( CPUMCTX, fXStateMask, CPUM_SAVED_STATE_VERSION_XSAVE),
305	SSMFIELD_ENTRY_TERM()
306	};
307
308	/** Saved state field descriptors for SVM nested hardware-virtualization
309	* Host State. */
310	static const SSMFIELD g_aSvmHwvirtHostState[] =
311	{
312	SSMFIELD_ENTRY( SVMHOSTSTATE, uEferMsr),
313	SSMFIELD_ENTRY( SVMHOSTSTATE, uCr0),
314	SSMFIELD_ENTRY( SVMHOSTSTATE, uCr4),
315	SSMFIELD_ENTRY( SVMHOSTSTATE, uCr3),
316	SSMFIELD_ENTRY( SVMHOSTSTATE, uRip),
317	SSMFIELD_ENTRY( SVMHOSTSTATE, uRsp),
318	SSMFIELD_ENTRY( SVMHOSTSTATE, uRax),
319	SSMFIELD_ENTRY( SVMHOSTSTATE, rflags),
320	SSMFIELD_ENTRY( SVMHOSTSTATE, es.Sel),
321	SSMFIELD_ENTRY( SVMHOSTSTATE, es.ValidSel),
322	SSMFIELD_ENTRY( SVMHOSTSTATE, es.fFlags),
323	SSMFIELD_ENTRY( SVMHOSTSTATE, es.u64Base),
324	SSMFIELD_ENTRY( SVMHOSTSTATE, es.u32Limit),
325	SSMFIELD_ENTRY( SVMHOSTSTATE, es.Attr),
326	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.Sel),
327	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.ValidSel),
328	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.fFlags),
329	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.u64Base),
330	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.u32Limit),
331	SSMFIELD_ENTRY( SVMHOSTSTATE, cs.Attr),
332	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.Sel),
333	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.ValidSel),
334	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.fFlags),
335	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.u64Base),
336	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.u32Limit),
337	SSMFIELD_ENTRY( SVMHOSTSTATE, ss.Attr),
338	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.Sel),
339	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.ValidSel),
340	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.fFlags),
341	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.u64Base),
342	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.u32Limit),
343	SSMFIELD_ENTRY( SVMHOSTSTATE, ds.Attr),
344	SSMFIELD_ENTRY( SVMHOSTSTATE, gdtr.cbGdt),
345	SSMFIELD_ENTRY( SVMHOSTSTATE, gdtr.pGdt),
346	SSMFIELD_ENTRY( SVMHOSTSTATE, idtr.cbIdt),
347	SSMFIELD_ENTRY( SVMHOSTSTATE, idtr.pIdt),
348	SSMFIELD_ENTRY_IGNORE(SVMHOSTSTATE, abPadding),
349	SSMFIELD_ENTRY_TERM()
350	};
351
352	/** Saved state field descriptors for VMX nested hardware-virtualization
353	* VMCS. */
354	static const SSMFIELD g_aVmxHwvirtVmcs[] =
355	{
356	SSMFIELD_ENTRY( VMXVVMCS, u32VmcsRevId),
357	SSMFIELD_ENTRY( VMXVVMCS, enmVmxAbort),
358	SSMFIELD_ENTRY( VMXVVMCS, fVmcsState),
359	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au8Padding0),
360	SSMFIELD_ENTRY_VER( VMXVVMCS, u32RestoreProcCtls2, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_4),
361	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au32Reserved0),
362
363	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, u16Reserved0),
364
365	SSMFIELD_ENTRY( VMXVVMCS, u32RoVmInstrError),
366	SSMFIELD_ENTRY( VMXVVMCS, u32RoExitReason),
367	SSMFIELD_ENTRY( VMXVVMCS, u32RoExitIntInfo),
368	SSMFIELD_ENTRY( VMXVVMCS, u32RoExitIntErrCode),
369	SSMFIELD_ENTRY( VMXVVMCS, u32RoIdtVectoringInfo),
370	SSMFIELD_ENTRY( VMXVVMCS, u32RoIdtVectoringErrCode),
371	SSMFIELD_ENTRY( VMXVVMCS, u32RoExitInstrLen),
372	SSMFIELD_ENTRY( VMXVVMCS, u32RoExitInstrInfo),
373	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au32RoReserved2),
374
375	SSMFIELD_ENTRY( VMXVVMCS, u64RoGuestPhysAddr),
376	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved1),
377
378	SSMFIELD_ENTRY( VMXVVMCS, u64RoExitQual),
379	SSMFIELD_ENTRY( VMXVVMCS, u64RoIoRcx),
380	SSMFIELD_ENTRY( VMXVVMCS, u64RoIoRsi),
381	SSMFIELD_ENTRY( VMXVVMCS, u64RoIoRdi),
382	SSMFIELD_ENTRY( VMXVVMCS, u64RoIoRip),
383	SSMFIELD_ENTRY( VMXVVMCS, u64RoGuestLinearAddr),
384	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved5),
385
386	SSMFIELD_ENTRY( VMXVVMCS, u16Vpid),
387	SSMFIELD_ENTRY( VMXVVMCS, u16PostIntNotifyVector),
388	SSMFIELD_ENTRY( VMXVVMCS, u16EptpIndex),
389	SSMFIELD_ENTRY_VER( VMXVVMCS, u16HlatPrefixSize, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3),
390	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au16Reserved0),
391
392	SSMFIELD_ENTRY( VMXVVMCS, u32PinCtls),
393	SSMFIELD_ENTRY( VMXVVMCS, u32ProcCtls),
394	SSMFIELD_ENTRY( VMXVVMCS, u32XcptBitmap),
395	SSMFIELD_ENTRY( VMXVVMCS, u32XcptPFMask),
396	SSMFIELD_ENTRY( VMXVVMCS, u32XcptPFMatch),
397	SSMFIELD_ENTRY( VMXVVMCS, u32Cr3TargetCount),
398	SSMFIELD_ENTRY( VMXVVMCS, u32ExitCtls),
399	SSMFIELD_ENTRY( VMXVVMCS, u32ExitMsrStoreCount),
400	SSMFIELD_ENTRY( VMXVVMCS, u32ExitMsrLoadCount),
401	SSMFIELD_ENTRY( VMXVVMCS, u32EntryCtls),
402	SSMFIELD_ENTRY( VMXVVMCS, u32EntryMsrLoadCount),
403	SSMFIELD_ENTRY( VMXVVMCS, u32EntryIntInfo),
404	SSMFIELD_ENTRY( VMXVVMCS, u32EntryXcptErrCode),
405	SSMFIELD_ENTRY( VMXVVMCS, u32EntryInstrLen),
406	SSMFIELD_ENTRY( VMXVVMCS, u32TprThreshold),
407	SSMFIELD_ENTRY( VMXVVMCS, u32ProcCtls2),
408	SSMFIELD_ENTRY( VMXVVMCS, u32PleGap),
409	SSMFIELD_ENTRY( VMXVVMCS, u32PleWindow),
410	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au32Reserved1),
411
412	SSMFIELD_ENTRY( VMXVVMCS, u64AddrIoBitmapA),
413	SSMFIELD_ENTRY( VMXVVMCS, u64AddrIoBitmapB),
414	SSMFIELD_ENTRY( VMXVVMCS, u64AddrMsrBitmap),
415	SSMFIELD_ENTRY( VMXVVMCS, u64AddrExitMsrStore),
416	SSMFIELD_ENTRY( VMXVVMCS, u64AddrExitMsrLoad),
417	SSMFIELD_ENTRY( VMXVVMCS, u64AddrEntryMsrLoad),
418	SSMFIELD_ENTRY( VMXVVMCS, u64ExecVmcsPtr),
419	SSMFIELD_ENTRY( VMXVVMCS, u64AddrPml),
420	SSMFIELD_ENTRY( VMXVVMCS, u64TscOffset),
421	SSMFIELD_ENTRY( VMXVVMCS, u64AddrVirtApic),
422	SSMFIELD_ENTRY( VMXVVMCS, u64AddrApicAccess),
423	SSMFIELD_ENTRY( VMXVVMCS, u64AddrPostedIntDesc),
424	SSMFIELD_ENTRY( VMXVVMCS, u64VmFuncCtls),
425	SSMFIELD_ENTRY( VMXVVMCS, u64EptPtr),
426	SSMFIELD_ENTRY( VMXVVMCS, u64EoiExitBitmap0),
427	SSMFIELD_ENTRY( VMXVVMCS, u64EoiExitBitmap1),
428	SSMFIELD_ENTRY( VMXVVMCS, u64EoiExitBitmap2),
429	SSMFIELD_ENTRY( VMXVVMCS, u64EoiExitBitmap3),
430	SSMFIELD_ENTRY( VMXVVMCS, u64AddrEptpList),
431	SSMFIELD_ENTRY( VMXVVMCS, u64AddrVmreadBitmap),
432	SSMFIELD_ENTRY( VMXVVMCS, u64AddrVmwriteBitmap),
433	SSMFIELD_ENTRY( VMXVVMCS, u64AddrXcptVeInfo),
434	SSMFIELD_ENTRY( VMXVVMCS, u64XssExitBitmap),
435	SSMFIELD_ENTRY( VMXVVMCS, u64EnclsExitBitmap),
436	SSMFIELD_ENTRY( VMXVVMCS, u64SppTablePtr),
437	SSMFIELD_ENTRY( VMXVVMCS, u64TscMultiplier),
438	SSMFIELD_ENTRY_VER( VMXVVMCS, u64ProcCtls3, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
439	SSMFIELD_ENTRY_VER( VMXVVMCS, u64EnclvExitBitmap, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
440	SSMFIELD_ENTRY_VER( VMXVVMCS, u64PconfigExitBitmap, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3),
441	SSMFIELD_ENTRY_VER( VMXVVMCS, u64HlatPtr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3),
442	SSMFIELD_ENTRY_VER( VMXVVMCS, u64ExitCtls2, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3),
443	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved0),
444
445	SSMFIELD_ENTRY( VMXVVMCS, u64Cr0Mask),
446	SSMFIELD_ENTRY( VMXVVMCS, u64Cr4Mask),
447	SSMFIELD_ENTRY( VMXVVMCS, u64Cr0ReadShadow),
448	SSMFIELD_ENTRY( VMXVVMCS, u64Cr4ReadShadow),
449	SSMFIELD_ENTRY( VMXVVMCS, u64Cr3Target0),
450	SSMFIELD_ENTRY( VMXVVMCS, u64Cr3Target1),
451	SSMFIELD_ENTRY( VMXVVMCS, u64Cr3Target2),
452	SSMFIELD_ENTRY( VMXVVMCS, u64Cr3Target3),
453	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved4),
454
455	SSMFIELD_ENTRY( VMXVVMCS, HostEs),
456	SSMFIELD_ENTRY( VMXVVMCS, HostCs),
457	SSMFIELD_ENTRY( VMXVVMCS, HostSs),
458	SSMFIELD_ENTRY( VMXVVMCS, HostDs),
459	SSMFIELD_ENTRY( VMXVVMCS, HostFs),
460	SSMFIELD_ENTRY( VMXVVMCS, HostGs),
461	SSMFIELD_ENTRY( VMXVVMCS, HostTr),
462	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au16Reserved2),
463
464	SSMFIELD_ENTRY( VMXVVMCS, u32HostSysenterCs),
465	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au32Reserved4),
466
467	SSMFIELD_ENTRY( VMXVVMCS, u64HostPatMsr),
468	SSMFIELD_ENTRY( VMXVVMCS, u64HostEferMsr),
469	SSMFIELD_ENTRY( VMXVVMCS, u64HostPerfGlobalCtlMsr),
470	SSMFIELD_ENTRY_VER( VMXVVMCS, u64HostPkrsMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
471	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved3),
472
473	SSMFIELD_ENTRY( VMXVVMCS, u64HostCr0),
474	SSMFIELD_ENTRY( VMXVVMCS, u64HostCr3),
475	SSMFIELD_ENTRY( VMXVVMCS, u64HostCr4),
476	SSMFIELD_ENTRY( VMXVVMCS, u64HostFsBase),
477	SSMFIELD_ENTRY( VMXVVMCS, u64HostGsBase),
478	SSMFIELD_ENTRY( VMXVVMCS, u64HostTrBase),
479	SSMFIELD_ENTRY( VMXVVMCS, u64HostGdtrBase),
480	SSMFIELD_ENTRY( VMXVVMCS, u64HostIdtrBase),
481	SSMFIELD_ENTRY( VMXVVMCS, u64HostSysenterEsp),
482	SSMFIELD_ENTRY( VMXVVMCS, u64HostSysenterEip),
483	SSMFIELD_ENTRY( VMXVVMCS, u64HostRsp),
484	SSMFIELD_ENTRY( VMXVVMCS, u64HostRip),
485	SSMFIELD_ENTRY_VER( VMXVVMCS, u64HostSCetMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
486	SSMFIELD_ENTRY_VER( VMXVVMCS, u64HostSsp, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
487	SSMFIELD_ENTRY_VER( VMXVVMCS, u64HostIntrSspTableAddrMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
488	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved7),
489
490	SSMFIELD_ENTRY( VMXVVMCS, GuestEs),
491	SSMFIELD_ENTRY( VMXVVMCS, GuestCs),
492	SSMFIELD_ENTRY( VMXVVMCS, GuestSs),
493	SSMFIELD_ENTRY( VMXVVMCS, GuestDs),
494	SSMFIELD_ENTRY( VMXVVMCS, GuestFs),
495	SSMFIELD_ENTRY( VMXVVMCS, GuestGs),
496	SSMFIELD_ENTRY( VMXVVMCS, GuestLdtr),
497	SSMFIELD_ENTRY( VMXVVMCS, GuestTr),
498	SSMFIELD_ENTRY( VMXVVMCS, u16GuestIntStatus),
499	SSMFIELD_ENTRY( VMXVVMCS, u16PmlIndex),
500	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au16Reserved1),
501
502	SSMFIELD_ENTRY( VMXVVMCS, u32GuestEsLimit),
503	SSMFIELD_ENTRY( VMXVVMCS, u32GuestCsLimit),
504	SSMFIELD_ENTRY( VMXVVMCS, u32GuestSsLimit),
505	SSMFIELD_ENTRY( VMXVVMCS, u32GuestDsLimit),
506	SSMFIELD_ENTRY( VMXVVMCS, u32GuestFsLimit),
507	SSMFIELD_ENTRY( VMXVVMCS, u32GuestGsLimit),
508	SSMFIELD_ENTRY( VMXVVMCS, u32GuestLdtrLimit),
509	SSMFIELD_ENTRY( VMXVVMCS, u32GuestTrLimit),
510	SSMFIELD_ENTRY( VMXVVMCS, u32GuestGdtrLimit),
511	SSMFIELD_ENTRY( VMXVVMCS, u32GuestIdtrLimit),
512	SSMFIELD_ENTRY( VMXVVMCS, u32GuestEsAttr),
513	SSMFIELD_ENTRY( VMXVVMCS, u32GuestCsAttr),
514	SSMFIELD_ENTRY( VMXVVMCS, u32GuestSsAttr),
515	SSMFIELD_ENTRY( VMXVVMCS, u32GuestDsAttr),
516	SSMFIELD_ENTRY( VMXVVMCS, u32GuestFsAttr),
517	SSMFIELD_ENTRY( VMXVVMCS, u32GuestGsAttr),
518	SSMFIELD_ENTRY( VMXVVMCS, u32GuestLdtrAttr),
519	SSMFIELD_ENTRY( VMXVVMCS, u32GuestTrAttr),
520	SSMFIELD_ENTRY( VMXVVMCS, u32GuestIntrState),
521	SSMFIELD_ENTRY( VMXVVMCS, u32GuestActivityState),
522	SSMFIELD_ENTRY( VMXVVMCS, u32GuestSmBase),
523	SSMFIELD_ENTRY( VMXVVMCS, u32GuestSysenterCS),
524	SSMFIELD_ENTRY( VMXVVMCS, u32PreemptTimer),
525	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au32Reserved3),
526
527	SSMFIELD_ENTRY( VMXVVMCS, u64VmcsLinkPtr),
528	SSMFIELD_ENTRY( VMXVVMCS, u64GuestDebugCtlMsr),
529	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPatMsr),
530	SSMFIELD_ENTRY( VMXVVMCS, u64GuestEferMsr),
531	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPerfGlobalCtlMsr),
532	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPdpte0),
533	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPdpte1),
534	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPdpte2),
535	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPdpte3),
536	SSMFIELD_ENTRY( VMXVVMCS, u64GuestBndcfgsMsr),
537	SSMFIELD_ENTRY( VMXVVMCS, u64GuestRtitCtlMsr),
538	SSMFIELD_ENTRY_VER( VMXVVMCS, u64GuestPkrsMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
539	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved2),
540
541	SSMFIELD_ENTRY( VMXVVMCS, u64GuestCr0),
542	SSMFIELD_ENTRY( VMXVVMCS, u64GuestCr3),
543	SSMFIELD_ENTRY( VMXVVMCS, u64GuestCr4),
544	SSMFIELD_ENTRY( VMXVVMCS, u64GuestEsBase),
545	SSMFIELD_ENTRY( VMXVVMCS, u64GuestCsBase),
546	SSMFIELD_ENTRY( VMXVVMCS, u64GuestSsBase),
547	SSMFIELD_ENTRY( VMXVVMCS, u64GuestDsBase),
548	SSMFIELD_ENTRY( VMXVVMCS, u64GuestFsBase),
549	SSMFIELD_ENTRY( VMXVVMCS, u64GuestGsBase),
550	SSMFIELD_ENTRY( VMXVVMCS, u64GuestLdtrBase),
551	SSMFIELD_ENTRY( VMXVVMCS, u64GuestTrBase),
552	SSMFIELD_ENTRY( VMXVVMCS, u64GuestGdtrBase),
553	SSMFIELD_ENTRY( VMXVVMCS, u64GuestIdtrBase),
554	SSMFIELD_ENTRY( VMXVVMCS, u64GuestDr7),
555	SSMFIELD_ENTRY( VMXVVMCS, u64GuestRsp),
556	SSMFIELD_ENTRY( VMXVVMCS, u64GuestRip),
557	SSMFIELD_ENTRY( VMXVVMCS, u64GuestRFlags),
558	SSMFIELD_ENTRY( VMXVVMCS, u64GuestPendingDbgXcpts),
559	SSMFIELD_ENTRY( VMXVVMCS, u64GuestSysenterEsp),
560	SSMFIELD_ENTRY( VMXVVMCS, u64GuestSysenterEip),
561	SSMFIELD_ENTRY_VER( VMXVVMCS, u64GuestSCetMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
562	SSMFIELD_ENTRY_VER( VMXVVMCS, u64GuestSsp, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
563	SSMFIELD_ENTRY_VER( VMXVVMCS, u64GuestIntrSspTableAddrMsr, CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2),
564	SSMFIELD_ENTRY_IGNORE(VMXVVMCS, au64Reserved6),
565
566	SSMFIELD_ENTRY_TERM()
567	};
568
569	/** Saved state field descriptors for CPUMCTX. */
570	static const SSMFIELD g_aCpumX87Fields[] =
571	{
572	SSMFIELD_ENTRY( X86FXSTATE, FCW),
573	SSMFIELD_ENTRY( X86FXSTATE, FSW),
574	SSMFIELD_ENTRY( X86FXSTATE, FTW),
575	SSMFIELD_ENTRY( X86FXSTATE, FOP),
576	SSMFIELD_ENTRY( X86FXSTATE, FPUIP),
577	SSMFIELD_ENTRY( X86FXSTATE, CS),
578	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd1),
579	SSMFIELD_ENTRY( X86FXSTATE, FPUDP),
580	SSMFIELD_ENTRY( X86FXSTATE, DS),
581	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd2),
582	SSMFIELD_ENTRY( X86FXSTATE, MXCSR),
583	SSMFIELD_ENTRY( X86FXSTATE, MXCSR_MASK),
584	SSMFIELD_ENTRY( X86FXSTATE, aRegs[0]),
585	SSMFIELD_ENTRY( X86FXSTATE, aRegs[1]),
586	SSMFIELD_ENTRY( X86FXSTATE, aRegs[2]),
587	SSMFIELD_ENTRY( X86FXSTATE, aRegs[3]),
588	SSMFIELD_ENTRY( X86FXSTATE, aRegs[4]),
589	SSMFIELD_ENTRY( X86FXSTATE, aRegs[5]),
590	SSMFIELD_ENTRY( X86FXSTATE, aRegs[6]),
591	SSMFIELD_ENTRY( X86FXSTATE, aRegs[7]),
592	SSMFIELD_ENTRY( X86FXSTATE, aXMM[0]),
593	SSMFIELD_ENTRY( X86FXSTATE, aXMM[1]),
594	SSMFIELD_ENTRY( X86FXSTATE, aXMM[2]),
595	SSMFIELD_ENTRY( X86FXSTATE, aXMM[3]),
596	SSMFIELD_ENTRY( X86FXSTATE, aXMM[4]),
597	SSMFIELD_ENTRY( X86FXSTATE, aXMM[5]),
598	SSMFIELD_ENTRY( X86FXSTATE, aXMM[6]),
599	SSMFIELD_ENTRY( X86FXSTATE, aXMM[7]),
600	SSMFIELD_ENTRY( X86FXSTATE, aXMM[8]),
601	SSMFIELD_ENTRY( X86FXSTATE, aXMM[9]),
602	SSMFIELD_ENTRY( X86FXSTATE, aXMM[10]),
603	SSMFIELD_ENTRY( X86FXSTATE, aXMM[11]),
604	SSMFIELD_ENTRY( X86FXSTATE, aXMM[12]),
605	SSMFIELD_ENTRY( X86FXSTATE, aXMM[13]),
606	SSMFIELD_ENTRY( X86FXSTATE, aXMM[14]),
607	SSMFIELD_ENTRY( X86FXSTATE, aXMM[15]),
608	SSMFIELD_ENTRY_VER( X86FXSTATE, au32RsrvdForSoftware[0], CPUM_SAVED_STATE_VERSION_XSAVE), /* 32-bit/64-bit hack */
609	SSMFIELD_ENTRY_TERM()
610	};
611
612	/** Saved state field descriptors for X86XSAVEHDR. */
613	static const SSMFIELD g_aCpumXSaveHdrFields[] =
614	{
615	SSMFIELD_ENTRY( X86XSAVEHDR, bmXState),
616	SSMFIELD_ENTRY_TERM()
617	};
618
619	/** Saved state field descriptors for X86XSAVEYMMHI. */
620	static const SSMFIELD g_aCpumYmmHiFields[] =
621	{
622	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[0]),
623	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[1]),
624	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[2]),
625	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[3]),
626	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[4]),
627	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[5]),
628	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[6]),
629	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[7]),
630	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[8]),
631	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[9]),
632	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[10]),
633	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[11]),
634	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[12]),
635	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[13]),
636	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[14]),
637	SSMFIELD_ENTRY( X86XSAVEYMMHI, aYmmHi[15]),
638	SSMFIELD_ENTRY_TERM()
639	};
640
641	/** Saved state field descriptors for X86XSAVEBNDREGS. */
642	static const SSMFIELD g_aCpumBndRegsFields[] =
643	{
644	SSMFIELD_ENTRY( X86XSAVEBNDREGS, aRegs[0]),
645	SSMFIELD_ENTRY( X86XSAVEBNDREGS, aRegs[1]),
646	SSMFIELD_ENTRY( X86XSAVEBNDREGS, aRegs[2]),
647	SSMFIELD_ENTRY( X86XSAVEBNDREGS, aRegs[3]),
648	SSMFIELD_ENTRY_TERM()
649	};
650
651	/** Saved state field descriptors for X86XSAVEBNDCFG. */
652	static const SSMFIELD g_aCpumBndCfgFields[] =
653	{
654	SSMFIELD_ENTRY( X86XSAVEBNDCFG, fConfig),
655	SSMFIELD_ENTRY( X86XSAVEBNDCFG, fStatus),
656	SSMFIELD_ENTRY_TERM()
657	};
658
659	#if 0 /** @todo */
660	/** Saved state field descriptors for X86XSAVEOPMASK. */
661	static const SSMFIELD g_aCpumOpmaskFields[] =
662	{
663	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[0]),
664	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[1]),
665	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[2]),
666	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[3]),
667	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[4]),
668	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[5]),
669	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[6]),
670	SSMFIELD_ENTRY( X86XSAVEOPMASK, aKRegs[7]),
671	SSMFIELD_ENTRY_TERM()
672	};
673	#endif
674
675	/** Saved state field descriptors for X86XSAVEZMMHI256. */
676	static const SSMFIELD g_aCpumZmmHi256Fields[] =
677	{
678	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[0]),
679	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[1]),
680	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[2]),
681	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[3]),
682	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[4]),
683	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[5]),
684	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[6]),
685	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[7]),
686	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[8]),
687	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[9]),
688	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[10]),
689	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[11]),
690	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[12]),
691	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[13]),
692	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[14]),
693	SSMFIELD_ENTRY( X86XSAVEZMMHI256, aHi256Regs[15]),
694	SSMFIELD_ENTRY_TERM()
695	};
696
697	/** Saved state field descriptors for X86XSAVEZMM16HI. */
698	static const SSMFIELD g_aCpumZmm16HiFields[] =
699	{
700	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[0]),
701	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[1]),
702	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[2]),
703	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[3]),
704	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[4]),
705	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[5]),
706	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[6]),
707	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[7]),
708	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[8]),
709	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[9]),
710	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[10]),
711	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[11]),
712	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[12]),
713	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[13]),
714	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[14]),
715	SSMFIELD_ENTRY( X86XSAVEZMM16HI, aRegs[15]),
716	SSMFIELD_ENTRY_TERM()
717	};
718
719
720
721	/** Saved state field descriptors for CPUMCTX in V4.1 before the hidden selector
722	* registeres changed. */
723	static const SSMFIELD g_aCpumX87FieldsMem[] =
724	{
725	SSMFIELD_ENTRY( X86FXSTATE, FCW),
726	SSMFIELD_ENTRY( X86FXSTATE, FSW),
727	SSMFIELD_ENTRY( X86FXSTATE, FTW),
728	SSMFIELD_ENTRY( X86FXSTATE, FOP),
729	SSMFIELD_ENTRY( X86FXSTATE, FPUIP),
730	SSMFIELD_ENTRY( X86FXSTATE, CS),
731	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd1),
732	SSMFIELD_ENTRY( X86FXSTATE, FPUDP),
733	SSMFIELD_ENTRY( X86FXSTATE, DS),
734	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd2),
735	SSMFIELD_ENTRY( X86FXSTATE, MXCSR),
736	SSMFIELD_ENTRY( X86FXSTATE, MXCSR_MASK),
737	SSMFIELD_ENTRY( X86FXSTATE, aRegs[0]),
738	SSMFIELD_ENTRY( X86FXSTATE, aRegs[1]),
739	SSMFIELD_ENTRY( X86FXSTATE, aRegs[2]),
740	SSMFIELD_ENTRY( X86FXSTATE, aRegs[3]),
741	SSMFIELD_ENTRY( X86FXSTATE, aRegs[4]),
742	SSMFIELD_ENTRY( X86FXSTATE, aRegs[5]),
743	SSMFIELD_ENTRY( X86FXSTATE, aRegs[6]),
744	SSMFIELD_ENTRY( X86FXSTATE, aRegs[7]),
745	SSMFIELD_ENTRY( X86FXSTATE, aXMM[0]),
746	SSMFIELD_ENTRY( X86FXSTATE, aXMM[1]),
747	SSMFIELD_ENTRY( X86FXSTATE, aXMM[2]),
748	SSMFIELD_ENTRY( X86FXSTATE, aXMM[3]),
749	SSMFIELD_ENTRY( X86FXSTATE, aXMM[4]),
750	SSMFIELD_ENTRY( X86FXSTATE, aXMM[5]),
751	SSMFIELD_ENTRY( X86FXSTATE, aXMM[6]),
752	SSMFIELD_ENTRY( X86FXSTATE, aXMM[7]),
753	SSMFIELD_ENTRY( X86FXSTATE, aXMM[8]),
754	SSMFIELD_ENTRY( X86FXSTATE, aXMM[9]),
755	SSMFIELD_ENTRY( X86FXSTATE, aXMM[10]),
756	SSMFIELD_ENTRY( X86FXSTATE, aXMM[11]),
757	SSMFIELD_ENTRY( X86FXSTATE, aXMM[12]),
758	SSMFIELD_ENTRY( X86FXSTATE, aXMM[13]),
759	SSMFIELD_ENTRY( X86FXSTATE, aXMM[14]),
760	SSMFIELD_ENTRY( X86FXSTATE, aXMM[15]),
761	SSMFIELD_ENTRY_IGNORE( X86FXSTATE, au32RsrvdRest),
762	SSMFIELD_ENTRY_IGNORE( X86FXSTATE, au32RsrvdForSoftware),
763	};
764
765	/** Saved state field descriptors for CPUMCTX in V4.1 before the hidden selector
766	* registeres changed. */
767	static const SSMFIELD g_aCpumCtxFieldsMem[] =
768	{
769	SSMFIELD_ENTRY( CPUMCTX, rdi),
770	SSMFIELD_ENTRY( CPUMCTX, rsi),
771	SSMFIELD_ENTRY( CPUMCTX, rbp),
772	SSMFIELD_ENTRY( CPUMCTX, rax),
773	SSMFIELD_ENTRY( CPUMCTX, rbx),
774	SSMFIELD_ENTRY( CPUMCTX, rdx),
775	SSMFIELD_ENTRY( CPUMCTX, rcx),
776	SSMFIELD_ENTRY( CPUMCTX, rsp),
777	SSMFIELD_ENTRY_OLD( lss_esp, sizeof(uint32_t)),
778	SSMFIELD_ENTRY( CPUMCTX, ss.Sel),
779	SSMFIELD_ENTRY_OLD( ssPadding, sizeof(uint16_t)),
780	SSMFIELD_ENTRY( CPUMCTX, gs.Sel),
781	SSMFIELD_ENTRY_OLD( gsPadding, sizeof(uint16_t)),
782	SSMFIELD_ENTRY( CPUMCTX, fs.Sel),
783	SSMFIELD_ENTRY_OLD( fsPadding, sizeof(uint16_t)),
784	SSMFIELD_ENTRY( CPUMCTX, es.Sel),
785	SSMFIELD_ENTRY_OLD( esPadding, sizeof(uint16_t)),
786	SSMFIELD_ENTRY( CPUMCTX, ds.Sel),
787	SSMFIELD_ENTRY_OLD( dsPadding, sizeof(uint16_t)),
788	SSMFIELD_ENTRY( CPUMCTX, cs.Sel),
789	SSMFIELD_ENTRY_OLD( csPadding, sizeof(uint16_t)*3),
790	SSMFIELD_ENTRY( CPUMCTX, rflags),
791	SSMFIELD_ENTRY( CPUMCTX, rip),
792	SSMFIELD_ENTRY( CPUMCTX, r8),
793	SSMFIELD_ENTRY( CPUMCTX, r9),
794	SSMFIELD_ENTRY( CPUMCTX, r10),
795	SSMFIELD_ENTRY( CPUMCTX, r11),
796	SSMFIELD_ENTRY( CPUMCTX, r12),
797	SSMFIELD_ENTRY( CPUMCTX, r13),
798	SSMFIELD_ENTRY( CPUMCTX, r14),
799	SSMFIELD_ENTRY( CPUMCTX, r15),
800	SSMFIELD_ENTRY( CPUMCTX, es.u64Base),
801	SSMFIELD_ENTRY( CPUMCTX, es.u32Limit),
802	SSMFIELD_ENTRY( CPUMCTX, es.Attr),
803	SSMFIELD_ENTRY( CPUMCTX, cs.u64Base),
804	SSMFIELD_ENTRY( CPUMCTX, cs.u32Limit),
805	SSMFIELD_ENTRY( CPUMCTX, cs.Attr),
806	SSMFIELD_ENTRY( CPUMCTX, ss.u64Base),
807	SSMFIELD_ENTRY( CPUMCTX, ss.u32Limit),
808	SSMFIELD_ENTRY( CPUMCTX, ss.Attr),
809	SSMFIELD_ENTRY( CPUMCTX, ds.u64Base),
810	SSMFIELD_ENTRY( CPUMCTX, ds.u32Limit),
811	SSMFIELD_ENTRY( CPUMCTX, ds.Attr),
812	SSMFIELD_ENTRY( CPUMCTX, fs.u64Base),
813	SSMFIELD_ENTRY( CPUMCTX, fs.u32Limit),
814	SSMFIELD_ENTRY( CPUMCTX, fs.Attr),
815	SSMFIELD_ENTRY( CPUMCTX, gs.u64Base),
816	SSMFIELD_ENTRY( CPUMCTX, gs.u32Limit),
817	SSMFIELD_ENTRY( CPUMCTX, gs.Attr),
818	SSMFIELD_ENTRY( CPUMCTX, cr0),
819	SSMFIELD_ENTRY( CPUMCTX, cr2),
820	SSMFIELD_ENTRY( CPUMCTX, cr3),
821	SSMFIELD_ENTRY( CPUMCTX, cr4),
822	SSMFIELD_ENTRY( CPUMCTX, dr[0]),
823	SSMFIELD_ENTRY( CPUMCTX, dr[1]),
824	SSMFIELD_ENTRY( CPUMCTX, dr[2]),
825	SSMFIELD_ENTRY( CPUMCTX, dr[3]),
826	SSMFIELD_ENTRY_OLD( dr[4], sizeof(uint64_t)),
827	SSMFIELD_ENTRY_OLD( dr[5], sizeof(uint64_t)),
828	SSMFIELD_ENTRY( CPUMCTX, dr[6]),
829	SSMFIELD_ENTRY( CPUMCTX, dr[7]),
830	SSMFIELD_ENTRY( CPUMCTX, gdtr.cbGdt),
831	SSMFIELD_ENTRY( CPUMCTX, gdtr.pGdt),
832	SSMFIELD_ENTRY_OLD( gdtrPadding, sizeof(uint16_t)),
833	SSMFIELD_ENTRY( CPUMCTX, idtr.cbIdt),
834	SSMFIELD_ENTRY( CPUMCTX, idtr.pIdt),
835	SSMFIELD_ENTRY_OLD( idtrPadding, sizeof(uint16_t)),
836	SSMFIELD_ENTRY( CPUMCTX, ldtr.Sel),
837	SSMFIELD_ENTRY_OLD( ldtrPadding, sizeof(uint16_t)),
838	SSMFIELD_ENTRY( CPUMCTX, tr.Sel),
839	SSMFIELD_ENTRY_OLD( trPadding, sizeof(uint16_t)),
840	SSMFIELD_ENTRY( CPUMCTX, SysEnter.cs),
841	SSMFIELD_ENTRY( CPUMCTX, SysEnter.eip),
842	SSMFIELD_ENTRY( CPUMCTX, SysEnter.esp),
843	SSMFIELD_ENTRY( CPUMCTX, msrEFER),
844	SSMFIELD_ENTRY( CPUMCTX, msrSTAR),
845	SSMFIELD_ENTRY( CPUMCTX, msrPAT),
846	SSMFIELD_ENTRY( CPUMCTX, msrLSTAR),
847	SSMFIELD_ENTRY( CPUMCTX, msrCSTAR),
848	SSMFIELD_ENTRY( CPUMCTX, msrSFMASK),
849	SSMFIELD_ENTRY( CPUMCTX, msrKERNELGSBASE),
850	SSMFIELD_ENTRY( CPUMCTX, ldtr.u64Base),
851	SSMFIELD_ENTRY( CPUMCTX, ldtr.u32Limit),
852	SSMFIELD_ENTRY( CPUMCTX, ldtr.Attr),
853	SSMFIELD_ENTRY( CPUMCTX, tr.u64Base),
854	SSMFIELD_ENTRY( CPUMCTX, tr.u32Limit),
855	SSMFIELD_ENTRY( CPUMCTX, tr.Attr),
856	SSMFIELD_ENTRY_TERM()
857	};
858
859	/** Saved state field descriptors for CPUMCTX_VER1_6. */
860	static const SSMFIELD g_aCpumX87FieldsV16[] =
861	{
862	SSMFIELD_ENTRY( X86FXSTATE, FCW),
863	SSMFIELD_ENTRY( X86FXSTATE, FSW),
864	SSMFIELD_ENTRY( X86FXSTATE, FTW),
865	SSMFIELD_ENTRY( X86FXSTATE, FOP),
866	SSMFIELD_ENTRY( X86FXSTATE, FPUIP),
867	SSMFIELD_ENTRY( X86FXSTATE, CS),
868	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd1),
869	SSMFIELD_ENTRY( X86FXSTATE, FPUDP),
870	SSMFIELD_ENTRY( X86FXSTATE, DS),
871	SSMFIELD_ENTRY( X86FXSTATE, Rsrvd2),
872	SSMFIELD_ENTRY( X86FXSTATE, MXCSR),
873	SSMFIELD_ENTRY( X86FXSTATE, MXCSR_MASK),
874	SSMFIELD_ENTRY( X86FXSTATE, aRegs[0]),
875	SSMFIELD_ENTRY( X86FXSTATE, aRegs[1]),
876	SSMFIELD_ENTRY( X86FXSTATE, aRegs[2]),
877	SSMFIELD_ENTRY( X86FXSTATE, aRegs[3]),
878	SSMFIELD_ENTRY( X86FXSTATE, aRegs[4]),
879	SSMFIELD_ENTRY( X86FXSTATE, aRegs[5]),
880	SSMFIELD_ENTRY( X86FXSTATE, aRegs[6]),
881	SSMFIELD_ENTRY( X86FXSTATE, aRegs[7]),
882	SSMFIELD_ENTRY( X86FXSTATE, aXMM[0]),
883	SSMFIELD_ENTRY( X86FXSTATE, aXMM[1]),
884	SSMFIELD_ENTRY( X86FXSTATE, aXMM[2]),
885	SSMFIELD_ENTRY( X86FXSTATE, aXMM[3]),
886	SSMFIELD_ENTRY( X86FXSTATE, aXMM[4]),
887	SSMFIELD_ENTRY( X86FXSTATE, aXMM[5]),
888	SSMFIELD_ENTRY( X86FXSTATE, aXMM[6]),
889	SSMFIELD_ENTRY( X86FXSTATE, aXMM[7]),
890	SSMFIELD_ENTRY( X86FXSTATE, aXMM[8]),
891	SSMFIELD_ENTRY( X86FXSTATE, aXMM[9]),
892	SSMFIELD_ENTRY( X86FXSTATE, aXMM[10]),
893	SSMFIELD_ENTRY( X86FXSTATE, aXMM[11]),
894	SSMFIELD_ENTRY( X86FXSTATE, aXMM[12]),
895	SSMFIELD_ENTRY( X86FXSTATE, aXMM[13]),
896	SSMFIELD_ENTRY( X86FXSTATE, aXMM[14]),
897	SSMFIELD_ENTRY( X86FXSTATE, aXMM[15]),
898	SSMFIELD_ENTRY_IGNORE( X86FXSTATE, au32RsrvdRest),
899	SSMFIELD_ENTRY_IGNORE( X86FXSTATE, au32RsrvdForSoftware),
900	SSMFIELD_ENTRY_TERM()
901	};
902
903	/** Saved state field descriptors for CPUMCTX_VER1_6. */
904	static const SSMFIELD g_aCpumCtxFieldsV16[] =
905	{
906	SSMFIELD_ENTRY( CPUMCTX, rdi),
907	SSMFIELD_ENTRY( CPUMCTX, rsi),
908	SSMFIELD_ENTRY( CPUMCTX, rbp),
909	SSMFIELD_ENTRY( CPUMCTX, rax),
910	SSMFIELD_ENTRY( CPUMCTX, rbx),
911	SSMFIELD_ENTRY( CPUMCTX, rdx),
912	SSMFIELD_ENTRY( CPUMCTX, rcx),
913	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, rsp),
914	SSMFIELD_ENTRY( CPUMCTX, ss.Sel),
915	SSMFIELD_ENTRY_OLD( ssPadding, sizeof(uint16_t)),
916	SSMFIELD_ENTRY_OLD( CPUMCTX, sizeof(uint64_t) /rsp_notused/),
917	SSMFIELD_ENTRY( CPUMCTX, gs.Sel),
918	SSMFIELD_ENTRY_OLD( gsPadding, sizeof(uint16_t)),
919	SSMFIELD_ENTRY( CPUMCTX, fs.Sel),
920	SSMFIELD_ENTRY_OLD( fsPadding, sizeof(uint16_t)),
921	SSMFIELD_ENTRY( CPUMCTX, es.Sel),
922	SSMFIELD_ENTRY_OLD( esPadding, sizeof(uint16_t)),
923	SSMFIELD_ENTRY( CPUMCTX, ds.Sel),
924	SSMFIELD_ENTRY_OLD( dsPadding, sizeof(uint16_t)),
925	SSMFIELD_ENTRY( CPUMCTX, cs.Sel),
926	SSMFIELD_ENTRY_OLD( csPadding, sizeof(uint16_t)*3),
927	SSMFIELD_ENTRY( CPUMCTX, rflags),
928	SSMFIELD_ENTRY( CPUMCTX, rip),
929	SSMFIELD_ENTRY( CPUMCTX, r8),
930	SSMFIELD_ENTRY( CPUMCTX, r9),
931	SSMFIELD_ENTRY( CPUMCTX, r10),
932	SSMFIELD_ENTRY( CPUMCTX, r11),
933	SSMFIELD_ENTRY( CPUMCTX, r12),
934	SSMFIELD_ENTRY( CPUMCTX, r13),
935	SSMFIELD_ENTRY( CPUMCTX, r14),
936	SSMFIELD_ENTRY( CPUMCTX, r15),
937	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, es.u64Base),
938	SSMFIELD_ENTRY( CPUMCTX, es.u32Limit),
939	SSMFIELD_ENTRY( CPUMCTX, es.Attr),
940	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, cs.u64Base),
941	SSMFIELD_ENTRY( CPUMCTX, cs.u32Limit),
942	SSMFIELD_ENTRY( CPUMCTX, cs.Attr),
943	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, ss.u64Base),
944	SSMFIELD_ENTRY( CPUMCTX, ss.u32Limit),
945	SSMFIELD_ENTRY( CPUMCTX, ss.Attr),
946	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, ds.u64Base),
947	SSMFIELD_ENTRY( CPUMCTX, ds.u32Limit),
948	SSMFIELD_ENTRY( CPUMCTX, ds.Attr),
949	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, fs.u64Base),
950	SSMFIELD_ENTRY( CPUMCTX, fs.u32Limit),
951	SSMFIELD_ENTRY( CPUMCTX, fs.Attr),
952	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, gs.u64Base),
953	SSMFIELD_ENTRY( CPUMCTX, gs.u32Limit),
954	SSMFIELD_ENTRY( CPUMCTX, gs.Attr),
955	SSMFIELD_ENTRY( CPUMCTX, cr0),
956	SSMFIELD_ENTRY( CPUMCTX, cr2),
957	SSMFIELD_ENTRY( CPUMCTX, cr3),
958	SSMFIELD_ENTRY( CPUMCTX, cr4),
959	SSMFIELD_ENTRY_OLD( cr8, sizeof(uint64_t)),
960	SSMFIELD_ENTRY( CPUMCTX, dr[0]),
961	SSMFIELD_ENTRY( CPUMCTX, dr[1]),
962	SSMFIELD_ENTRY( CPUMCTX, dr[2]),
963	SSMFIELD_ENTRY( CPUMCTX, dr[3]),
964	SSMFIELD_ENTRY_OLD( dr[4], sizeof(uint64_t)),
965	SSMFIELD_ENTRY_OLD( dr[5], sizeof(uint64_t)),
966	SSMFIELD_ENTRY( CPUMCTX, dr[6]),
967	SSMFIELD_ENTRY( CPUMCTX, dr[7]),
968	SSMFIELD_ENTRY( CPUMCTX, gdtr.cbGdt),
969	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, gdtr.pGdt),
970	SSMFIELD_ENTRY_OLD( gdtrPadding, sizeof(uint16_t)),
971	SSMFIELD_ENTRY_OLD( gdtrPadding64, sizeof(uint64_t)),
972	SSMFIELD_ENTRY( CPUMCTX, idtr.cbIdt),
973	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, idtr.pIdt),
974	SSMFIELD_ENTRY_OLD( idtrPadding, sizeof(uint16_t)),
975	SSMFIELD_ENTRY_OLD( idtrPadding64, sizeof(uint64_t)),
976	SSMFIELD_ENTRY( CPUMCTX, ldtr.Sel),
977	SSMFIELD_ENTRY_OLD( ldtrPadding, sizeof(uint16_t)),
978	SSMFIELD_ENTRY( CPUMCTX, tr.Sel),
979	SSMFIELD_ENTRY_OLD( trPadding, sizeof(uint16_t)),
980	SSMFIELD_ENTRY( CPUMCTX, SysEnter.cs),
981	SSMFIELD_ENTRY( CPUMCTX, SysEnter.eip),
982	SSMFIELD_ENTRY( CPUMCTX, SysEnter.esp),
983	SSMFIELD_ENTRY( CPUMCTX, msrEFER),
984	SSMFIELD_ENTRY( CPUMCTX, msrSTAR),
985	SSMFIELD_ENTRY( CPUMCTX, msrPAT),
986	SSMFIELD_ENTRY( CPUMCTX, msrLSTAR),
987	SSMFIELD_ENTRY( CPUMCTX, msrCSTAR),
988	SSMFIELD_ENTRY( CPUMCTX, msrSFMASK),
989	SSMFIELD_ENTRY_OLD( msrFSBASE, sizeof(uint64_t)),
990	SSMFIELD_ENTRY_OLD( msrGSBASE, sizeof(uint64_t)),
991	SSMFIELD_ENTRY( CPUMCTX, msrKERNELGSBASE),
992	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, ldtr.u64Base),
993	SSMFIELD_ENTRY( CPUMCTX, ldtr.u32Limit),
994	SSMFIELD_ENTRY( CPUMCTX, ldtr.Attr),
995	SSMFIELD_ENTRY_U32_ZX_U64( CPUMCTX, tr.u64Base),
996	SSMFIELD_ENTRY( CPUMCTX, tr.u32Limit),
997	SSMFIELD_ENTRY( CPUMCTX, tr.Attr),
998	SSMFIELD_ENTRY_OLD( padding, sizeof(uint32_t)*2),
999	SSMFIELD_ENTRY_TERM()
1000	};
1001
1002
1003	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
1004	/**
1005	* Checks for partial/leaky FXSAVE/FXRSTOR handling on AMD CPUs.
1006	*
1007	* AMD K7, K8 and newer AMD CPUs do not save/restore the x87 error pointers
1008	* (last instruction pointer, last data pointer, last opcode) except when the ES
1009	* bit (Exception Summary) in x87 FSW (FPU Status Word) is set. Thus if we don't
1010	* clear these registers there is potential, local FPU leakage from a process
1011	* using the FPU to another.
1012	*
1013	* See AMD Instruction Reference for FXSAVE, FXRSTOR.
1014	*
1015	* @param pVM The cross context VM structure.
1016	*/
1017	static void cpumR3CheckLeakyFpu(PVM pVM)
1018	{
1019	uint32_t u32CpuVersion = ASMCpuId_EAX(1);
1020	uint32_t const u32Family = u32CpuVersion >> 8;
1021	if ( u32Family >= 6 /* K7 and higher */
1022	&& (ASMIsAmdCpu() \|\| ASMIsHygonCpu()) )
1023	{
1024	uint32_t cExt = ASMCpuId_EAX(0x80000000);
1025	if (RTX86IsValidExtRange(cExt))
1026	{
1027	uint32_t fExtFeaturesEDX = ASMCpuId_EDX(0x80000001);
1028	if (fExtFeaturesEDX & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
1029	{
1030	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1031	{
1032	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
1033	pVCpu->cpum.s.fUseFlags \|= CPUM_USE_FFXSR_LEAKY;
1034	}
1035	Log(("CPUM: Host CPU has leaky fxsave/fxrstor behaviour\n"));
1036	}
1037	}
1038	}
1039	}
1040	#endif
1041
1042
1043	/**
1044	* Initialize the SVM hardware virtualization state.
1045	*
1046	* @param pVM The cross context VM structure.
1047	*/
1048	static void cpumR3InitSvmHwVirtState(PVM pVM)
1049	{
1050	LogRel(("CPUM: AMD-V nested-guest init\n"));
1051	for (VMCPUID i = 0; i < pVM->cCpus; i++)
1052	{
1053	PVMCPU pVCpu = pVM->apCpusR3[i];
1054	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
1055
1056	/* Initialize that SVM hardware virtualization is available. */
1057	pCtx->hwvirt.enmHwvirt = CPUMHWVIRT_SVM;
1058
1059	AssertCompile(sizeof(pCtx->hwvirt.svm.Vmcb) == SVM_VMCB_PAGES * X86_PAGE_SIZE);
1060	AssertCompile(sizeof(pCtx->hwvirt.svm.abMsrBitmap) == SVM_MSRPM_PAGES * X86_PAGE_SIZE);
1061	AssertCompile(sizeof(pCtx->hwvirt.svm.abIoBitmap) == SVM_IOPM_PAGES * X86_PAGE_SIZE);
1062
1063	/* Initialize non-zero values. */
1064	pCtx->hwvirt.svm.GCPhysVmcb = NIL_RTGCPHYS;
1065	}
1066	}
1067
1068
1069	/**
1070	* Resets per-VCPU SVM hardware virtualization state.
1071	*
1072	* @param pVCpu The cross context virtual CPU structure.
1073	*/
1074	DECLINLINE(void) cpumR3ResetSvmHwVirtState(PVMCPU pVCpu)
1075	{
1076	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
1077	Assert(pCtx->hwvirt.enmHwvirt == CPUMHWVIRT_SVM);
1078
1079	RT_ZERO(pCtx->hwvirt.svm.Vmcb);
1080	RT_ZERO(pCtx->hwvirt.svm.HostState);
1081	RT_ZERO(pCtx->hwvirt.svm.abMsrBitmap);
1082	RT_ZERO(pCtx->hwvirt.svm.abIoBitmap);
1083
1084	pCtx->hwvirt.svm.uMsrHSavePa = 0;
1085	pCtx->hwvirt.svm.uPrevPauseTick = 0;
1086	pCtx->hwvirt.svm.GCPhysVmcb = NIL_RTGCPHYS;
1087	pCtx->hwvirt.svm.cPauseFilter = 0;
1088	pCtx->hwvirt.svm.cPauseFilterThreshold = 0;
1089	pCtx->hwvirt.svm.fInterceptEvents = false;
1090	}
1091
1092
1093	/**
1094	* Initializes the VMX hardware virtualization state.
1095	*
1096	* @param pVM The cross context VM structure.
1097	*/
1098	static void cpumR3InitVmxHwVirtState(PVM pVM)
1099	{
1100	LogRel(("CPUM: VT-x nested-guest init\n"));
1101	for (VMCPUID i = 0; i < pVM->cCpus; i++)
1102	{
1103	PVMCPU pVCpu = pVM->apCpusR3[i];
1104	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
1105
1106	/* Initialize that VMX hardware virtualization is available. */
1107	pCtx->hwvirt.enmHwvirt = CPUMHWVIRT_VMX;
1108
1109	AssertCompile(sizeof(pCtx->hwvirt.vmx.Vmcs) == VMX_V_VMCS_PAGES * X86_PAGE_SIZE);
1110	AssertCompile(sizeof(pCtx->hwvirt.vmx.Vmcs) == VMX_V_VMCS_SIZE);
1111	AssertCompile(sizeof(pCtx->hwvirt.vmx.ShadowVmcs) == VMX_V_SHADOW_VMCS_PAGES * X86_PAGE_SIZE);
1112	AssertCompile(sizeof(pCtx->hwvirt.vmx.ShadowVmcs) == VMX_V_SHADOW_VMCS_SIZE);
1113	AssertCompile(sizeof(pCtx->hwvirt.vmx.abVmreadBitmap) == VMX_V_VMREAD_VMWRITE_BITMAP_PAGES * X86_PAGE_SIZE);
1114	AssertCompile(sizeof(pCtx->hwvirt.vmx.abVmreadBitmap) == VMX_V_VMREAD_VMWRITE_BITMAP_SIZE);
1115	AssertCompile(sizeof(pCtx->hwvirt.vmx.abVmwriteBitmap) == VMX_V_VMREAD_VMWRITE_BITMAP_PAGES * X86_PAGE_SIZE);
1116	AssertCompile(sizeof(pCtx->hwvirt.vmx.abVmwriteBitmap) == VMX_V_VMREAD_VMWRITE_BITMAP_SIZE);
1117	AssertCompile(sizeof(pCtx->hwvirt.vmx.aEntryMsrLoadArea) == VMX_V_AUTOMSR_AREA_PAGES * X86_PAGE_SIZE);
1118	AssertCompile(sizeof(pCtx->hwvirt.vmx.aEntryMsrLoadArea) == VMX_V_AUTOMSR_AREA_SIZE);
1119	AssertCompile(sizeof(pCtx->hwvirt.vmx.aExitMsrStoreArea) == VMX_V_AUTOMSR_AREA_PAGES * X86_PAGE_SIZE);
1120	AssertCompile(sizeof(pCtx->hwvirt.vmx.aExitMsrStoreArea) == VMX_V_AUTOMSR_AREA_SIZE);
1121	AssertCompile(sizeof(pCtx->hwvirt.vmx.aExitMsrLoadArea) == VMX_V_AUTOMSR_AREA_PAGES * X86_PAGE_SIZE);
1122	AssertCompile(sizeof(pCtx->hwvirt.vmx.aExitMsrLoadArea) == VMX_V_AUTOMSR_AREA_SIZE);
1123	AssertCompile(sizeof(pCtx->hwvirt.vmx.abMsrBitmap) == VMX_V_MSR_BITMAP_PAGES * X86_PAGE_SIZE);
1124	AssertCompile(sizeof(pCtx->hwvirt.vmx.abMsrBitmap) == VMX_V_MSR_BITMAP_SIZE);
1125	AssertCompile(sizeof(pCtx->hwvirt.vmx.abIoBitmap) == (VMX_V_IO_BITMAP_A_PAGES + VMX_V_IO_BITMAP_B_PAGES) * X86_PAGE_SIZE);
1126	AssertCompile(sizeof(pCtx->hwvirt.vmx.abIoBitmap) == VMX_V_IO_BITMAP_A_SIZE + VMX_V_IO_BITMAP_B_SIZE);
1127
1128	/* Initialize non-zero values. */
1129	pCtx->hwvirt.vmx.GCPhysVmxon = NIL_RTGCPHYS;
1130	pCtx->hwvirt.vmx.GCPhysShadowVmcs = NIL_RTGCPHYS;
1131	pCtx->hwvirt.vmx.GCPhysVmcs = NIL_RTGCPHYS;
1132	}
1133	}
1134
1135
1136	/**
1137	* Resets per-VCPU VMX hardware virtualization state.
1138	*
1139	* @param pVCpu The cross context virtual CPU structure.
1140	*/
1141	DECLINLINE(void) cpumR3ResetVmxHwVirtState(PVMCPU pVCpu)
1142	{
1143	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
1144	Assert(pCtx->hwvirt.enmHwvirt == CPUMHWVIRT_VMX);
1145
1146	RT_ZERO(pCtx->hwvirt.vmx.Vmcs);
1147	RT_ZERO(pCtx->hwvirt.vmx.ShadowVmcs);
1148	RT_ZERO(pCtx->hwvirt.vmx.abVmreadBitmap);
1149	RT_ZERO(pCtx->hwvirt.vmx.abVmwriteBitmap);
1150	RT_ZERO(pCtx->hwvirt.vmx.aEntryMsrLoadArea);
1151	RT_ZERO(pCtx->hwvirt.vmx.aExitMsrStoreArea);
1152	RT_ZERO(pCtx->hwvirt.vmx.aExitMsrLoadArea);
1153	RT_ZERO(pCtx->hwvirt.vmx.abMsrBitmap);
1154	RT_ZERO(pCtx->hwvirt.vmx.abIoBitmap);
1155
1156	pCtx->hwvirt.vmx.GCPhysVmxon = NIL_RTGCPHYS;
1157	pCtx->hwvirt.vmx.GCPhysShadowVmcs = NIL_RTGCPHYS;
1158	pCtx->hwvirt.vmx.GCPhysVmcs = NIL_RTGCPHYS;
1159	pCtx->hwvirt.vmx.fInVmxRootMode = false;
1160	pCtx->hwvirt.vmx.fInVmxNonRootMode = false;
1161	/* Don't reset diagnostics here. */
1162
1163	pCtx->hwvirt.vmx.fInterceptEvents = false;
1164	pCtx->hwvirt.vmx.fNmiUnblockingIret = false;
1165	pCtx->hwvirt.vmx.uFirstPauseLoopTick = 0;
1166	pCtx->hwvirt.vmx.uPrevPauseTick = 0;
1167	pCtx->hwvirt.vmx.uEntryTick = 0;
1168	pCtx->hwvirt.vmx.offVirtApicWrite = 0;
1169	pCtx->hwvirt.vmx.fVirtNmiBlocking = false;
1170
1171	/* Stop any VMX-preemption timer. */
1172	CPUMStopGuestVmxPremptTimer(pVCpu);
1173
1174	/* Clear all nested-guest FFs. */
1175	VMCPU_FF_CLEAR_MASK(pVCpu, VMCPU_FF_VMX_ALL_MASK);
1176	}
1177
1178
1179	/**
1180	* Displays the host and guest VMX features.
1181	*
1182	* @param pVM The cross context VM structure.
1183	* @param pHlp The info helper functions.
1184	* @param pszArgs "terse", "default" or "verbose".
1185	*/
1186	static DECLCALLBACK(void) cpumR3InfoVmxFeatures(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
1187	{
1188	RT_NOREF(pszArgs);
1189	PCCPUMFEATURES pHostFeatures = &pVM->cpum.s.HostFeatures;
1190	PCCPUMFEATURES pGuestFeatures = &pVM->cpum.s.GuestFeatures;
1191	if ( pHostFeatures->enmCpuVendor == CPUMCPUVENDOR_INTEL
1192	\|\| pHostFeatures->enmCpuVendor == CPUMCPUVENDOR_VIA
1193	\|\| pHostFeatures->enmCpuVendor == CPUMCPUVENDOR_SHANGHAI)
1194	{
1195	#define VMXFEATDUMP(a_szDesc, a_Var) \
1196	pHlp->pfnPrintf(pHlp, " %s = %u (%u)\n", a_szDesc, pGuestFeatures->a_Var, pHostFeatures->a_Var)
1197
1198	pHlp->pfnPrintf(pHlp, "Nested hardware virtualization - VMX features\n");
1199	pHlp->pfnPrintf(pHlp, " Mnemonic - Description = guest (host)\n");
1200	VMXFEATDUMP("VMX - Virtual-Machine Extensions ", fVmx);
1201	/* Basic. */
1202	VMXFEATDUMP("InsOutInfo - INS/OUTS instruction info. ", fVmxInsOutInfo);
1203
1204	/* Pin-based controls. */
1205	VMXFEATDUMP("ExtIntExit - External interrupt exiting ", fVmxExtIntExit);
1206	VMXFEATDUMP("NmiExit - NMI exiting ", fVmxNmiExit);
1207	VMXFEATDUMP("VirtNmi - Virtual NMIs ", fVmxVirtNmi);
1208	VMXFEATDUMP("PreemptTimer - VMX preemption timer ", fVmxPreemptTimer);
1209	VMXFEATDUMP("PostedInt - Posted interrupts ", fVmxPostedInt);
1210
1211	/* Processor-based controls. */
1212	VMXFEATDUMP("IntWindowExit - Interrupt-window exiting ", fVmxIntWindowExit);
1213	VMXFEATDUMP("TscOffsetting - TSC offsetting ", fVmxTscOffsetting);
1214	VMXFEATDUMP("HltExit - HLT exiting ", fVmxHltExit);
1215	VMXFEATDUMP("InvlpgExit - INVLPG exiting ", fVmxInvlpgExit);
1216	VMXFEATDUMP("MwaitExit - MWAIT exiting ", fVmxMwaitExit);
1217	VMXFEATDUMP("RdpmcExit - RDPMC exiting ", fVmxRdpmcExit);
1218	VMXFEATDUMP("RdtscExit - RDTSC exiting ", fVmxRdtscExit);
1219	VMXFEATDUMP("Cr3LoadExit - CR3-load exiting ", fVmxCr3LoadExit);
1220	VMXFEATDUMP("Cr3StoreExit - CR3-store exiting ", fVmxCr3StoreExit);
1221	VMXFEATDUMP("TertiaryExecCtls - Activate tertiary controls ", fVmxTertiaryExecCtls);
1222	VMXFEATDUMP("Cr8LoadExit - CR8-load exiting ", fVmxCr8LoadExit);
1223	VMXFEATDUMP("Cr8StoreExit - CR8-store exiting ", fVmxCr8StoreExit);
1224	VMXFEATDUMP("UseTprShadow - Use TPR shadow ", fVmxUseTprShadow);
1225	VMXFEATDUMP("NmiWindowExit - NMI-window exiting ", fVmxNmiWindowExit);
1226	VMXFEATDUMP("MovDRxExit - Mov-DR exiting ", fVmxMovDRxExit);
1227	VMXFEATDUMP("UncondIoExit - Unconditional I/O exiting ", fVmxUncondIoExit);
1228	VMXFEATDUMP("UseIoBitmaps - Use I/O bitmaps ", fVmxUseIoBitmaps);
1229	VMXFEATDUMP("MonitorTrapFlag - Monitor Trap Flag ", fVmxMonitorTrapFlag);
1230	VMXFEATDUMP("UseMsrBitmaps - MSR bitmaps ", fVmxUseMsrBitmaps);
1231	VMXFEATDUMP("MonitorExit - MONITOR exiting ", fVmxMonitorExit);
1232	VMXFEATDUMP("PauseExit - PAUSE exiting ", fVmxPauseExit);
1233	VMXFEATDUMP("SecondaryExecCtl - Activate secondary controls ", fVmxSecondaryExecCtls);
1234
1235	/* Secondary processor-based controls. */
1236	VMXFEATDUMP("VirtApic - Virtualize-APIC accesses ", fVmxVirtApicAccess);
1237	VMXFEATDUMP("Ept - Extended Page Tables ", fVmxEpt);
1238	VMXFEATDUMP("DescTableExit - Descriptor-table exiting ", fVmxDescTableExit);
1239	VMXFEATDUMP("Rdtscp - Enable RDTSCP ", fVmxRdtscp);
1240	VMXFEATDUMP("VirtX2ApicMode - Virtualize-x2APIC mode ", fVmxVirtX2ApicMode);
1241	VMXFEATDUMP("Vpid - Enable VPID ", fVmxVpid);
1242	VMXFEATDUMP("WbinvdExit - WBINVD exiting ", fVmxWbinvdExit);
1243	VMXFEATDUMP("UnrestrictedGuest - Unrestricted guest ", fVmxUnrestrictedGuest);
1244	VMXFEATDUMP("ApicRegVirt - APIC-register virtualization ", fVmxApicRegVirt);
1245	VMXFEATDUMP("VirtIntDelivery - Virtual-interrupt delivery ", fVmxVirtIntDelivery);
1246	VMXFEATDUMP("PauseLoopExit - PAUSE-loop exiting ", fVmxPauseLoopExit);
1247	VMXFEATDUMP("RdrandExit - RDRAND exiting ", fVmxRdrandExit);
1248	VMXFEATDUMP("Invpcid - Enable INVPCID ", fVmxInvpcid);
1249	VMXFEATDUMP("VmFuncs - Enable VM Functions ", fVmxVmFunc);
1250	VMXFEATDUMP("VmcsShadowing - VMCS shadowing ", fVmxVmcsShadowing);
1251	VMXFEATDUMP("RdseedExiting - RDSEED exiting ", fVmxRdseedExit);
1252	VMXFEATDUMP("PML - Page-Modification Log (PML) ", fVmxPml);
1253	VMXFEATDUMP("EptVe - EPT violations can cause #VE ", fVmxEptXcptVe);
1254	VMXFEATDUMP("ConcealVmxFromPt - Conceal VMX from Processor Trace ", fVmxConcealVmxFromPt);
1255	VMXFEATDUMP("XsavesXRstors - Enable XSAVES/XRSTORS ", fVmxXsavesXrstors);
1256	VMXFEATDUMP("ModeBasedExecuteEpt - Mode-based execute permissions ", fVmxModeBasedExecuteEpt);
1257	VMXFEATDUMP("SppEpt - Sub-page page write permissions for EPT ", fVmxSppEpt);
1258	VMXFEATDUMP("PtEpt - Processor Trace address' translatable by EPT ", fVmxPtEpt);
1259	VMXFEATDUMP("UseTscScaling - Use TSC scaling ", fVmxUseTscScaling);
1260	VMXFEATDUMP("UserWaitPause - Enable TPAUSE, UMONITOR and UMWAIT ", fVmxUserWaitPause);
1261	VMXFEATDUMP("EnclvExit - ENCLV exiting ", fVmxEnclvExit);
1262
1263	/* Tertiary processor-based controls. */
1264	VMXFEATDUMP("LoadIwKeyExit - LOADIWKEY exiting ", fVmxLoadIwKeyExit);
1265
1266	/* VM-entry controls. */
1267	VMXFEATDUMP("EntryLoadDebugCtls - Load debug controls on VM-entry ", fVmxEntryLoadDebugCtls);
1268	VMXFEATDUMP("Ia32eModeGuest - IA-32e mode guest ", fVmxIa32eModeGuest);
1269	VMXFEATDUMP("EntryLoadEferMsr - Load IA32_EFER MSR on VM-entry ", fVmxEntryLoadEferMsr);
1270	VMXFEATDUMP("EntryLoadPatMsr - Load IA32_PAT MSR on VM-entry ", fVmxEntryLoadPatMsr);
1271
1272	/* VM-exit controls. */
1273	VMXFEATDUMP("ExitSaveDebugCtls - Save debug controls on VM-exit ", fVmxExitSaveDebugCtls);
1274	VMXFEATDUMP("HostAddrSpaceSize - Host address-space size ", fVmxHostAddrSpaceSize);
1275	VMXFEATDUMP("ExitAckExtInt - Acknowledge interrupt on VM-exit ", fVmxExitAckExtInt);
1276	VMXFEATDUMP("ExitSavePatMsr - Save IA32_PAT MSR on VM-exit ", fVmxExitSavePatMsr);
1277	VMXFEATDUMP("ExitLoadPatMsr - Load IA32_PAT MSR on VM-exit ", fVmxExitLoadPatMsr);
1278	VMXFEATDUMP("ExitSaveEferMsr - Save IA32_EFER MSR on VM-exit ", fVmxExitSaveEferMsr);
1279	VMXFEATDUMP("ExitLoadEferMsr - Load IA32_EFER MSR on VM-exit ", fVmxExitLoadEferMsr);
1280	VMXFEATDUMP("SavePreemptTimer - Save VMX-preemption timer ", fVmxSavePreemptTimer);
1281	VMXFEATDUMP("SecondaryExitCtls - Secondary VM-exit controls ", fVmxSecondaryExitCtls);
1282
1283	/* Miscellaneous data. */
1284	VMXFEATDUMP("ExitSaveEferLma - Save IA32_EFER.LMA on VM-exit ", fVmxExitSaveEferLma);
1285	VMXFEATDUMP("IntelPt - Intel PT (Processor Trace) in VMX operation ", fVmxPt);
1286	VMXFEATDUMP("VmwriteAll - VMWRITE to any supported VMCS field ", fVmxVmwriteAll);
1287	VMXFEATDUMP("EntryInjectSoftInt - Inject softint. with 0-len instr. ", fVmxEntryInjectSoftInt);
1288	#undef VMXFEATDUMP
1289	}
1290	else
1291	pHlp->pfnPrintf(pHlp, "No VMX features present - requires an Intel or compatible CPU.\n");
1292	}
1293
1294
1295	/**
1296	* Checks whether nested-guest execution using hardware-assisted VMX (e.g, using HM
1297	* or NEM) is allowed.
1298	*
1299	* @returns @c true if hardware-assisted nested-guest execution is allowed, @c false
1300	* otherwise.
1301	* @param pVM The cross context VM structure.
1302	*/
1303	static bool cpumR3IsHwAssistNstGstExecAllowed(PVM pVM)
1304	{
1305	AssertMsg(pVM->bMainExecutionEngine != VM_EXEC_ENGINE_NOT_SET, ("Calling this function too early!\n"));
1306	#ifndef VBOX_WITH_NESTED_HWVIRT_ONLY_IN_IEM
1307	if ( pVM->bMainExecutionEngine == VM_EXEC_ENGINE_HW_VIRT
1308	\|\| pVM->bMainExecutionEngine == VM_EXEC_ENGINE_NATIVE_API)
1309	return true;
1310	#else
1311	NOREF(pVM);
1312	#endif
1313	return false;
1314	}
1315
1316
1317	/**
1318	* Initializes the VMX guest MSRs from guest CPU features based on the host MSRs.
1319	*
1320	* @param pVM The cross context VM structure.
1321	* @param pHostVmxMsrs The host VMX MSRs. Pass NULL when fully emulating VMX
1322	* and no hardware-assisted nested-guest execution is
1323	* possible for this VM.
1324	* @param pGuestFeatures The guest features to use (only VMX features are
1325	* accessed).
1326	* @param pGuestVmxMsrs Where to store the initialized guest VMX MSRs.
1327	*
1328	* @remarks This function ASSUMES the VMX guest-features are already exploded!
1329	*/
1330	static void cpumR3InitVmxGuestMsrs(PVM pVM, PCVMXMSRS pHostVmxMsrs, PCCPUMFEATURES pGuestFeatures, PVMXMSRS pGuestVmxMsrs)
1331	{
1332	bool const fIsNstGstHwExecAllowed = cpumR3IsHwAssistNstGstExecAllowed(pVM);
1333
1334	Assert(!fIsNstGstHwExecAllowed \|\| pHostVmxMsrs);
1335	Assert(pGuestFeatures->fVmx);
1336
1337	/* Basic information. */
1338	uint8_t const fTrueVmxMsrs = 1;
1339	{
1340	uint64_t const u64Basic = RT_BF_MAKE(VMX_BF_BASIC_VMCS_ID, VMX_V_VMCS_REVISION_ID )
1341	\| RT_BF_MAKE(VMX_BF_BASIC_VMCS_SIZE, VMX_V_VMCS_SIZE )
1342	\| RT_BF_MAKE(VMX_BF_BASIC_PHYSADDR_WIDTH, !pGuestFeatures->fLongMode )
1343	\| RT_BF_MAKE(VMX_BF_BASIC_DUAL_MON, 0 )
1344	\| RT_BF_MAKE(VMX_BF_BASIC_VMCS_MEM_TYPE, VMX_BASIC_MEM_TYPE_WB )
1345	\| RT_BF_MAKE(VMX_BF_BASIC_VMCS_INS_OUTS, pGuestFeatures->fVmxInsOutInfo)
1346	\| RT_BF_MAKE(VMX_BF_BASIC_TRUE_CTLS, fTrueVmxMsrs );
1347	pGuestVmxMsrs->u64Basic = u64Basic;
1348	}
1349
1350	/* Pin-based VM-execution controls. */
1351	{
1352	uint32_t const fFeatures = (pGuestFeatures->fVmxExtIntExit << VMX_BF_PIN_CTLS_EXT_INT_EXIT_SHIFT )
1353	\| (pGuestFeatures->fVmxNmiExit << VMX_BF_PIN_CTLS_NMI_EXIT_SHIFT )
1354	\| (pGuestFeatures->fVmxVirtNmi << VMX_BF_PIN_CTLS_VIRT_NMI_SHIFT )
1355	\| (pGuestFeatures->fVmxPreemptTimer << VMX_BF_PIN_CTLS_PREEMPT_TIMER_SHIFT)
1356	\| (pGuestFeatures->fVmxPostedInt << VMX_BF_PIN_CTLS_POSTED_INT_SHIFT );
1357	uint32_t const fAllowed0 = VMX_PIN_CTLS_DEFAULT1;
1358	uint32_t const fAllowed1 = fFeatures \| VMX_PIN_CTLS_DEFAULT1;
1359	AssertMsg((fAllowed0 & fAllowed1) == fAllowed0, ("fAllowed0=%#RX32 fAllowed1=%#RX32 fFeatures=%#RX32\n",
1360	fAllowed0, fAllowed1, fFeatures));
1361	pGuestVmxMsrs->PinCtls.u = RT_MAKE_U64(fAllowed0, fAllowed1);
1362
1363	/* True pin-based VM-execution controls. */
1364	if (fTrueVmxMsrs)
1365	{
1366	/* VMX_PIN_CTLS_DEFAULT1 contains MB1 reserved bits and must be reserved MB1 in true pin-based controls as well. */
1367	pGuestVmxMsrs->TruePinCtls.u = pGuestVmxMsrs->PinCtls.u;
1368	}
1369	}
1370
1371	/* Processor-based VM-execution controls. */
1372	{
1373	uint32_t const fFeatures = (pGuestFeatures->fVmxIntWindowExit << VMX_BF_PROC_CTLS_INT_WINDOW_EXIT_SHIFT )
1374	\| (pGuestFeatures->fVmxTscOffsetting << VMX_BF_PROC_CTLS_USE_TSC_OFFSETTING_SHIFT)
1375	\| (pGuestFeatures->fVmxHltExit << VMX_BF_PROC_CTLS_HLT_EXIT_SHIFT )
1376	\| (pGuestFeatures->fVmxInvlpgExit << VMX_BF_PROC_CTLS_INVLPG_EXIT_SHIFT )
1377	\| (pGuestFeatures->fVmxMwaitExit << VMX_BF_PROC_CTLS_MWAIT_EXIT_SHIFT )
1378	\| (pGuestFeatures->fVmxRdpmcExit << VMX_BF_PROC_CTLS_RDPMC_EXIT_SHIFT )
1379	\| (pGuestFeatures->fVmxRdtscExit << VMX_BF_PROC_CTLS_RDTSC_EXIT_SHIFT )
1380	\| (pGuestFeatures->fVmxCr3LoadExit << VMX_BF_PROC_CTLS_CR3_LOAD_EXIT_SHIFT )
1381	\| (pGuestFeatures->fVmxCr3StoreExit << VMX_BF_PROC_CTLS_CR3_STORE_EXIT_SHIFT )
1382	\| (pGuestFeatures->fVmxTertiaryExecCtls << VMX_BF_PROC_CTLS_USE_TERTIARY_CTLS_SHIFT )
1383	\| (pGuestFeatures->fVmxCr8LoadExit << VMX_BF_PROC_CTLS_CR8_LOAD_EXIT_SHIFT )
1384	\| (pGuestFeatures->fVmxCr8StoreExit << VMX_BF_PROC_CTLS_CR8_STORE_EXIT_SHIFT )
1385	\| (pGuestFeatures->fVmxUseTprShadow << VMX_BF_PROC_CTLS_USE_TPR_SHADOW_SHIFT )
1386	\| (pGuestFeatures->fVmxNmiWindowExit << VMX_BF_PROC_CTLS_NMI_WINDOW_EXIT_SHIFT )
1387	\| (pGuestFeatures->fVmxMovDRxExit << VMX_BF_PROC_CTLS_MOV_DR_EXIT_SHIFT )
1388	\| (pGuestFeatures->fVmxUncondIoExit << VMX_BF_PROC_CTLS_UNCOND_IO_EXIT_SHIFT )
1389	\| (pGuestFeatures->fVmxUseIoBitmaps << VMX_BF_PROC_CTLS_USE_IO_BITMAPS_SHIFT )
1390	\| (pGuestFeatures->fVmxMonitorTrapFlag << VMX_BF_PROC_CTLS_MONITOR_TRAP_FLAG_SHIFT )
1391	\| (pGuestFeatures->fVmxUseMsrBitmaps << VMX_BF_PROC_CTLS_USE_MSR_BITMAPS_SHIFT )
1392	\| (pGuestFeatures->fVmxMonitorExit << VMX_BF_PROC_CTLS_MONITOR_EXIT_SHIFT )
1393	\| (pGuestFeatures->fVmxPauseExit << VMX_BF_PROC_CTLS_PAUSE_EXIT_SHIFT )
1394	\| (pGuestFeatures->fVmxSecondaryExecCtls << VMX_BF_PROC_CTLS_USE_SECONDARY_CTLS_SHIFT);
1395	uint32_t const fAllowed0 = VMX_PROC_CTLS_DEFAULT1;
1396	uint32_t const fAllowed1 = fFeatures \| VMX_PROC_CTLS_DEFAULT1;
1397	AssertMsg((fAllowed0 & fAllowed1) == fAllowed0, ("fAllowed0=%#RX32 fAllowed1=%#RX32 fFeatures=%#RX32\n", fAllowed0,
1398	fAllowed1, fFeatures));
1399	pGuestVmxMsrs->ProcCtls.u = RT_MAKE_U64(fAllowed0, fAllowed1);
1400
1401	/* True processor-based VM-execution controls. */
1402	if (fTrueVmxMsrs)
1403	{
1404	/* VMX_PROC_CTLS_DEFAULT1 contains MB1 reserved bits but the following are not really reserved. */
1405	uint32_t const fTrueAllowed0 = VMX_PROC_CTLS_DEFAULT1 & ~( VMX_BF_PROC_CTLS_CR3_LOAD_EXIT_MASK
1406	\| VMX_BF_PROC_CTLS_CR3_STORE_EXIT_MASK);
1407	uint32_t const fTrueAllowed1 = fFeatures \| fTrueAllowed0;
1408	pGuestVmxMsrs->TrueProcCtls.u = RT_MAKE_U64(fTrueAllowed0, fTrueAllowed1);
1409	}
1410	}
1411
1412	/* Secondary processor-based VM-execution controls. */
1413	if (pGuestFeatures->fVmxSecondaryExecCtls)
1414	{
1415	uint32_t const fFeatures = (pGuestFeatures->fVmxVirtApicAccess << VMX_BF_PROC_CTLS2_VIRT_APIC_ACCESS_SHIFT )
1416	\| (pGuestFeatures->fVmxEpt << VMX_BF_PROC_CTLS2_EPT_SHIFT )
1417	\| (pGuestFeatures->fVmxDescTableExit << VMX_BF_PROC_CTLS2_DESC_TABLE_EXIT_SHIFT )
1418	\| (pGuestFeatures->fVmxRdtscp << VMX_BF_PROC_CTLS2_RDTSCP_SHIFT )
1419	\| (pGuestFeatures->fVmxVirtX2ApicMode << VMX_BF_PROC_CTLS2_VIRT_X2APIC_MODE_SHIFT )
1420	\| (pGuestFeatures->fVmxVpid << VMX_BF_PROC_CTLS2_VPID_SHIFT )
1421	\| (pGuestFeatures->fVmxWbinvdExit << VMX_BF_PROC_CTLS2_WBINVD_EXIT_SHIFT )
1422	\| (pGuestFeatures->fVmxUnrestrictedGuest << VMX_BF_PROC_CTLS2_UNRESTRICTED_GUEST_SHIFT )
1423	\| (pGuestFeatures->fVmxApicRegVirt << VMX_BF_PROC_CTLS2_APIC_REG_VIRT_SHIFT )
1424	\| (pGuestFeatures->fVmxVirtIntDelivery << VMX_BF_PROC_CTLS2_VIRT_INT_DELIVERY_SHIFT )
1425	\| (pGuestFeatures->fVmxPauseLoopExit << VMX_BF_PROC_CTLS2_PAUSE_LOOP_EXIT_SHIFT )
1426	\| (pGuestFeatures->fVmxRdrandExit << VMX_BF_PROC_CTLS2_RDRAND_EXIT_SHIFT )
1427	\| (pGuestFeatures->fVmxInvpcid << VMX_BF_PROC_CTLS2_INVPCID_SHIFT )
1428	\| (pGuestFeatures->fVmxVmFunc << VMX_BF_PROC_CTLS2_VMFUNC_SHIFT )
1429	\| (pGuestFeatures->fVmxVmcsShadowing << VMX_BF_PROC_CTLS2_VMCS_SHADOWING_SHIFT )
1430	\| (pGuestFeatures->fVmxRdseedExit << VMX_BF_PROC_CTLS2_RDSEED_EXIT_SHIFT )
1431	\| (pGuestFeatures->fVmxPml << VMX_BF_PROC_CTLS2_PML_SHIFT )
1432	\| (pGuestFeatures->fVmxEptXcptVe << VMX_BF_PROC_CTLS2_EPT_VE_SHIFT )
1433	\| (pGuestFeatures->fVmxConcealVmxFromPt << VMX_BF_PROC_CTLS2_CONCEAL_VMX_FROM_PT_SHIFT)
1434	\| (pGuestFeatures->fVmxXsavesXrstors << VMX_BF_PROC_CTLS2_XSAVES_XRSTORS_SHIFT )
1435	\| (pGuestFeatures->fVmxModeBasedExecuteEpt << VMX_BF_PROC_CTLS2_MODE_BASED_EPT_PERM_SHIFT)
1436	\| (pGuestFeatures->fVmxSppEpt << VMX_BF_PROC_CTLS2_SPP_EPT_SHIFT )
1437	\| (pGuestFeatures->fVmxPtEpt << VMX_BF_PROC_CTLS2_PT_EPT_SHIFT )
1438	\| (pGuestFeatures->fVmxUseTscScaling << VMX_BF_PROC_CTLS2_TSC_SCALING_SHIFT )
1439	\| (pGuestFeatures->fVmxUserWaitPause << VMX_BF_PROC_CTLS2_USER_WAIT_PAUSE_SHIFT )
1440	\| (pGuestFeatures->fVmxEnclvExit << VMX_BF_PROC_CTLS2_ENCLV_EXIT_SHIFT );
1441	uint32_t const fAllowed0 = 0;
1442	uint32_t const fAllowed1 = fFeatures;
1443	pGuestVmxMsrs->ProcCtls2.u = RT_MAKE_U64(fAllowed0, fAllowed1);
1444	}
1445
1446	/* Tertiary processor-based VM-execution controls. */
1447	if (pGuestFeatures->fVmxTertiaryExecCtls)
1448	{
1449	pGuestVmxMsrs->u64ProcCtls3 = (pGuestFeatures->fVmxLoadIwKeyExit << VMX_BF_PROC_CTLS3_LOADIWKEY_EXIT_SHIFT);
1450	}
1451
1452	/* VM-exit controls. */
1453	{
1454	uint32_t const fFeatures = (pGuestFeatures->fVmxExitSaveDebugCtls << VMX_BF_EXIT_CTLS_SAVE_DEBUG_SHIFT )
1455	\| (pGuestFeatures->fVmxHostAddrSpaceSize << VMX_BF_EXIT_CTLS_HOST_ADDR_SPACE_SIZE_SHIFT)
1456	\| (pGuestFeatures->fVmxExitAckExtInt << VMX_BF_EXIT_CTLS_ACK_EXT_INT_SHIFT )
1457	\| (pGuestFeatures->fVmxExitSavePatMsr << VMX_BF_EXIT_CTLS_SAVE_PAT_MSR_SHIFT )
1458	\| (pGuestFeatures->fVmxExitLoadPatMsr << VMX_BF_EXIT_CTLS_LOAD_PAT_MSR_SHIFT )
1459	\| (pGuestFeatures->fVmxExitSaveEferMsr << VMX_BF_EXIT_CTLS_SAVE_EFER_MSR_SHIFT )
1460	\| (pGuestFeatures->fVmxExitLoadEferMsr << VMX_BF_EXIT_CTLS_LOAD_EFER_MSR_SHIFT )
1461	\| (pGuestFeatures->fVmxSavePreemptTimer << VMX_BF_EXIT_CTLS_SAVE_PREEMPT_TIMER_SHIFT )
1462	\| (pGuestFeatures->fVmxSecondaryExitCtls << VMX_BF_EXIT_CTLS_USE_SECONDARY_CTLS_SHIFT );
1463	/* Set the default1 class bits. See Intel spec. A.4 "VM-exit Controls". */
1464	uint32_t const fAllowed0 = VMX_EXIT_CTLS_DEFAULT1;
1465	uint32_t const fAllowed1 = fFeatures \| VMX_EXIT_CTLS_DEFAULT1;
1466	AssertMsg((fAllowed0 & fAllowed1) == fAllowed0, ("fAllowed0=%#RX32 fAllowed1=%#RX32 fFeatures=%#RX32\n", fAllowed0,
1467	fAllowed1, fFeatures));
1468	pGuestVmxMsrs->ExitCtls.u = RT_MAKE_U64(fAllowed0, fAllowed1);
1469
1470	/* True VM-exit controls. */
1471	if (fTrueVmxMsrs)
1472	{
1473	/* VMX_EXIT_CTLS_DEFAULT1 contains MB1 reserved bits but the following are not really reserved */
1474	uint32_t const fTrueAllowed0 = VMX_EXIT_CTLS_DEFAULT1 & ~VMX_BF_EXIT_CTLS_SAVE_DEBUG_MASK;
1475	uint32_t const fTrueAllowed1 = fFeatures \| fTrueAllowed0;
1476	pGuestVmxMsrs->TrueExitCtls.u = RT_MAKE_U64(fTrueAllowed0, fTrueAllowed1);
1477	}
1478	}
1479
1480	/* VM-entry controls. */
1481	{
1482	uint32_t const fFeatures = (pGuestFeatures->fVmxEntryLoadDebugCtls << VMX_BF_ENTRY_CTLS_LOAD_DEBUG_SHIFT )
1483	\| (pGuestFeatures->fVmxIa32eModeGuest << VMX_BF_ENTRY_CTLS_IA32E_MODE_GUEST_SHIFT)
1484	\| (pGuestFeatures->fVmxEntryLoadEferMsr << VMX_BF_ENTRY_CTLS_LOAD_EFER_MSR_SHIFT )
1485	\| (pGuestFeatures->fVmxEntryLoadPatMsr << VMX_BF_ENTRY_CTLS_LOAD_PAT_MSR_SHIFT );
1486	uint32_t const fAllowed0 = VMX_ENTRY_CTLS_DEFAULT1;
1487	uint32_t const fAllowed1 = fFeatures \| VMX_ENTRY_CTLS_DEFAULT1;
1488	AssertMsg((fAllowed0 & fAllowed1) == fAllowed0, ("fAllowed0=%#RX32 fAllowed0=%#RX32 fFeatures=%#RX32\n", fAllowed0,
1489	fAllowed1, fFeatures));
1490	pGuestVmxMsrs->EntryCtls.u = RT_MAKE_U64(fAllowed0, fAllowed1);
1491
1492	/* True VM-entry controls. */
1493	if (fTrueVmxMsrs)
1494	{
1495	/* VMX_ENTRY_CTLS_DEFAULT1 contains MB1 reserved bits but the following are not really reserved */
1496	uint32_t const fTrueAllowed0 = VMX_ENTRY_CTLS_DEFAULT1 & ~( VMX_BF_ENTRY_CTLS_LOAD_DEBUG_MASK
1497	\| VMX_BF_ENTRY_CTLS_IA32E_MODE_GUEST_MASK
1498	\| VMX_BF_ENTRY_CTLS_ENTRY_SMM_MASK
1499	\| VMX_BF_ENTRY_CTLS_DEACTIVATE_DUAL_MON_MASK);
1500	uint32_t const fTrueAllowed1 = fFeatures \| fTrueAllowed0;
1501	pGuestVmxMsrs->TrueEntryCtls.u = RT_MAKE_U64(fTrueAllowed0, fTrueAllowed1);
1502	}
1503	}
1504
1505	/* Miscellaneous data. */
1506	{
1507	uint64_t const uHostMsr = fIsNstGstHwExecAllowed ? pHostVmxMsrs->u64Misc : 0;
1508
1509	uint8_t const cMaxMsrs = RT_MIN(RT_BF_GET(uHostMsr, VMX_BF_MISC_MAX_MSRS), VMX_V_AUTOMSR_COUNT_MAX);
1510	uint8_t const fActivityState = RT_BF_GET(uHostMsr, VMX_BF_MISC_ACTIVITY_STATES) & VMX_V_GUEST_ACTIVITY_STATE_MASK;
1511	pGuestVmxMsrs->u64Misc = RT_BF_MAKE(VMX_BF_MISC_PREEMPT_TIMER_TSC, VMX_V_PREEMPT_TIMER_SHIFT )
1512	\| RT_BF_MAKE(VMX_BF_MISC_EXIT_SAVE_EFER_LMA, pGuestFeatures->fVmxExitSaveEferLma )
1513	\| RT_BF_MAKE(VMX_BF_MISC_ACTIVITY_STATES, fActivityState )
1514	\| RT_BF_MAKE(VMX_BF_MISC_INTEL_PT, pGuestFeatures->fVmxPt )
1515	\| RT_BF_MAKE(VMX_BF_MISC_SMM_READ_SMBASE_MSR, 0 )
1516	\| RT_BF_MAKE(VMX_BF_MISC_CR3_TARGET, VMX_V_CR3_TARGET_COUNT )
1517	\| RT_BF_MAKE(VMX_BF_MISC_MAX_MSRS, cMaxMsrs )
1518	\| RT_BF_MAKE(VMX_BF_MISC_VMXOFF_BLOCK_SMI, 0 )
1519	\| RT_BF_MAKE(VMX_BF_MISC_VMWRITE_ALL, pGuestFeatures->fVmxVmwriteAll )
1520	\| RT_BF_MAKE(VMX_BF_MISC_ENTRY_INJECT_SOFT_INT, pGuestFeatures->fVmxEntryInjectSoftInt)
1521	\| RT_BF_MAKE(VMX_BF_MISC_MSEG_ID, VMX_V_MSEG_REV_ID );
1522	}
1523
1524	/* CR0 Fixed-0 (we report this fixed value regardless of whether UX is supported as it does on real hardware). */
1525	pGuestVmxMsrs->u64Cr0Fixed0 = VMX_V_CR0_FIXED0;
1526
1527	/* CR0 Fixed-1. */
1528	{
1529	/*
1530	* All CPUs I've looked at so far report CR0 fixed-1 bits as 0xffffffff.
1531	* This is different from CR4 fixed-1 bits which are reported as per the
1532	* CPU features and/or micro-architecture/generation. Why? Ask Intel.
1533	*/
1534	pGuestVmxMsrs->u64Cr0Fixed1 = fIsNstGstHwExecAllowed ? pHostVmxMsrs->u64Cr0Fixed1 : VMX_V_CR0_FIXED1;
1535
1536	/* Make sure the CR0 MB1 bits are not clear. */
1537	Assert((pGuestVmxMsrs->u64Cr0Fixed1 & pGuestVmxMsrs->u64Cr0Fixed0) == pGuestVmxMsrs->u64Cr0Fixed0);
1538	}
1539
1540	/* CR4 Fixed-0. */
1541	pGuestVmxMsrs->u64Cr4Fixed0 = VMX_V_CR4_FIXED0;
1542
1543	/* CR4 Fixed-1. */
1544	{
1545	pGuestVmxMsrs->u64Cr4Fixed1 = CPUMGetGuestCR4ValidMask(pVM) & pHostVmxMsrs->u64Cr4Fixed1;
1546
1547	/* Make sure the CR4 MB1 bits are not clear. */
1548	Assert((pGuestVmxMsrs->u64Cr4Fixed1 & pGuestVmxMsrs->u64Cr4Fixed0) == pGuestVmxMsrs->u64Cr4Fixed0);
1549
1550	/* Make sure bits that must always be set are set. */
1551	Assert(pGuestVmxMsrs->u64Cr4Fixed1 & X86_CR4_PAE);
1552	Assert(pGuestVmxMsrs->u64Cr4Fixed1 & X86_CR4_VMXE);
1553	}
1554
1555	/* VMCS Enumeration. */
1556	pGuestVmxMsrs->u64VmcsEnum = VMX_V_VMCS_MAX_INDEX << VMX_BF_VMCS_ENUM_HIGHEST_IDX_SHIFT;
1557
1558	/* VPID and EPT Capabilities. */
1559	if (pGuestFeatures->fVmxEpt)
1560	{
1561	/*
1562	* INVVPID instruction always causes a VM-exit unconditionally, so we are free to fake
1563	* and emulate any INVVPID flush type. However, it only makes sense to expose the types
1564	* when INVVPID instruction is supported just to be more compatible with guest
1565	* hypervisors that may make assumptions by only looking at this MSR even though they
1566	* are technically supposed to refer to VMX_PROC_CTLS2_VPID first.
1567	*
1568	* See Intel spec. 25.1.2 "Instructions That Cause VM Exits Unconditionally".
1569	* See Intel spec. 30.3 "VMX Instructions".
1570	*/
1571	uint64_t const uHostMsr = fIsNstGstHwExecAllowed ? pHostVmxMsrs->u64EptVpidCaps : UINT64_MAX;
1572	uint8_t const fVpid = pGuestFeatures->fVmxVpid;
1573
1574	uint8_t const fExecOnly = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_EXEC_ONLY);
1575	uint8_t const fPml4 = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_PAGE_WALK_LENGTH_4);
1576	uint8_t const fMemTypeUc = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_MEMTYPE_UC);
1577	uint8_t const fMemTypeWb = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_MEMTYPE_WB);
1578	uint8_t const f2MPage = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_PDE_2M);
1579	uint8_t const fInvept = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVEPT);
1580	/** @todo Nested VMX: Support accessed/dirty bits, see @bugref{10092#c25}. */
1581	/* uint8_t const fAccessDirty = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_ACCESS_DIRTY); */
1582	uint8_t const fEptSingle = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVEPT_SINGLE_CTX);
1583	uint8_t const fEptAll = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVEPT_ALL_CTX);
1584	uint8_t const fVpidIndiv = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVVPID_INDIV_ADDR);
1585	uint8_t const fVpidSingle = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVVPID_SINGLE_CTX);
1586	uint8_t const fVpidAll = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVVPID_ALL_CTX);
1587	uint8_t const fVpidSingleGlobal = RT_BF_GET(uHostMsr, VMX_BF_EPT_VPID_CAP_INVVPID_SINGLE_CTX_RETAIN_GLOBALS);
1588	pGuestVmxMsrs->u64EptVpidCaps = RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_EXEC_ONLY, fExecOnly)
1589	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_PAGE_WALK_LENGTH_4, fPml4)
1590	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_MEMTYPE_UC, fMemTypeUc)
1591	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_MEMTYPE_WB, fMemTypeWb)
1592	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_PDE_2M, f2MPage)
1593	//\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_PDPTE_1G, 0)
1594	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVEPT, fInvept)
1595	//\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_ACCESS_DIRTY, 0)
1596	//\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_ADVEXITINFO_EPT_VIOLATION, 0)
1597	//\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_SUPER_SHW_STACK, 0)
1598	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVEPT_SINGLE_CTX, fEptSingle)
1599	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVEPT_ALL_CTX, fEptAll)
1600	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVVPID, fVpid)
1601	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVVPID_INDIV_ADDR, fVpid & fVpidIndiv)
1602	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVVPID_SINGLE_CTX, fVpid & fVpidSingle)
1603	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVVPID_ALL_CTX, fVpid & fVpidAll)
1604	\| RT_BF_MAKE(VMX_BF_EPT_VPID_CAP_INVVPID_SINGLE_CTX_RETAIN_GLOBALS, fVpid & fVpidSingleGlobal);
1605	}
1606
1607	/* VM Functions. */
1608	if (pGuestFeatures->fVmxVmFunc)
1609	pGuestVmxMsrs->u64VmFunc = RT_BF_MAKE(VMX_BF_VMFUNC_EPTP_SWITCHING, 1);
1610	}
1611
1612
1613	/**
1614	* Checks whether the given guest CPU VMX features are compatible with the provided
1615	* base features.
1616	*
1617	* @returns @c true if compatible, @c false otherwise.
1618	* @param pVM The cross context VM structure.
1619	* @param pBase The base VMX CPU features.
1620	* @param pGst The guest VMX CPU features.
1621	*
1622	* @remarks Only VMX feature bits are examined.
1623	*/
1624	static bool cpumR3AreVmxCpuFeaturesCompatible(PVM pVM, PCCPUMFEATURES pBase, PCCPUMFEATURES pGst)
1625	{
1626	if (!cpumR3IsHwAssistNstGstExecAllowed(pVM))
1627	return false;
1628
1629	#define CPUM_VMX_FEAT_SHIFT(a_pFeat, a_FeatName, a_cShift) ((uint64_t)(a_pFeat->a_FeatName) << (a_cShift))
1630	#define CPUM_VMX_MAKE_FEATURES_1(a_pFeat) ( CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxInsOutInfo , 0) \
1631	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExtIntExit , 1) \
1632	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxNmiExit , 2) \
1633	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVirtNmi , 3) \
1634	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPreemptTimer , 4) \
1635	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPostedInt , 5) \
1636	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxIntWindowExit , 6) \
1637	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxTscOffsetting , 7) \
1638	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxHltExit , 8) \
1639	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxInvlpgExit , 9) \
1640	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxMwaitExit , 10) \
1641	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxRdpmcExit , 12) \
1642	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxRdtscExit , 13) \
1643	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxCr3LoadExit , 14) \
1644	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxCr3StoreExit , 15) \
1645	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxTertiaryExecCtls , 16) \
1646	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxCr8LoadExit , 17) \
1647	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxCr8StoreExit , 18) \
1648	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUseTprShadow , 19) \
1649	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxNmiWindowExit , 20) \
1650	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxMovDRxExit , 21) \
1651	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUncondIoExit , 22) \
1652	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUseIoBitmaps , 23) \
1653	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxMonitorTrapFlag , 24) \
1654	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUseMsrBitmaps , 25) \
1655	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxMonitorExit , 26) \
1656	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPauseExit , 27) \
1657	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxSecondaryExecCtls , 28) \
1658	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVirtApicAccess , 29) \
1659	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEpt , 30) \
1660	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxDescTableExit , 31) \
1661	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxRdtscp , 32) \
1662	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVirtX2ApicMode , 33) \
1663	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVpid , 34) \
1664	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxWbinvdExit , 35) \
1665	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUnrestrictedGuest , 36) \
1666	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxApicRegVirt , 37) \
1667	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVirtIntDelivery , 38) \
1668	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPauseLoopExit , 39) \
1669	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxRdrandExit , 40) \
1670	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxInvpcid , 41) \
1671	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVmFunc , 42) \
1672	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVmcsShadowing , 43) \
1673	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxRdseedExit , 44) \
1674	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPml , 45) \
1675	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEptXcptVe , 46) \
1676	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxConcealVmxFromPt , 47) \
1677	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxXsavesXrstors , 48) \
1678	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxModeBasedExecuteEpt, 49) \
1679	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxSppEpt , 50) \
1680	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPtEpt , 51) \
1681	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUseTscScaling , 52) \
1682	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxUserWaitPause , 53) \
1683	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEnclvExit , 54) \
1684	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxLoadIwKeyExit , 55) \
1685	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEntryLoadDebugCtls , 56) \
1686	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxIa32eModeGuest , 57) \
1687	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEntryLoadEferMsr , 58) \
1688	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEntryLoadPatMsr , 59) \
1689	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitSaveDebugCtls , 60) \
1690	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxHostAddrSpaceSize , 61) \
1691	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitAckExtInt , 62) \
1692	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitSavePatMsr , 63))
1693
1694	#define CPUM_VMX_MAKE_FEATURES_2(a_pFeat) ( CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitLoadPatMsr , 0) \
1695	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitSaveEferMsr , 1) \
1696	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitLoadEferMsr , 2) \
1697	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxSavePreemptTimer , 3) \
1698	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxSecondaryExitCtls , 4) \
1699	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxExitSaveEferLma , 5) \
1700	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxPt , 6) \
1701	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxVmwriteAll , 7) \
1702	\| CPUM_VMX_FEAT_SHIFT(a_pFeat, fVmxEntryInjectSoftInt , 8))
1703
1704	/* Check first set of feature bits. */
1705	{
1706	uint64_t const fBase = CPUM_VMX_MAKE_FEATURES_1(pBase);
1707	uint64_t const fGst = CPUM_VMX_MAKE_FEATURES_1(pGst);
1708	if ((fBase \| fGst) != fBase)
1709	{
1710	uint64_t const fDiff = fBase ^ fGst;
1711	LogRel(("CPUM: VMX features (1) now exposed to the guest are incompatible with those from the saved state. fBase=%#RX64 fGst=%#RX64 fDiff=%#RX64\n",
1712	fBase, fGst, fDiff));
1713	return false;
1714	}
1715	}
1716
1717	/* Check second set of feature bits. */
1718	{
1719	uint64_t const fBase = CPUM_VMX_MAKE_FEATURES_2(pBase);
1720	uint64_t const fGst = CPUM_VMX_MAKE_FEATURES_2(pGst);
1721	if ((fBase \| fGst) != fBase)
1722	{
1723	uint64_t const fDiff = fBase ^ fGst;
1724	LogRel(("CPUM: VMX features (2) now exposed to the guest are incompatible with those from the saved state. fBase=%#RX64 fGst=%#RX64 fDiff=%#RX64\n",
1725	fBase, fGst, fDiff));
1726	return false;
1727	}
1728	}
1729	#undef CPUM_VMX_FEAT_SHIFT
1730	#undef CPUM_VMX_MAKE_FEATURES_1
1731	#undef CPUM_VMX_MAKE_FEATURES_2
1732
1733	return true;
1734	}
1735
1736
1737	/**
1738	* Initializes VMX guest features and MSRs.
1739	*
1740	* @param pVM The cross context VM structure.
1741	* @param pCpumCfg The CPUM CFGM configuration node.
1742	* @param pHostVmxMsrs The host VMX MSRs. Pass NULL when fully emulating VMX
1743	* and no hardware-assisted nested-guest execution is
1744	* possible for this VM.
1745	* @param pGuestVmxMsrs Where to store the initialized guest VMX MSRs.
1746	*/
1747	void cpumR3InitVmxGuestFeaturesAndMsrs(PVM pVM, PCFGMNODE pCpumCfg, PCVMXMSRS pHostVmxMsrs, PVMXMSRS pGuestVmxMsrs)
1748	{
1749	Assert(pVM);
1750	Assert(pCpumCfg);
1751	Assert(pGuestVmxMsrs);
1752
1753	/*
1754	* Query VMX features from CFGM.
1755	*/
1756	bool fVmxPreemptTimer;
1757	bool fVmxEpt;
1758	bool fVmxUnrestrictedGuest;
1759	{
1760	/** @cfgm{/CPUM/NestedVmxPreemptTimer, bool, true}
1761	* Whether to expose the VMX-preemption timer feature to the guest (if also
1762	* supported by the host hardware). When disabled will prevent exposing the
1763	* VMX-preemption timer feature to the guest even if the host supports it.
1764	*
1765	* @todo Currently disabled, see @bugref{9180#c108}.
1766	*/
1767	int rc = CFGMR3QueryBoolDef(pCpumCfg, "NestedVmxPreemptTimer", &fVmxPreemptTimer, false);
1768	AssertLogRelRCReturnVoid(rc);
1769
1770	#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
1771	/** @cfgm{/CPUM/NestedVmxEpt, bool, true}
1772	* Whether to expose the EPT feature to the guest. The default is true.
1773	* When disabled will automatically prevent exposing features that rely
1774	* on it. This is dependent upon nested paging being enabled for the VM.
1775	*/
1776	rc = CFGMR3QueryBoolDef(pCpumCfg, "NestedVmxEpt", &fVmxEpt, true);
1777	AssertLogRelRCReturnVoid(rc);
1778
1779	/** @cfgm{/CPUM/NestedVmxUnrestrictedGuest, bool, true}
1780	* Whether to expose the Unrestricted Guest feature to the guest. The
1781	* default is the same a /CPUM/Nested/VmxEpt. When disabled will
1782	* automatically prevent exposing features that rely on it.
1783	*/
1784	rc = CFGMR3QueryBoolDef(pCpumCfg, "NestedVmxUnrestrictedGuest", &fVmxUnrestrictedGuest, fVmxEpt);
1785	AssertLogRelRCReturnVoid(rc);
1786	#else
1787	fVmxEpt = fVmxUnrestrictedGuest = false;
1788	#endif
1789	}
1790
1791	if (fVmxEpt)
1792	{
1793	const char *pszWhy = NULL;
1794	if (!VM_IS_HM_ENABLED(pVM) && !VM_IS_EXEC_ENGINE_IEM(pVM))
1795	pszWhy = "execution engine is neither HM nor IEM";
1796	else if (VM_IS_HM_ENABLED(pVM) && !HMIsNestedPagingActive(pVM))
1797	pszWhy = "nested paging is not enabled for the VM or it is not supported by the host";
1798	else if (VM_IS_HM_ENABLED(pVM) && !pVM->cpum.s.HostFeatures.fNoExecute)
1799	pszWhy = "NX is not available on the host";
1800	if (pszWhy)
1801	{
1802	LogRel(("CPUM: Warning! EPT not exposed to the guest because %s\n", pszWhy));
1803	fVmxEpt = false;
1804	}
1805	}
1806	else if (fVmxUnrestrictedGuest)
1807	{
1808	LogRel(("CPUM: Warning! Can't expose \"Unrestricted Guest\" to the guest when EPT is not exposed!\n"));
1809	fVmxUnrestrictedGuest = false;
1810	}
1811
1812	/*
1813	* Initialize the set of VMX features we emulate.
1814	*
1815	* Note! Some bits might be reported as 1 always if they fall under the
1816	* default1 class bits (e.g. fVmxEntryLoadDebugCtls), see @bugref{9180#c5}.
1817	*/
1818	CPUMFEATURES EmuFeat;
1819	RT_ZERO(EmuFeat);
1820	EmuFeat.fVmx = 1;
1821	EmuFeat.fVmxInsOutInfo = 1;
1822	EmuFeat.fVmxExtIntExit = 1;
1823	EmuFeat.fVmxNmiExit = 1;
1824	EmuFeat.fVmxVirtNmi = 1;
1825	EmuFeat.fVmxPreemptTimer = fVmxPreemptTimer;
1826	EmuFeat.fVmxPostedInt = 0;
1827	EmuFeat.fVmxIntWindowExit = 1;
1828	EmuFeat.fVmxTscOffsetting = 1;
1829	EmuFeat.fVmxHltExit = 1;
1830	EmuFeat.fVmxInvlpgExit = 1;
1831	EmuFeat.fVmxMwaitExit = 1;
1832	EmuFeat.fVmxRdpmcExit = 1;
1833	EmuFeat.fVmxRdtscExit = 1;
1834	EmuFeat.fVmxCr3LoadExit = 1;
1835	EmuFeat.fVmxCr3StoreExit = 1;
1836	EmuFeat.fVmxTertiaryExecCtls = 0;
1837	EmuFeat.fVmxCr8LoadExit = 1;
1838	EmuFeat.fVmxCr8StoreExit = 1;
1839	EmuFeat.fVmxUseTprShadow = 1;
1840	EmuFeat.fVmxNmiWindowExit = 1;
1841	EmuFeat.fVmxMovDRxExit = 1;
1842	EmuFeat.fVmxUncondIoExit = 1;
1843	EmuFeat.fVmxUseIoBitmaps = 1;
1844	EmuFeat.fVmxMonitorTrapFlag = 0;
1845	EmuFeat.fVmxUseMsrBitmaps = 1;
1846	EmuFeat.fVmxMonitorExit = 1;
1847	EmuFeat.fVmxPauseExit = 1;
1848	EmuFeat.fVmxSecondaryExecCtls = 1;
1849	EmuFeat.fVmxVirtApicAccess = 1;
1850	EmuFeat.fVmxEpt = fVmxEpt;
1851	EmuFeat.fVmxDescTableExit = 1;
1852	EmuFeat.fVmxRdtscp = 1;
1853	EmuFeat.fVmxVirtX2ApicMode = 0;
1854	EmuFeat.fVmxVpid = 1;
1855	EmuFeat.fVmxWbinvdExit = 1;
1856	EmuFeat.fVmxUnrestrictedGuest = fVmxUnrestrictedGuest;
1857	EmuFeat.fVmxApicRegVirt = 0;
1858	EmuFeat.fVmxVirtIntDelivery = 0;
1859	EmuFeat.fVmxPauseLoopExit = 1;
1860	EmuFeat.fVmxRdrandExit = 0;
1861	EmuFeat.fVmxInvpcid = 1;
1862	EmuFeat.fVmxVmFunc = 0;
1863	EmuFeat.fVmxVmcsShadowing = 0;
1864	EmuFeat.fVmxRdseedExit = 0;
1865	EmuFeat.fVmxPml = 0;
1866	EmuFeat.fVmxEptXcptVe = 0;
1867	EmuFeat.fVmxConcealVmxFromPt = 0;
1868	EmuFeat.fVmxXsavesXrstors = 0;
1869	EmuFeat.fVmxModeBasedExecuteEpt = 0;
1870	EmuFeat.fVmxSppEpt = 0;
1871	EmuFeat.fVmxPtEpt = 0;
1872	EmuFeat.fVmxUseTscScaling = 0;
1873	EmuFeat.fVmxUserWaitPause = 0;
1874	EmuFeat.fVmxEnclvExit = 0;
1875	EmuFeat.fVmxLoadIwKeyExit = 0;
1876	EmuFeat.fVmxEntryLoadDebugCtls = 1;
1877	EmuFeat.fVmxIa32eModeGuest = 1;
1878	EmuFeat.fVmxEntryLoadEferMsr = 1;
1879	EmuFeat.fVmxEntryLoadPatMsr = 1;
1880	EmuFeat.fVmxExitSaveDebugCtls = 1;
1881	EmuFeat.fVmxHostAddrSpaceSize = 1;
1882	EmuFeat.fVmxExitAckExtInt = 1;
1883	EmuFeat.fVmxExitSavePatMsr = 0;
1884	EmuFeat.fVmxExitLoadPatMsr = 1;
1885	EmuFeat.fVmxExitSaveEferMsr = 1;
1886	EmuFeat.fVmxExitLoadEferMsr = 1;
1887	EmuFeat.fVmxSavePreemptTimer = 0; /* Cannot be enabled if VMX-preemption timer is disabled. */
1888	EmuFeat.fVmxSecondaryExitCtls = 0;
1889	EmuFeat.fVmxExitSaveEferLma = 1; /* Cannot be disabled if unrestricted guest is enabled. */
1890	EmuFeat.fVmxPt = 0;
1891	EmuFeat.fVmxVmwriteAll = 0; /** @todo NSTVMX: enable this when nested VMCS shadowing is enabled. */
1892	EmuFeat.fVmxEntryInjectSoftInt = 1;
1893
1894	/*
1895	* Merge guest features.
1896	*
1897	* When hardware-assisted VMX may be used, any feature we emulate must also be supported
1898	* by the hardware, hence we merge our emulated features with the host features below.
1899	*/
1900	PCCPUMFEATURES pBaseFeat = cpumR3IsHwAssistNstGstExecAllowed(pVM) ? &pVM->cpum.s.HostFeatures : &EmuFeat;
1901	PCPUMFEATURES pGuestFeat = &pVM->cpum.s.GuestFeatures;
1902	Assert(pBaseFeat->fVmx);
1903	pGuestFeat->fVmxInsOutInfo = (pBaseFeat->fVmxInsOutInfo & EmuFeat.fVmxInsOutInfo );
1904	pGuestFeat->fVmxExtIntExit = (pBaseFeat->fVmxExtIntExit & EmuFeat.fVmxExtIntExit );
1905	pGuestFeat->fVmxNmiExit = (pBaseFeat->fVmxNmiExit & EmuFeat.fVmxNmiExit );
1906	pGuestFeat->fVmxVirtNmi = (pBaseFeat->fVmxVirtNmi & EmuFeat.fVmxVirtNmi );
1907	pGuestFeat->fVmxPreemptTimer = (pBaseFeat->fVmxPreemptTimer & EmuFeat.fVmxPreemptTimer );
1908	pGuestFeat->fVmxPostedInt = (pBaseFeat->fVmxPostedInt & EmuFeat.fVmxPostedInt );
1909	pGuestFeat->fVmxIntWindowExit = (pBaseFeat->fVmxIntWindowExit & EmuFeat.fVmxIntWindowExit );
1910	pGuestFeat->fVmxTscOffsetting = (pBaseFeat->fVmxTscOffsetting & EmuFeat.fVmxTscOffsetting );
1911	pGuestFeat->fVmxHltExit = (pBaseFeat->fVmxHltExit & EmuFeat.fVmxHltExit );
1912	pGuestFeat->fVmxInvlpgExit = (pBaseFeat->fVmxInvlpgExit & EmuFeat.fVmxInvlpgExit );
1913	pGuestFeat->fVmxMwaitExit = (pBaseFeat->fVmxMwaitExit & EmuFeat.fVmxMwaitExit );
1914	pGuestFeat->fVmxRdpmcExit = (pBaseFeat->fVmxRdpmcExit & EmuFeat.fVmxRdpmcExit );
1915	pGuestFeat->fVmxRdtscExit = (pBaseFeat->fVmxRdtscExit & EmuFeat.fVmxRdtscExit );
1916	pGuestFeat->fVmxCr3LoadExit = (pBaseFeat->fVmxCr3LoadExit & EmuFeat.fVmxCr3LoadExit );
1917	pGuestFeat->fVmxCr3StoreExit = (pBaseFeat->fVmxCr3StoreExit & EmuFeat.fVmxCr3StoreExit );
1918	pGuestFeat->fVmxTertiaryExecCtls = (pBaseFeat->fVmxTertiaryExecCtls & EmuFeat.fVmxTertiaryExecCtls );
1919	pGuestFeat->fVmxCr8LoadExit = (pBaseFeat->fVmxCr8LoadExit & EmuFeat.fVmxCr8LoadExit );
1920	pGuestFeat->fVmxCr8StoreExit = (pBaseFeat->fVmxCr8StoreExit & EmuFeat.fVmxCr8StoreExit );
1921	pGuestFeat->fVmxUseTprShadow = (pBaseFeat->fVmxUseTprShadow & EmuFeat.fVmxUseTprShadow );
1922	pGuestFeat->fVmxNmiWindowExit = (pBaseFeat->fVmxNmiWindowExit & EmuFeat.fVmxNmiWindowExit );
1923	pGuestFeat->fVmxMovDRxExit = (pBaseFeat->fVmxMovDRxExit & EmuFeat.fVmxMovDRxExit );
1924	pGuestFeat->fVmxUncondIoExit = (pBaseFeat->fVmxUncondIoExit & EmuFeat.fVmxUncondIoExit );
1925	pGuestFeat->fVmxUseIoBitmaps = (pBaseFeat->fVmxUseIoBitmaps & EmuFeat.fVmxUseIoBitmaps );
1926	pGuestFeat->fVmxMonitorTrapFlag = (pBaseFeat->fVmxMonitorTrapFlag & EmuFeat.fVmxMonitorTrapFlag );
1927	pGuestFeat->fVmxUseMsrBitmaps = (pBaseFeat->fVmxUseMsrBitmaps & EmuFeat.fVmxUseMsrBitmaps );
1928	pGuestFeat->fVmxMonitorExit = (pBaseFeat->fVmxMonitorExit & EmuFeat.fVmxMonitorExit );
1929	pGuestFeat->fVmxPauseExit = (pBaseFeat->fVmxPauseExit & EmuFeat.fVmxPauseExit );
1930	pGuestFeat->fVmxSecondaryExecCtls = (pBaseFeat->fVmxSecondaryExecCtls & EmuFeat.fVmxSecondaryExecCtls );
1931	pGuestFeat->fVmxVirtApicAccess = (pBaseFeat->fVmxVirtApicAccess & EmuFeat.fVmxVirtApicAccess );
1932	pGuestFeat->fVmxEpt = (pBaseFeat->fVmxEpt & EmuFeat.fVmxEpt );
1933	pGuestFeat->fVmxDescTableExit = (pBaseFeat->fVmxDescTableExit & EmuFeat.fVmxDescTableExit );
1934	pGuestFeat->fVmxRdtscp = (pBaseFeat->fVmxRdtscp & EmuFeat.fVmxRdtscp );
1935	pGuestFeat->fVmxVirtX2ApicMode = (pBaseFeat->fVmxVirtX2ApicMode & EmuFeat.fVmxVirtX2ApicMode );
1936	pGuestFeat->fVmxVpid = (pBaseFeat->fVmxVpid & EmuFeat.fVmxVpid );
1937	pGuestFeat->fVmxWbinvdExit = (pBaseFeat->fVmxWbinvdExit & EmuFeat.fVmxWbinvdExit );
1938	pGuestFeat->fVmxUnrestrictedGuest = (pBaseFeat->fVmxUnrestrictedGuest & EmuFeat.fVmxUnrestrictedGuest );
1939	pGuestFeat->fVmxApicRegVirt = (pBaseFeat->fVmxApicRegVirt & EmuFeat.fVmxApicRegVirt );
1940	pGuestFeat->fVmxVirtIntDelivery = (pBaseFeat->fVmxVirtIntDelivery & EmuFeat.fVmxVirtIntDelivery );
1941	pGuestFeat->fVmxPauseLoopExit = (pBaseFeat->fVmxPauseLoopExit & EmuFeat.fVmxPauseLoopExit );
1942	pGuestFeat->fVmxRdrandExit = (pBaseFeat->fVmxRdrandExit & EmuFeat.fVmxRdrandExit );
1943	pGuestFeat->fVmxInvpcid = (pBaseFeat->fVmxInvpcid & EmuFeat.fVmxInvpcid );
1944	pGuestFeat->fVmxVmFunc = (pBaseFeat->fVmxVmFunc & EmuFeat.fVmxVmFunc );
1945	pGuestFeat->fVmxVmcsShadowing = (pBaseFeat->fVmxVmcsShadowing & EmuFeat.fVmxVmcsShadowing );
1946	pGuestFeat->fVmxRdseedExit = (pBaseFeat->fVmxRdseedExit & EmuFeat.fVmxRdseedExit );
1947	pGuestFeat->fVmxPml = (pBaseFeat->fVmxPml & EmuFeat.fVmxPml );
1948	pGuestFeat->fVmxEptXcptVe = (pBaseFeat->fVmxEptXcptVe & EmuFeat.fVmxEptXcptVe );
1949	pGuestFeat->fVmxConcealVmxFromPt = (pBaseFeat->fVmxConcealVmxFromPt & EmuFeat.fVmxConcealVmxFromPt );
1950	pGuestFeat->fVmxXsavesXrstors = (pBaseFeat->fVmxXsavesXrstors & EmuFeat.fVmxXsavesXrstors );
1951	pGuestFeat->fVmxModeBasedExecuteEpt = (pBaseFeat->fVmxModeBasedExecuteEpt & EmuFeat.fVmxModeBasedExecuteEpt );
1952	pGuestFeat->fVmxSppEpt = (pBaseFeat->fVmxSppEpt & EmuFeat.fVmxSppEpt );
1953	pGuestFeat->fVmxPtEpt = (pBaseFeat->fVmxPtEpt & EmuFeat.fVmxPtEpt );
1954	pGuestFeat->fVmxUseTscScaling = (pBaseFeat->fVmxUseTscScaling & EmuFeat.fVmxUseTscScaling );
1955	pGuestFeat->fVmxUserWaitPause = (pBaseFeat->fVmxUserWaitPause & EmuFeat.fVmxUserWaitPause );
1956	pGuestFeat->fVmxEnclvExit = (pBaseFeat->fVmxEnclvExit & EmuFeat.fVmxEnclvExit );
1957	pGuestFeat->fVmxLoadIwKeyExit = (pBaseFeat->fVmxLoadIwKeyExit & EmuFeat.fVmxLoadIwKeyExit );
1958	pGuestFeat->fVmxEntryLoadDebugCtls = (pBaseFeat->fVmxEntryLoadDebugCtls & EmuFeat.fVmxEntryLoadDebugCtls );
1959	pGuestFeat->fVmxIa32eModeGuest = (pBaseFeat->fVmxIa32eModeGuest & EmuFeat.fVmxIa32eModeGuest );
1960	pGuestFeat->fVmxEntryLoadEferMsr = (pBaseFeat->fVmxEntryLoadEferMsr & EmuFeat.fVmxEntryLoadEferMsr );
1961	pGuestFeat->fVmxEntryLoadPatMsr = (pBaseFeat->fVmxEntryLoadPatMsr & EmuFeat.fVmxEntryLoadPatMsr );
1962	pGuestFeat->fVmxExitSaveDebugCtls = (pBaseFeat->fVmxExitSaveDebugCtls & EmuFeat.fVmxExitSaveDebugCtls );
1963	pGuestFeat->fVmxHostAddrSpaceSize = (pBaseFeat->fVmxHostAddrSpaceSize & EmuFeat.fVmxHostAddrSpaceSize );
1964	pGuestFeat->fVmxExitAckExtInt = (pBaseFeat->fVmxExitAckExtInt & EmuFeat.fVmxExitAckExtInt );
1965	pGuestFeat->fVmxExitSavePatMsr = (pBaseFeat->fVmxExitSavePatMsr & EmuFeat.fVmxExitSavePatMsr );
1966	pGuestFeat->fVmxExitLoadPatMsr = (pBaseFeat->fVmxExitLoadPatMsr & EmuFeat.fVmxExitLoadPatMsr );
1967	pGuestFeat->fVmxExitSaveEferMsr = (pBaseFeat->fVmxExitSaveEferMsr & EmuFeat.fVmxExitSaveEferMsr );
1968	pGuestFeat->fVmxExitLoadEferMsr = (pBaseFeat->fVmxExitLoadEferMsr & EmuFeat.fVmxExitLoadEferMsr );
1969	pGuestFeat->fVmxSavePreemptTimer = (pBaseFeat->fVmxSavePreemptTimer & EmuFeat.fVmxSavePreemptTimer );
1970	pGuestFeat->fVmxSecondaryExitCtls = (pBaseFeat->fVmxSecondaryExitCtls & EmuFeat.fVmxSecondaryExitCtls );
1971	pGuestFeat->fVmxExitSaveEferLma = (pBaseFeat->fVmxExitSaveEferLma & EmuFeat.fVmxExitSaveEferLma );
1972	pGuestFeat->fVmxPt = (pBaseFeat->fVmxPt & EmuFeat.fVmxPt );
1973	pGuestFeat->fVmxVmwriteAll = (pBaseFeat->fVmxVmwriteAll & EmuFeat.fVmxVmwriteAll );
1974	pGuestFeat->fVmxEntryInjectSoftInt = (pBaseFeat->fVmxEntryInjectSoftInt & EmuFeat.fVmxEntryInjectSoftInt );
1975
1976	#if defined(RT_ARCH_AMD64) \|\| defined(RT_ARCH_X86)
1977	/* Don't expose VMX preemption timer if host is subject to VMX-preemption timer erratum. */
1978	if ( pGuestFeat->fVmxPreemptTimer
1979	&& HMIsSubjectToVmxPreemptTimerErratum())
1980	{
1981	LogRel(("CPUM: Warning! VMX-preemption timer not exposed to guest due to host CPU erratum\n"));
1982	pGuestFeat->fVmxPreemptTimer = 0;
1983	pGuestFeat->fVmxSavePreemptTimer = 0;
1984	}
1985	#endif
1986
1987	/* Sanity checking. */
1988	if (!pGuestFeat->fVmxSecondaryExecCtls)
1989	{
1990	Assert(!pGuestFeat->fVmxVirtApicAccess);
1991	Assert(!pGuestFeat->fVmxEpt);
1992	Assert(!pGuestFeat->fVmxDescTableExit);
1993	Assert(!pGuestFeat->fVmxRdtscp);
1994	Assert(!pGuestFeat->fVmxVirtX2ApicMode);
1995	Assert(!pGuestFeat->fVmxVpid);
1996	Assert(!pGuestFeat->fVmxWbinvdExit);
1997	Assert(!pGuestFeat->fVmxUnrestrictedGuest);
1998	Assert(!pGuestFeat->fVmxApicRegVirt);
1999	Assert(!pGuestFeat->fVmxVirtIntDelivery);
2000	Assert(!pGuestFeat->fVmxPauseLoopExit);
2001	Assert(!pGuestFeat->fVmxRdrandExit);
2002	Assert(!pGuestFeat->fVmxInvpcid);
2003	Assert(!pGuestFeat->fVmxVmFunc);
2004	Assert(!pGuestFeat->fVmxVmcsShadowing);
2005	Assert(!pGuestFeat->fVmxRdseedExit);
2006	Assert(!pGuestFeat->fVmxPml);
2007	Assert(!pGuestFeat->fVmxEptXcptVe);
2008	Assert(!pGuestFeat->fVmxConcealVmxFromPt);
2009	Assert(!pGuestFeat->fVmxXsavesXrstors);
2010	Assert(!pGuestFeat->fVmxModeBasedExecuteEpt);
2011	Assert(!pGuestFeat->fVmxSppEpt);
2012	Assert(!pGuestFeat->fVmxPtEpt);
2013	Assert(!pGuestFeat->fVmxUseTscScaling);
2014	Assert(!pGuestFeat->fVmxUserWaitPause);
2015	Assert(!pGuestFeat->fVmxEnclvExit);
2016	}
2017	else if (pGuestFeat->fVmxUnrestrictedGuest)
2018	{
2019	/* See footnote in Intel spec. 27.2 "Recording VM-Exit Information And Updating VM-entry Control Fields". */
2020	Assert(pGuestFeat->fVmxExitSaveEferLma);
2021	/* Unrestricted guest execution requires EPT. See Intel spec. 25.2.1.1 "VM-Execution Control Fields". */
2022	Assert(pGuestFeat->fVmxEpt);
2023	}
2024
2025	if (!pGuestFeat->fVmxTertiaryExecCtls)
2026	Assert(!pGuestFeat->fVmxLoadIwKeyExit);
2027
2028	/*
2029	* Finally initialize the VMX guest MSRs.
2030	*/
2031	cpumR3InitVmxGuestMsrs(pVM, pHostVmxMsrs, pGuestFeat, pGuestVmxMsrs);
2032	}
2033
2034
2035	/**
2036	* Gets the host hardware-virtualization MSRs.
2037	*
2038	* @returns VBox status code.
2039	* @param pMsrs Where to store the MSRs.
2040	*/
2041	static int cpumR3GetHostHwvirtMsrs(PCPUMMSRS pMsrs)
2042	{
2043	Assert(pMsrs);
2044
2045	uint32_t fCaps = 0;
2046	int rc = SUPR3QueryVTCaps(&fCaps);
2047	if (RT_SUCCESS(rc))
2048	{
2049	if (fCaps & (SUPVTCAPS_VT_X \| SUPVTCAPS_AMD_V))
2050	{
2051	SUPHWVIRTMSRS HwvirtMsrs;
2052	rc = SUPR3GetHwvirtMsrs(&HwvirtMsrs, false /* fForceRequery */);
2053	if (RT_SUCCESS(rc))
2054	{
2055	if (fCaps & SUPVTCAPS_VT_X)
2056	HMGetVmxMsrsFromHwvirtMsrs(&HwvirtMsrs, &pMsrs->hwvirt.vmx);
2057	else
2058	HMGetSvmMsrsFromHwvirtMsrs(&HwvirtMsrs, &pMsrs->hwvirt.svm);
2059	return VINF_SUCCESS;
2060	}
2061
2062	LogRel(("CPUM: Querying hardware-virtualization MSRs failed. rc=%Rrc\n", rc));
2063	return rc;
2064	}
2065
2066	LogRel(("CPUM: Querying hardware-virtualization capability succeeded but did not find VT-x or AMD-V\n"));
2067	return VERR_INTERNAL_ERROR_5;
2068	}
2069
2070	LogRel(("CPUM: No hardware-virtualization capability detected\n"));
2071	return VINF_SUCCESS;
2072	}
2073
2074
2075	/**
2076	* @callback_method_impl{FNTMTIMERINT,
2077	* Callback that fires when the nested VMX-preemption timer expired.}
2078	*/
2079	static DECLCALLBACK(void) cpumR3VmxPreemptTimerCallback(PVM pVM, TMTIMERHANDLE hTimer, void *pvUser)
2080	{
2081	RT_NOREF(pVM, hTimer);
2082	PVMCPU pVCpu = (PVMCPUR3)pvUser;
2083	AssertPtr(pVCpu);
2084	VMCPU_FF_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER);
2085	}
2086
2087
2088	/**
2089	* Initializes the CPUM.
2090	*
2091	* @returns VBox status code.
2092	* @param pVM The cross context VM structure.
2093	*/
2094	VMMR3DECL(int) CPUMR3Init(PVM pVM)
2095	{
2096	LogFlow(("CPUMR3Init\n"));
2097
2098	/*
2099	* Assert alignment, sizes and tables.
2100	*/
2101	AssertCompileMemberAlignment(VM, cpum.s, 32);
2102	AssertCompile(sizeof(pVM->cpum.s) <= sizeof(pVM->cpum.padding));
2103	AssertCompileSizeAlignment(CPUMCTX, 64);
2104	AssertCompileSizeAlignment(CPUMCTXMSRS, 64);
2105	AssertCompileSizeAlignment(CPUMHOSTCTX, 64);
2106	AssertCompileMemberAlignment(VM, cpum, 64);
2107	AssertCompileMemberAlignment(VMCPU, cpum.s, 64);
2108	#ifdef VBOX_STRICT
2109	int rc2 = cpumR3MsrStrictInitChecks();
2110	AssertRCReturn(rc2, rc2);
2111	#endif
2112
2113	/*
2114	* Gather info about the host CPU.
2115	*/
2116	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
2117	if (!ASMHasCpuId())
2118	{
2119	LogRel(("The CPU doesn't support CPUID!\n"));
2120	return VERR_UNSUPPORTED_CPU;
2121	}
2122
2123	pVM->cpum.s.fHostMxCsrMask = CPUMR3DeterminHostMxCsrMask();
2124	#endif
2125
2126	CPUMMSRS HostMsrs;
2127	RT_ZERO(HostMsrs);
2128	int rc = cpumR3GetHostHwvirtMsrs(&HostMsrs);
2129	AssertLogRelRCReturn(rc, rc);
2130
2131	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
2132	/* Use the host features detected by CPUMR0ModuleInit if available. */
2133	if (pVM->cpum.s.HostFeatures.enmCpuVendor != CPUMCPUVENDOR_INVALID)
2134	g_CpumHostFeatures.s = pVM->cpum.s.HostFeatures;
2135	else
2136	{
2137	PCPUMCPUIDLEAF paLeaves;
2138	uint32_t cLeaves;
2139	rc = CPUMCpuIdCollectLeavesX86(&paLeaves, &cLeaves);
2140	AssertLogRelRCReturn(rc, rc);
2141
2142	rc = cpumCpuIdExplodeFeaturesX86(paLeaves, cLeaves, &HostMsrs, &g_CpumHostFeatures.s);
2143	RTMemFree(paLeaves);
2144	AssertLogRelRCReturn(rc, rc);
2145	}
2146	pVM->cpum.s.HostFeatures = g_CpumHostFeatures.s;
2147	pVM->cpum.s.GuestFeatures.enmCpuVendor = pVM->cpum.s.HostFeatures.enmCpuVendor;
2148	#endif
2149
2150	/*
2151	* Check that the CPU supports the minimum features we require.
2152	*/
2153	#if defined(RT_ARCH_AMD64) \|\| defined(RT_ARCH_X86)
2154	if (!pVM->cpum.s.HostFeatures.fFxSaveRstor)
2155	return VMSetError(pVM, VERR_UNSUPPORTED_CPU, RT_SRC_POS, "Host CPU does not support the FXSAVE/FXRSTOR instruction.");
2156	if (!pVM->cpum.s.HostFeatures.fMmx)
2157	return VMSetError(pVM, VERR_UNSUPPORTED_CPU, RT_SRC_POS, "Host CPU does not support MMX.");
2158	if (!pVM->cpum.s.HostFeatures.fTsc)
2159	return VMSetError(pVM, VERR_UNSUPPORTED_CPU, RT_SRC_POS, "Host CPU does not support RDTSC.");
2160	#endif
2161
2162	/*
2163	* Setup the CR4 AND and OR masks used in the raw-mode switcher.
2164	*/
2165	pVM->cpum.s.CR4.AndMask = X86_CR4_OSXMMEEXCPT \| X86_CR4_PVI \| X86_CR4_VME;
2166	pVM->cpum.s.CR4.OrMask = X86_CR4_OSFXSR;
2167
2168	/*
2169	* Figure out which XSAVE/XRSTOR features are available on the host.
2170	*/
2171	uint64_t fXcr0Host = 0;
2172	uint64_t fXStateHostMask = 0;
2173	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
2174	if ( pVM->cpum.s.HostFeatures.fXSaveRstor
2175	&& pVM->cpum.s.HostFeatures.fOpSysXSaveRstor)
2176	{
2177	fXStateHostMask = fXcr0Host = ASMGetXcr0();
2178	fXStateHostMask &= XSAVE_C_X87 \| XSAVE_C_SSE \| XSAVE_C_YMM \| XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI;
2179	AssertLogRelMsgStmt((fXStateHostMask & (XSAVE_C_X87 \| XSAVE_C_SSE)) == (XSAVE_C_X87 \| XSAVE_C_SSE),
2180	("%#llx\n", fXStateHostMask), fXStateHostMask = 0);
2181	}
2182	#endif
2183	pVM->cpum.s.fXStateHostMask = fXStateHostMask;
2184	LogRel(("CPUM: fXStateHostMask=%#llx; initial: %#llx; host XCR0=%#llx\n",
2185	pVM->cpum.s.fXStateHostMask, fXStateHostMask, fXcr0Host));
2186
2187	/*
2188	* Initialize the host XSAVE/XRSTOR mask.
2189	*/
2190	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
2191	uint32_t cbMaxXState = pVM->cpum.s.HostFeatures.cbMaxExtendedState;
2192	cbMaxXState = RT_ALIGN(cbMaxXState, 128);
2193	AssertLogRelReturn( pVM->cpum.s.HostFeatures.cbMaxExtendedState >= sizeof(X86FXSTATE)
2194	&& pVM->cpum.s.HostFeatures.cbMaxExtendedState <= sizeof(pVM->apCpusR3[0]->cpum.s.Host.XState)
2195	&& pVM->cpum.s.HostFeatures.cbMaxExtendedState <= sizeof(pVM->apCpusR3[0]->cpum.s.Guest.XState)
2196	, VERR_CPUM_IPE_2);
2197	#endif
2198
2199	for (VMCPUID i = 0; i < pVM->cCpus; i++)
2200	{
2201	PVMCPU pVCpu = pVM->apCpusR3[i];
2202
2203	pVCpu->cpum.s.Host.fXStateMask = fXStateHostMask;
2204	pVCpu->cpum.s.hNestedVmxPreemptTimer = NIL_TMTIMERHANDLE;
2205	}
2206
2207	/*
2208	* Register saved state data item.
2209	*/
2210	rc = SSMR3RegisterInternal(pVM, "cpum", 1, CPUM_SAVED_STATE_VERSION, sizeof(CPUM),
2211	NULL, cpumR3LiveExec, NULL,
2212	NULL, cpumR3SaveExec, NULL,
2213	cpumR3LoadPrep, cpumR3LoadExec, cpumR3LoadDone);
2214	if (RT_FAILURE(rc))
2215	return rc;
2216
2217	/*
2218	* Register info handlers and registers with the debugger facility.
2219	*/
2220	DBGFR3InfoRegisterInternalEx(pVM, "cpum", "Displays the all the cpu states.",
2221	&cpumR3InfoAll, DBGFINFO_FLAGS_ALL_EMTS);
2222	DBGFR3InfoRegisterInternalEx(pVM, "cpumguest", "Displays the guest cpu state.",
2223	&cpumR3InfoGuest, DBGFINFO_FLAGS_ALL_EMTS);
2224	DBGFR3InfoRegisterInternalEx(pVM, "cpumguesthwvirt", "Displays the guest hwvirt. cpu state.",
2225	&cpumR3InfoGuestHwvirt, DBGFINFO_FLAGS_ALL_EMTS);
2226	DBGFR3InfoRegisterInternalEx(pVM, "cpumhyper", "Displays the hypervisor cpu state.",
2227	&cpumR3InfoHyper, DBGFINFO_FLAGS_ALL_EMTS);
2228	DBGFR3InfoRegisterInternalEx(pVM, "cpumhost", "Displays the host cpu state.",
2229	&cpumR3InfoHost, DBGFINFO_FLAGS_ALL_EMTS);
2230	DBGFR3InfoRegisterInternalEx(pVM, "cpumguestinstr", "Displays the current guest instruction.",
2231	&cpumR3InfoGuestInstr, DBGFINFO_FLAGS_ALL_EMTS);
2232	DBGFR3InfoRegisterInternal( pVM, "cpuid", "Displays the guest cpuid leaves.",
2233	&cpumR3CpuIdInfo);
2234	DBGFR3InfoRegisterInternal( pVM, "cpumvmxfeat", "Displays the host and guest VMX hwvirt. features.",
2235	&cpumR3InfoVmxFeatures);
2236
2237	rc = cpumR3DbgInit(pVM);
2238	if (RT_FAILURE(rc))
2239	return rc;
2240
2241	#if defined(RT_ARCH_X86) \|\| defined(RT_ARCH_AMD64)
2242	/*
2243	* Check if we need to workaround partial/leaky FPU handling.
2244	*/
2245	cpumR3CheckLeakyFpu(pVM);
2246	#endif
2247
2248	/*
2249	* Initialize the Guest CPUID and MSR states.
2250	*/
2251	rc = cpumR3InitCpuIdAndMsrs(pVM, &HostMsrs);
2252	if (RT_FAILURE(rc))
2253	return rc;
2254
2255	/*
2256	* Generate the RFLAGS cookie.
2257	*/
2258	pVM->cpum.s.fReservedRFlagsCookie = RTRandU64() & ~(CPUMX86EFLAGS_HW_MASK_64 \| CPUMX86EFLAGS_INT_MASK_64);
2259
2260	/*
2261	* Init the VMX/SVM state.
2262	*
2263	* This must be done after initializing CPUID/MSR features as we access the
2264	* the VMX/SVM guest features below.
2265	*
2266	* In the case of nested VT-x, we also need to create the per-VCPU
2267	* VMX preemption timers.
2268	*/
2269	if (pVM->cpum.s.GuestFeatures.fVmx)
2270	cpumR3InitVmxHwVirtState(pVM);
2271	else if (pVM->cpum.s.GuestFeatures.fSvm)
2272	cpumR3InitSvmHwVirtState(pVM);
2273	else
2274	Assert(pVM->apCpusR3[0]->cpum.s.Guest.hwvirt.enmHwvirt == CPUMHWVIRT_NONE);
2275
2276	/*
2277	* Initialize the general guest CPU state.
2278	*/
2279	CPUMR3Reset(pVM);
2280
2281	return VINF_SUCCESS;
2282	}
2283
2284
2285	/**
2286	* Applies relocations to data and code managed by this
2287	* component. This function will be called at init and
2288	* whenever the VMM need to relocate it self inside the GC.
2289	*
2290	* The CPUM will update the addresses used by the switcher.
2291	*
2292	* @param pVM The cross context VM structure.
2293	*/
2294	VMMR3DECL(void) CPUMR3Relocate(PVM pVM)
2295	{
2296	RT_NOREF(pVM);
2297	}
2298
2299
2300	/**
2301	* Terminates the CPUM.
2302	*
2303	* Termination means cleaning up and freeing all resources,
2304	* the VM it self is at this point powered off or suspended.
2305	*
2306	* @returns VBox status code.
2307	* @param pVM The cross context VM structure.
2308	*/
2309	VMMR3DECL(int) CPUMR3Term(PVM pVM)
2310	{
2311	#ifdef VBOX_WITH_CRASHDUMP_MAGIC
2312	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2313	{
2314	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2315	memset(pVCpu->cpum.s.aMagic, 0, sizeof(pVCpu->cpum.s.aMagic));
2316	pVCpu->cpum.s.uMagic = 0;
2317	pvCpu->cpum.s.Guest.dr[5] = 0;
2318	}
2319	#endif
2320
2321	if (pVM->cpum.s.GuestFeatures.fVmx)
2322	{
2323	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2324	{
2325	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2326	if (pVCpu->cpum.s.hNestedVmxPreemptTimer != NIL_TMTIMERHANDLE)
2327	{
2328	int rc = TMR3TimerDestroy(pVM, pVCpu->cpum.s.hNestedVmxPreemptTimer); AssertRC(rc);
2329	pVCpu->cpum.s.hNestedVmxPreemptTimer = NIL_TMTIMERHANDLE;
2330	}
2331	}
2332	}
2333	return VINF_SUCCESS;
2334	}
2335
2336
2337	/**
2338	* Resets a virtual CPU.
2339	*
2340	* Used by CPUMR3Reset and CPU hot plugging.
2341	*
2342	* @param pVM The cross context VM structure.
2343	* @param pVCpu The cross context virtual CPU structure of the CPU that is
2344	* being reset. This may differ from the current EMT.
2345	*/
2346	VMMR3DECL(void) CPUMR3ResetCpu(PVM pVM, PVMCPU pVCpu)
2347	{
2348	/** @todo anything different for VCPU > 0? */
2349	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
2350
2351	/*
2352	* Initialize everything to ZERO first.
2353	*/
2354	uint32_t fUseFlags = pVCpu->cpum.s.fUseFlags & ~CPUM_USED_FPU_SINCE_REM;
2355
2356	RT_BZERO(pCtx, RT_UOFFSETOF(CPUMCTX, aoffXState));
2357
2358	pVCpu->cpum.s.fUseFlags = fUseFlags;
2359
2360	pCtx->cr0 = X86_CR0_CD \| X86_CR0_NW \| X86_CR0_ET; //0x60000010
2361	pCtx->eip = 0x0000fff0;
2362	pCtx->edx = 0x00000600; /* P6 processor */
2363
2364	Assert((pVM->cpum.s.fReservedRFlagsCookie & (X86_EFL_LIVE_MASK \| X86_EFL_RAZ_LO_MASK \| X86_EFL_RA1_MASK)) == 0);
2365	pCtx->rflags.uBoth = pVM->cpum.s.fReservedRFlagsCookie \| X86_EFL_RA1_MASK;
2366
2367	pCtx->cs.Sel = 0xf000;
2368	pCtx->cs.ValidSel = 0xf000;
2369	pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
2370	pCtx->cs.u64Base = UINT64_C(0xffff0000);
2371	pCtx->cs.u32Limit = 0x0000ffff;
2372	pCtx->cs.Attr.n.u1DescType = 1; /* code/data segment */
2373	pCtx->cs.Attr.n.u1Present = 1;
2374	pCtx->cs.Attr.n.u4Type = X86_SEL_TYPE_ER_ACC;
2375
2376	pCtx->ds.fFlags = CPUMSELREG_FLAGS_VALID;
2377	pCtx->ds.u32Limit = 0x0000ffff;
2378	pCtx->ds.Attr.n.u1DescType = 1; /* code/data segment */
2379	pCtx->ds.Attr.n.u1Present = 1;
2380	pCtx->ds.Attr.n.u4Type = X86_SEL_TYPE_RW_ACC;
2381
2382	pCtx->es.fFlags = CPUMSELREG_FLAGS_VALID;
2383	pCtx->es.u32Limit = 0x0000ffff;
2384	pCtx->es.Attr.n.u1DescType = 1; /* code/data segment */
2385	pCtx->es.Attr.n.u1Present = 1;
2386	pCtx->es.Attr.n.u4Type = X86_SEL_TYPE_RW_ACC;
2387
2388	pCtx->fs.fFlags = CPUMSELREG_FLAGS_VALID;
2389	pCtx->fs.u32Limit = 0x0000ffff;
2390	pCtx->fs.Attr.n.u1DescType = 1; /* code/data segment */
2391	pCtx->fs.Attr.n.u1Present = 1;
2392	pCtx->fs.Attr.n.u4Type = X86_SEL_TYPE_RW_ACC;
2393
2394	pCtx->gs.fFlags = CPUMSELREG_FLAGS_VALID;
2395	pCtx->gs.u32Limit = 0x0000ffff;
2396	pCtx->gs.Attr.n.u1DescType = 1; /* code/data segment */
2397	pCtx->gs.Attr.n.u1Present = 1;
2398	pCtx->gs.Attr.n.u4Type = X86_SEL_TYPE_RW_ACC;
2399
2400	pCtx->ss.fFlags = CPUMSELREG_FLAGS_VALID;
2401	pCtx->ss.u32Limit = 0x0000ffff;
2402	pCtx->ss.Attr.n.u1Present = 1;
2403	pCtx->ss.Attr.n.u1DescType = 1; /* code/data segment */
2404	pCtx->ss.Attr.n.u4Type = X86_SEL_TYPE_RW_ACC;
2405
2406	pCtx->idtr.cbIdt = 0xffff;
2407	pCtx->gdtr.cbGdt = 0xffff;
2408
2409	pCtx->ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
2410	pCtx->ldtr.u32Limit = 0xffff;
2411	pCtx->ldtr.Attr.n.u1Present = 1;
2412	pCtx->ldtr.Attr.n.u4Type = X86_SEL_TYPE_SYS_LDT;
2413
2414	pCtx->tr.fFlags = CPUMSELREG_FLAGS_VALID;
2415	pCtx->tr.u32Limit = 0xffff;
2416	pCtx->tr.Attr.n.u1Present = 1;
2417	pCtx->tr.Attr.n.u4Type = X86_SEL_TYPE_SYS_386_TSS_BUSY; /* Deduction, not properly documented by Intel. */
2418
2419	pCtx->dr[6] = X86_DR6_INIT_VAL;
2420	pCtx->dr[7] = X86_DR7_INIT_VAL;
2421
2422	PX86FXSTATE pFpuCtx = &pCtx->XState.x87;
2423	pFpuCtx->FTW = 0x00; /* All empty (abbridged tag reg edition). */
2424	pFpuCtx->FCW = 0x37f;
2425
2426	/* Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3A, Table 8-1.
2427	IA-32 Processor States Following Power-up, Reset, or INIT */
2428	pFpuCtx->MXCSR = 0x1F80;
2429	pFpuCtx->MXCSR_MASK = pVM->cpum.s.GuestInfo.fMxCsrMask; /** @todo check if REM messes this up... */
2430
2431	pCtx->aXcr[0] = XSAVE_C_X87;
2432	if (pVM->cpum.s.HostFeatures.cbMaxExtendedState >= RT_UOFFSETOF(X86XSAVEAREA, Hdr))
2433	{
2434	/* The entire FXSAVE state needs loading when we switch to XSAVE/XRSTOR
2435	as we don't know what happened before. (Bother optimize later?) */
2436	pCtx->XState.Hdr.bmXState = XSAVE_C_X87 \| XSAVE_C_SSE;
2437	}
2438
2439	/*
2440	* MSRs.
2441	*/
2442	/* Init PAT MSR */
2443	pCtx->msrPAT = MSR_IA32_CR_PAT_INIT_VAL;
2444
2445	/* EFER MBZ; see AMD64 Architecture Programmer's Manual Volume 2: Table 14-1. Initial Processor State.
2446	* The Intel docs don't mention it. */
2447	Assert(!pCtx->msrEFER);
2448
2449	/* IA32_MISC_ENABLE - not entirely sure what the init/reset state really
2450	is supposed to be here, just trying provide useful/sensible values. */
2451	PCPUMMSRRANGE pRange = cpumLookupMsrRange(pVM, MSR_IA32_MISC_ENABLE);
2452	if (pRange)
2453	{
2454	pVCpu->cpum.s.GuestMsrs.msr.MiscEnable = MSR_IA32_MISC_ENABLE_BTS_UNAVAIL
2455	\| MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL
2456	\| (pVM->cpum.s.GuestFeatures.fMonitorMWait ? MSR_IA32_MISC_ENABLE_MONITOR : 0)
2457	\| MSR_IA32_MISC_ENABLE_FAST_STRINGS;
2458	pRange->fWrIgnMask \|= MSR_IA32_MISC_ENABLE_BTS_UNAVAIL
2459	\| MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL;
2460	pRange->fWrGpMask &= ~pVCpu->cpum.s.GuestMsrs.msr.MiscEnable;
2461	}
2462
2463	/** @todo Wire IA32_MISC_ENABLE bit 22 to our NT 4 CPUID trick. */
2464
2465	/** @todo r=ramshankar: Currently broken for SMP as TMCpuTickSet() expects to be
2466	* called from each EMT while we're getting called by CPUMR3Reset()
2467	* iteratively on the same thread. Fix later. */
2468	#if 0 /** @todo r=bird: This we will do in TM, not here. */
2469	/* TSC must be 0. Intel spec. Table 9-1. "IA-32 Processor States Following Power-up, Reset, or INIT." */
2470	CPUMSetGuestMsr(pVCpu, MSR_IA32_TSC, 0);
2471	#endif
2472
2473
2474	/* C-state control. Guesses. */
2475	pVCpu->cpum.s.GuestMsrs.msr.PkgCStateCfgCtrl = 1 /C1/ \| RT_BIT_32(25) \| RT_BIT_32(26) \| RT_BIT_32(27) \| RT_BIT_32(28);
2476	/* For Nehalem+ and Atoms, the 0xE2 MSR (MSR_PKG_CST_CONFIG_CONTROL) is documented. For Core 2,
2477	* it's undocumented but exists as MSR_PMG_CST_CONFIG_CONTROL and has similar but not identical
2478	* functionality. The default value must be different due to incompatible write mask.
2479	*/
2480	if (CPUMMICROARCH_IS_INTEL_CORE2(pVM->cpum.s.GuestFeatures.enmMicroarch))
2481	pVCpu->cpum.s.GuestMsrs.msr.PkgCStateCfgCtrl = 0x202a01; /* From Mac Pro Harpertown, unlocked. */
2482	else if (pVM->cpum.s.GuestFeatures.enmMicroarch == kCpumMicroarch_Intel_Core_Yonah)
2483	pVCpu->cpum.s.GuestMsrs.msr.PkgCStateCfgCtrl = 0x26740c; /* From MacBookPro1,1. */
2484
2485	/*
2486	* Hardware virtualization state.
2487	*/
2488	CPUMSetGuestGif(pCtx, true);
2489	Assert(!pVM->cpum.s.GuestFeatures.fVmx \|\| !pVM->cpum.s.GuestFeatures.fSvm); /* Paranoia. */
2490	if (pVM->cpum.s.GuestFeatures.fVmx)
2491	cpumR3ResetVmxHwVirtState(pVCpu);
2492	else if (pVM->cpum.s.GuestFeatures.fSvm)
2493	cpumR3ResetSvmHwVirtState(pVCpu);
2494	}
2495
2496
2497	/**
2498	* Resets the CPU.
2499	*
2500	* @param pVM The cross context VM structure.
2501	*/
2502	VMMR3DECL(void) CPUMR3Reset(PVM pVM)
2503	{
2504	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2505	{
2506	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2507	CPUMR3ResetCpu(pVM, pVCpu);
2508
2509	#ifdef VBOX_WITH_CRASHDUMP_MAGIC
2510
2511	/* Magic marker for searching in crash dumps. */
2512	strcpy((char *)pVCpu->.cpum.s.aMagic, "CPUMCPU Magic");
2513	pVCpu->cpum.s.uMagic = UINT64_C(0xDEADBEEFDEADBEEF);
2514	pVCpu->cpum.s.Guest->dr[5] = UINT64_C(0xDEADBEEFDEADBEEF);
2515	#endif
2516	}
2517	}
2518
2519
2520
2521
2522	/**
2523	* Pass 0 live exec callback.
2524	*
2525	* @returns VINF_SSM_DONT_CALL_AGAIN.
2526	* @param pVM The cross context VM structure.
2527	* @param pSSM The saved state handle.
2528	* @param uPass The pass (0).
2529	*/
2530	static DECLCALLBACK(int) cpumR3LiveExec(PVM pVM, PSSMHANDLE pSSM, uint32_t uPass)
2531	{
2532	AssertReturn(uPass == 0, VERR_SSM_UNEXPECTED_PASS);
2533	cpumR3SaveCpuId(pVM, pSSM);
2534	return VINF_SSM_DONT_CALL_AGAIN;
2535	}
2536
2537
2538	/**
2539	* Execute state save operation.
2540	*
2541	* @returns VBox status code.
2542	* @param pVM The cross context VM structure.
2543	* @param pSSM SSM operation handle.
2544	*/
2545	static DECLCALLBACK(int) cpumR3SaveExec(PVM pVM, PSSMHANDLE pSSM)
2546	{
2547	/*
2548	* Save.
2549	*/
2550	SSMR3PutU32(pSSM, pVM->cCpus);
2551	SSMR3PutU32(pSSM, sizeof(pVM->apCpusR3[0]->cpum.s.GuestMsrs.msr));
2552	CPUMCTX DummyHyperCtx;
2553	RT_ZERO(DummyHyperCtx);
2554	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2555	{
2556	PVMCPU const pVCpu = pVM->apCpusR3[idCpu];
2557	PCPUMCTX const pGstCtx = &pVCpu->cpum.s.Guest;
2558
2559	/** @todo ditch this the next time we change the saved state. */
2560	SSMR3PutStructEx(pSSM, &DummyHyperCtx, sizeof(DummyHyperCtx), 0, g_aCpumCtxFields, NULL);
2561
2562	uint64_t const fSavedRFlags = pGstCtx->rflags.uBoth;
2563	pGstCtx->rflags.uBoth &= CPUMX86EFLAGS_HW_MASK_64; /* Temporarily clear the non-hardware bits in RFLAGS while saving. */
2564	SSMR3PutStructEx(pSSM, pGstCtx, sizeof(*pGstCtx), 0, g_aCpumCtxFields, NULL);
2565	pGstCtx->rflags.uBoth = fSavedRFlags;
2566
2567	SSMR3PutStructEx(pSSM, &pGstCtx->XState.x87, sizeof(pGstCtx->XState.x87), 0, g_aCpumX87Fields, NULL);
2568	if (pGstCtx->fXStateMask != 0)
2569	SSMR3PutStructEx(pSSM, &pGstCtx->XState.Hdr, sizeof(pGstCtx->XState.Hdr), 0, g_aCpumXSaveHdrFields, NULL);
2570	if (pGstCtx->fXStateMask & XSAVE_C_YMM)
2571	{
2572	PCX86XSAVEYMMHI pYmmHiCtx = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_YMM_BIT, PCX86XSAVEYMMHI);
2573	SSMR3PutStructEx(pSSM, pYmmHiCtx, sizeof(*pYmmHiCtx), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumYmmHiFields, NULL);
2574	}
2575	if (pGstCtx->fXStateMask & XSAVE_C_BNDREGS)
2576	{
2577	PCX86XSAVEBNDREGS pBndRegs = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_BNDREGS_BIT, PCX86XSAVEBNDREGS);
2578	SSMR3PutStructEx(pSSM, pBndRegs, sizeof(*pBndRegs), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumBndRegsFields, NULL);
2579	}
2580	if (pGstCtx->fXStateMask & XSAVE_C_BNDCSR)
2581	{
2582	PCX86XSAVEBNDCFG pBndCfg = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_BNDCSR_BIT, PCX86XSAVEBNDCFG);
2583	SSMR3PutStructEx(pSSM, pBndCfg, sizeof(*pBndCfg), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumBndCfgFields, NULL);
2584	}
2585	if (pGstCtx->fXStateMask & XSAVE_C_ZMM_HI256)
2586	{
2587	PCX86XSAVEZMMHI256 pZmmHi256 = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_ZMM_HI256_BIT, PCX86XSAVEZMMHI256);
2588	SSMR3PutStructEx(pSSM, pZmmHi256, sizeof(*pZmmHi256), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumZmmHi256Fields, NULL);
2589	}
2590	if (pGstCtx->fXStateMask & XSAVE_C_ZMM_16HI)
2591	{
2592	PCX86XSAVEZMM16HI pZmm16Hi = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_ZMM_16HI_BIT, PCX86XSAVEZMM16HI);
2593	SSMR3PutStructEx(pSSM, pZmm16Hi, sizeof(*pZmm16Hi), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumZmm16HiFields, NULL);
2594	}
2595	SSMR3PutU64(pSSM, pGstCtx->aPaePdpes[0].u);
2596	SSMR3PutU64(pSSM, pGstCtx->aPaePdpes[1].u);
2597	SSMR3PutU64(pSSM, pGstCtx->aPaePdpes[2].u);
2598	SSMR3PutU64(pSSM, pGstCtx->aPaePdpes[3].u);
2599	if (pVM->cpum.s.GuestFeatures.fSvm)
2600	{
2601	SSMR3PutU64(pSSM, pGstCtx->hwvirt.svm.uMsrHSavePa);
2602	SSMR3PutGCPhys(pSSM, pGstCtx->hwvirt.svm.GCPhysVmcb);
2603	SSMR3PutU64(pSSM, pGstCtx->hwvirt.svm.uPrevPauseTick);
2604	SSMR3PutU16(pSSM, pGstCtx->hwvirt.svm.cPauseFilter);
2605	SSMR3PutU16(pSSM, pGstCtx->hwvirt.svm.cPauseFilterThreshold);
2606	SSMR3PutBool(pSSM, pGstCtx->hwvirt.svm.fInterceptEvents);
2607	SSMR3PutStructEx(pSSM, &pGstCtx->hwvirt.svm.HostState, sizeof(pGstCtx->hwvirt.svm.HostState), 0 /* fFlags */,
2608	g_aSvmHwvirtHostState, NULL /* pvUser */);
2609	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.svm.Vmcb, sizeof(pGstCtx->hwvirt.svm.Vmcb));
2610	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.svm.abMsrBitmap[0], sizeof(pGstCtx->hwvirt.svm.abMsrBitmap));
2611	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.svm.abIoBitmap[0], sizeof(pGstCtx->hwvirt.svm.abIoBitmap));
2612	/* This is saved in the old VMCPUM_FF format. Change if more flags are added. */
2613	SSMR3PutU32(pSSM, pGstCtx->hwvirt.fSavedInhibit & CPUMCTX_INHIBIT_NMI ? CPUM_OLD_VMCPU_FF_BLOCK_NMIS : 0);
2614	SSMR3PutBool(pSSM, pGstCtx->hwvirt.fGif);
2615	}
2616	if (pVM->cpum.s.GuestFeatures.fVmx)
2617	{
2618	SSMR3PutGCPhys(pSSM, pGstCtx->hwvirt.vmx.GCPhysVmxon);
2619	SSMR3PutGCPhys(pSSM, pGstCtx->hwvirt.vmx.GCPhysVmcs);
2620	SSMR3PutGCPhys(pSSM, pGstCtx->hwvirt.vmx.GCPhysShadowVmcs);
2621	SSMR3PutBool(pSSM, pGstCtx->hwvirt.vmx.fInVmxRootMode);
2622	SSMR3PutBool(pSSM, pGstCtx->hwvirt.vmx.fInVmxNonRootMode);
2623	SSMR3PutBool(pSSM, pGstCtx->hwvirt.vmx.fInterceptEvents);
2624	SSMR3PutBool(pSSM, pGstCtx->hwvirt.vmx.fNmiUnblockingIret);
2625	SSMR3PutStructEx(pSSM, &pGstCtx->hwvirt.vmx.Vmcs, sizeof(pGstCtx->hwvirt.vmx.Vmcs), 0, g_aVmxHwvirtVmcs, NULL);
2626	SSMR3PutStructEx(pSSM, &pGstCtx->hwvirt.vmx.ShadowVmcs, sizeof(pGstCtx->hwvirt.vmx.ShadowVmcs),
2627	0, g_aVmxHwvirtVmcs, NULL);
2628	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.abVmreadBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abVmreadBitmap));
2629	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.abVmwriteBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abVmwriteBitmap));
2630	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.aEntryMsrLoadArea[0], sizeof(pGstCtx->hwvirt.vmx.aEntryMsrLoadArea));
2631	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.aExitMsrStoreArea[0], sizeof(pGstCtx->hwvirt.vmx.aExitMsrStoreArea));
2632	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.aExitMsrLoadArea[0], sizeof(pGstCtx->hwvirt.vmx.aExitMsrLoadArea));
2633	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.abMsrBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abMsrBitmap));
2634	SSMR3PutMem(pSSM, &pGstCtx->hwvirt.vmx.abIoBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abIoBitmap));
2635	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.uFirstPauseLoopTick);
2636	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.uPrevPauseTick);
2637	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.uEntryTick);
2638	SSMR3PutU16(pSSM, pGstCtx->hwvirt.vmx.offVirtApicWrite);
2639	SSMR3PutBool(pSSM, pGstCtx->hwvirt.vmx.fVirtNmiBlocking);
2640	SSMR3PutU64(pSSM, MSR_IA32_FEATURE_CONTROL_LOCK \| MSR_IA32_FEATURE_CONTROL_VMXON); /* Deprecated since 2021/09/22. Value kept backwards compatibile with 6.1.26. */
2641	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Basic);
2642	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.PinCtls.u);
2643	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.ProcCtls.u);
2644	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.ProcCtls2.u);
2645	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.ExitCtls.u);
2646	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.EntryCtls.u);
2647	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.TruePinCtls.u);
2648	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.TrueProcCtls.u);
2649	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.TrueEntryCtls.u);
2650	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.TrueExitCtls.u);
2651	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Misc);
2652	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Cr0Fixed0);
2653	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Cr0Fixed1);
2654	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Cr4Fixed0);
2655	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64Cr4Fixed1);
2656	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64VmcsEnum);
2657	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64VmFunc);
2658	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64EptVpidCaps);
2659	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64ProcCtls3);
2660	SSMR3PutU64(pSSM, pGstCtx->hwvirt.vmx.Msrs.u64ExitCtls2);
2661	}
2662	SSMR3PutU32(pSSM, pVCpu->cpum.s.fUseFlags);
2663	SSMR3PutU32(pSSM, pVCpu->cpum.s.fChanged);
2664	AssertCompileSizeAlignment(pVCpu->cpum.s.GuestMsrs.msr, sizeof(uint64_t));
2665	SSMR3PutMem(pSSM, &pVCpu->cpum.s.GuestMsrs, sizeof(pVCpu->cpum.s.GuestMsrs.msr));
2666	}
2667
2668	cpumR3SaveCpuId(pVM, pSSM);
2669	return VINF_SUCCESS;
2670	}
2671
2672
2673	/**
2674	* @callback_method_impl{FNSSMINTLOADPREP}
2675	*/
2676	static DECLCALLBACK(int) cpumR3LoadPrep(PVM pVM, PSSMHANDLE pSSM)
2677	{
2678	NOREF(pSSM);
2679	pVM->cpum.s.fPendingRestore = true;
2680	return VINF_SUCCESS;
2681	}
2682
2683
2684	/**
2685	* @callback_method_impl{FNSSMINTLOADEXEC}
2686	*/
2687	static DECLCALLBACK(int) cpumR3LoadExec(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
2688	{
2689	int rc; /* Only for AssertRCReturn use. */
2690
2691	/*
2692	* Validate version.
2693	*/
2694	if ( uVersion != CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_4
2695	&& uVersion != CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3
2696	&& uVersion != CPUM_SAVED_STATE_VERSION_PAE_PDPES
2697	&& uVersion != CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2
2698	&& uVersion != CPUM_SAVED_STATE_VERSION_HWVIRT_VMX
2699	&& uVersion != CPUM_SAVED_STATE_VERSION_HWVIRT_SVM
2700	&& uVersion != CPUM_SAVED_STATE_VERSION_XSAVE
2701	&& uVersion != CPUM_SAVED_STATE_VERSION_GOOD_CPUID_COUNT
2702	&& uVersion != CPUM_SAVED_STATE_VERSION_BAD_CPUID_COUNT
2703	&& uVersion != CPUM_SAVED_STATE_VERSION_PUT_STRUCT
2704	&& uVersion != CPUM_SAVED_STATE_VERSION_MEM
2705	&& uVersion != CPUM_SAVED_STATE_VERSION_NO_MSR_SIZE
2706	&& uVersion != CPUM_SAVED_STATE_VERSION_VER3_2
2707	&& uVersion != CPUM_SAVED_STATE_VERSION_VER3_0
2708	&& uVersion != CPUM_SAVED_STATE_VERSION_VER2_1_NOMSR
2709	&& uVersion != CPUM_SAVED_STATE_VERSION_VER2_0
2710	&& uVersion != CPUM_SAVED_STATE_VERSION_VER1_6)
2711	{
2712	AssertMsgFailed(("cpumR3LoadExec: Invalid version uVersion=%d!\n", uVersion));
2713	return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
2714	}
2715
2716	if (uPass == SSM_PASS_FINAL)
2717	{
2718	/*
2719	* Set the size of RTGCPTR for SSMR3GetGCPtr. (Only necessary for
2720	* really old SSM file versions.)
2721	*/
2722	if (uVersion == CPUM_SAVED_STATE_VERSION_VER1_6)
2723	SSMR3HandleSetGCPtrSize(pSSM, sizeof(RTGCPTR32));
2724	else if (uVersion <= CPUM_SAVED_STATE_VERSION_VER3_0)
2725	SSMR3HandleSetGCPtrSize(pSSM, sizeof(RTGCPTR));
2726
2727	/*
2728	* Figure x86 and ctx field definitions to use for older states.
2729	*/
2730	uint32_t const fLoad = uVersion > CPUM_SAVED_STATE_VERSION_MEM ? 0 : SSMSTRUCT_FLAGS_MEM_BAND_AID_RELAXED;
2731	PCSSMFIELD paCpumCtx1Fields = g_aCpumX87Fields;
2732	PCSSMFIELD paCpumCtx2Fields = g_aCpumCtxFields;
2733	if (uVersion == CPUM_SAVED_STATE_VERSION_VER1_6)
2734	{
2735	paCpumCtx1Fields = g_aCpumX87FieldsV16;
2736	paCpumCtx2Fields = g_aCpumCtxFieldsV16;
2737	}
2738	else if (uVersion <= CPUM_SAVED_STATE_VERSION_MEM)
2739	{
2740	paCpumCtx1Fields = g_aCpumX87FieldsMem;
2741	paCpumCtx2Fields = g_aCpumCtxFieldsMem;
2742	}
2743
2744	/*
2745	* The hyper state used to preceed the CPU count. Starting with
2746	* XSAVE it was moved down till after we've got the count.
2747	*/
2748	CPUMCTX HyperCtxIgnored;
2749	if (uVersion < CPUM_SAVED_STATE_VERSION_XSAVE)
2750	{
2751	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2752	{
2753	X86FXSTATE Ign;
2754	SSMR3GetStructEx(pSSM, &Ign, sizeof(Ign), fLoad \| SSMSTRUCT_FLAGS_NO_TAIL_MARKER, paCpumCtx1Fields, NULL);
2755	SSMR3GetStructEx(pSSM, &HyperCtxIgnored, sizeof(HyperCtxIgnored),
2756	fLoad \| SSMSTRUCT_FLAGS_NO_LEAD_MARKER, paCpumCtx2Fields, NULL);
2757	}
2758	}
2759
2760	if (uVersion >= CPUM_SAVED_STATE_VERSION_VER2_1_NOMSR)
2761	{
2762	uint32_t cCpus;
2763	rc = SSMR3GetU32(pSSM, &cCpus); AssertRCReturn(rc, rc);
2764	AssertLogRelMsgReturn(cCpus == pVM->cCpus, ("Mismatching CPU counts: saved: %u; configured: %u \n", cCpus, pVM->cCpus),
2765	VERR_SSM_UNEXPECTED_DATA);
2766	}
2767	AssertLogRelMsgReturn( uVersion > CPUM_SAVED_STATE_VERSION_VER2_0
2768	\|\| pVM->cCpus == 1,
2769	("cCpus=%u\n", pVM->cCpus),
2770	VERR_SSM_UNEXPECTED_DATA);
2771
2772	uint32_t cbMsrs = 0;
2773	if (uVersion > CPUM_SAVED_STATE_VERSION_NO_MSR_SIZE)
2774	{
2775	rc = SSMR3GetU32(pSSM, &cbMsrs); AssertRCReturn(rc, rc);
2776	AssertLogRelMsgReturn(RT_ALIGN(cbMsrs, sizeof(uint64_t)) == cbMsrs, ("Size of MSRs is misaligned: %#x\n", cbMsrs),
2777	VERR_SSM_UNEXPECTED_DATA);
2778	AssertLogRelMsgReturn(cbMsrs <= sizeof(CPUMCTXMSRS) && cbMsrs > 0, ("Size of MSRs is out of range: %#x\n", cbMsrs),
2779	VERR_SSM_UNEXPECTED_DATA);
2780	}
2781
2782	/*
2783	* Do the per-CPU restoring.
2784	*/
2785	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
2786	{
2787	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
2788	PCPUMCTX pGstCtx = &pVCpu->cpum.s.Guest;
2789
2790	if (uVersion >= CPUM_SAVED_STATE_VERSION_XSAVE)
2791	{
2792	/*
2793	* The XSAVE saved state layout moved the hyper state down here.
2794	*/
2795	rc = SSMR3GetStructEx(pSSM, &HyperCtxIgnored, sizeof(HyperCtxIgnored), 0, g_aCpumCtxFields, NULL);
2796	AssertRCReturn(rc, rc);
2797
2798	/*
2799	* Start by restoring the CPUMCTX structure and the X86FXSAVE bits of the extended state.
2800	*/
2801	rc = SSMR3GetStructEx(pSSM, pGstCtx, sizeof(*pGstCtx), 0, g_aCpumCtxFields, NULL);
2802	rc = SSMR3GetStructEx(pSSM, &pGstCtx->XState.x87, sizeof(pGstCtx->XState.x87), 0, g_aCpumX87Fields, NULL);
2803	AssertRCReturn(rc, rc);
2804
2805	/* Check that the xsave/xrstor mask is valid (invalid results in #GP). */
2806	if (pGstCtx->fXStateMask != 0)
2807	{
2808	AssertLogRelMsgReturn(!(pGstCtx->fXStateMask & ~pVM->cpum.s.fXStateGuestMask),
2809	("fXStateMask=%#RX64 fXStateGuestMask=%#RX64\n",
2810	pGstCtx->fXStateMask, pVM->cpum.s.fXStateGuestMask),
2811	VERR_CPUM_INCOMPATIBLE_XSAVE_COMP_MASK);
2812	AssertLogRelMsgReturn(pGstCtx->fXStateMask & XSAVE_C_X87,
2813	("fXStateMask=%#RX64\n", pGstCtx->fXStateMask), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2814	AssertLogRelMsgReturn((pGstCtx->fXStateMask & (XSAVE_C_SSE \| XSAVE_C_YMM)) != XSAVE_C_YMM,
2815	("fXStateMask=%#RX64\n", pGstCtx->fXStateMask), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2816	AssertLogRelMsgReturn( (pGstCtx->fXStateMask & (XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI)) == 0
2817	\|\| (pGstCtx->fXStateMask & (XSAVE_C_SSE \| XSAVE_C_YMM \| XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI))
2818	== (XSAVE_C_SSE \| XSAVE_C_YMM \| XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI),
2819	("fXStateMask=%#RX64\n", pGstCtx->fXStateMask), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2820	}
2821
2822	/* Check that the XCR0 mask is valid (invalid results in #GP). */
2823	AssertLogRelMsgReturn(pGstCtx->aXcr[0] & XSAVE_C_X87, ("xcr0=%#RX64\n", pGstCtx->aXcr[0]), VERR_CPUM_INVALID_XCR0);
2824	if (pGstCtx->aXcr[0] != XSAVE_C_X87)
2825	{
2826	AssertLogRelMsgReturn(!(pGstCtx->aXcr[0] & ~(pGstCtx->fXStateMask \| XSAVE_C_X87)),
2827	("xcr0=%#RX64 fXStateMask=%#RX64\n", pGstCtx->aXcr[0], pGstCtx->fXStateMask),
2828	VERR_CPUM_INVALID_XCR0);
2829	AssertLogRelMsgReturn(pGstCtx->aXcr[0] & XSAVE_C_X87,
2830	("xcr0=%#RX64\n", pGstCtx->aXcr[0]), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2831	AssertLogRelMsgReturn((pGstCtx->aXcr[0] & (XSAVE_C_SSE \| XSAVE_C_YMM)) != XSAVE_C_YMM,
2832	("xcr0=%#RX64\n", pGstCtx->aXcr[0]), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2833	AssertLogRelMsgReturn( (pGstCtx->aXcr[0] & (XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI)) == 0
2834	\|\| (pGstCtx->aXcr[0] & (XSAVE_C_SSE \| XSAVE_C_YMM \| XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI))
2835	== (XSAVE_C_SSE \| XSAVE_C_YMM \| XSAVE_C_OPMASK \| XSAVE_C_ZMM_HI256 \| XSAVE_C_ZMM_16HI),
2836	("xcr0=%#RX64\n", pGstCtx->aXcr[0]), VERR_CPUM_INVALID_XSAVE_COMP_MASK);
2837	}
2838
2839	/* Check that the XCR1 is zero, as we don't implement it yet. */
2840	AssertLogRelMsgReturn(!pGstCtx->aXcr[1], ("xcr1=%#RX64\n", pGstCtx->aXcr[1]), VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
2841
2842	/*
2843	* Restore the individual extended state components we support.
2844	*/
2845	if (pGstCtx->fXStateMask != 0)
2846	{
2847	rc = SSMR3GetStructEx(pSSM, &pGstCtx->XState.Hdr, sizeof(pGstCtx->XState.Hdr),
2848	0, g_aCpumXSaveHdrFields, NULL);
2849	AssertRCReturn(rc, rc);
2850	AssertLogRelMsgReturn(!(pGstCtx->XState.Hdr.bmXState & ~pGstCtx->fXStateMask),
2851	("bmXState=%#RX64 fXStateMask=%#RX64\n",
2852	pGstCtx->XState.Hdr.bmXState, pGstCtx->fXStateMask),
2853	VERR_CPUM_INVALID_XSAVE_HDR);
2854	}
2855	if (pGstCtx->fXStateMask & XSAVE_C_YMM)
2856	{
2857	PX86XSAVEYMMHI pYmmHiCtx = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_YMM_BIT, PX86XSAVEYMMHI);
2858	SSMR3GetStructEx(pSSM, pYmmHiCtx, sizeof(*pYmmHiCtx), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumYmmHiFields, NULL);
2859	}
2860	if (pGstCtx->fXStateMask & XSAVE_C_BNDREGS)
2861	{
2862	PX86XSAVEBNDREGS pBndRegs = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_BNDREGS_BIT, PX86XSAVEBNDREGS);
2863	SSMR3GetStructEx(pSSM, pBndRegs, sizeof(*pBndRegs), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumBndRegsFields, NULL);
2864	}
2865	if (pGstCtx->fXStateMask & XSAVE_C_BNDCSR)
2866	{
2867	PX86XSAVEBNDCFG pBndCfg = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_BNDCSR_BIT, PX86XSAVEBNDCFG);
2868	SSMR3GetStructEx(pSSM, pBndCfg, sizeof(*pBndCfg), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumBndCfgFields, NULL);
2869	}
2870	if (pGstCtx->fXStateMask & XSAVE_C_ZMM_HI256)
2871	{
2872	PX86XSAVEZMMHI256 pZmmHi256 = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_ZMM_HI256_BIT, PX86XSAVEZMMHI256);
2873	SSMR3GetStructEx(pSSM, pZmmHi256, sizeof(*pZmmHi256), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumZmmHi256Fields, NULL);
2874	}
2875	if (pGstCtx->fXStateMask & XSAVE_C_ZMM_16HI)
2876	{
2877	PX86XSAVEZMM16HI pZmm16Hi = CPUMCTX_XSAVE_C_PTR(pGstCtx, XSAVE_C_ZMM_16HI_BIT, PX86XSAVEZMM16HI);
2878	SSMR3GetStructEx(pSSM, pZmm16Hi, sizeof(*pZmm16Hi), SSMSTRUCT_FLAGS_FULL_STRUCT, g_aCpumZmm16HiFields, NULL);
2879	}
2880	if (uVersion >= CPUM_SAVED_STATE_VERSION_PAE_PDPES)
2881	{
2882	SSMR3GetU64(pSSM, &pGstCtx->aPaePdpes[0].u);
2883	SSMR3GetU64(pSSM, &pGstCtx->aPaePdpes[1].u);
2884	SSMR3GetU64(pSSM, &pGstCtx->aPaePdpes[2].u);
2885	SSMR3GetU64(pSSM, &pGstCtx->aPaePdpes[3].u);
2886	}
2887	if (uVersion >= CPUM_SAVED_STATE_VERSION_HWVIRT_SVM)
2888	{
2889	if (pVM->cpum.s.GuestFeatures.fSvm)
2890	{
2891	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.svm.uMsrHSavePa);
2892	SSMR3GetGCPhys(pSSM, &pGstCtx->hwvirt.svm.GCPhysVmcb);
2893	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.svm.uPrevPauseTick);
2894	SSMR3GetU16(pSSM, &pGstCtx->hwvirt.svm.cPauseFilter);
2895	SSMR3GetU16(pSSM, &pGstCtx->hwvirt.svm.cPauseFilterThreshold);
2896	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.svm.fInterceptEvents);
2897	SSMR3GetStructEx(pSSM, &pGstCtx->hwvirt.svm.HostState, sizeof(pGstCtx->hwvirt.svm.HostState),
2898	0 /* fFlags /, g_aSvmHwvirtHostState, NULL / pvUser */);
2899	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.svm.Vmcb, sizeof(pGstCtx->hwvirt.svm.Vmcb));
2900	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.svm.abMsrBitmap[0], sizeof(pGstCtx->hwvirt.svm.abMsrBitmap));
2901	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.svm.abIoBitmap[0], sizeof(pGstCtx->hwvirt.svm.abIoBitmap));
2902
2903	uint32_t fSavedLocalFFs = 0;
2904	rc = SSMR3GetU32(pSSM, &fSavedLocalFFs);
2905	AssertRCReturn(rc, rc);
2906	Assert(fSavedLocalFFs == 0 \|\| fSavedLocalFFs == CPUM_OLD_VMCPU_FF_BLOCK_NMIS);
2907	pGstCtx->hwvirt.fSavedInhibit = fSavedLocalFFs & CPUM_OLD_VMCPU_FF_BLOCK_NMIS ? CPUMCTX_INHIBIT_NMI : 0;
2908
2909	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.fGif);
2910	}
2911	}
2912	if (uVersion >= CPUM_SAVED_STATE_VERSION_HWVIRT_VMX)
2913	{
2914	if (pVM->cpum.s.GuestFeatures.fVmx)
2915	{
2916	SSMR3GetGCPhys(pSSM, &pGstCtx->hwvirt.vmx.GCPhysVmxon);
2917	SSMR3GetGCPhys(pSSM, &pGstCtx->hwvirt.vmx.GCPhysVmcs);
2918	SSMR3GetGCPhys(pSSM, &pGstCtx->hwvirt.vmx.GCPhysShadowVmcs);
2919	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.vmx.fInVmxRootMode);
2920	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.vmx.fInVmxNonRootMode);
2921	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.vmx.fInterceptEvents);
2922	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.vmx.fNmiUnblockingIret);
2923	SSMR3GetStructEx(pSSM, &pGstCtx->hwvirt.vmx.Vmcs, sizeof(pGstCtx->hwvirt.vmx.Vmcs),
2924	0, g_aVmxHwvirtVmcs, NULL);
2925	SSMR3GetStructEx(pSSM, &pGstCtx->hwvirt.vmx.ShadowVmcs, sizeof(pGstCtx->hwvirt.vmx.ShadowVmcs),
2926	0, g_aVmxHwvirtVmcs, NULL);
2927	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.abVmreadBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abVmreadBitmap));
2928	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.abVmwriteBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abVmwriteBitmap));
2929	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.aEntryMsrLoadArea[0], sizeof(pGstCtx->hwvirt.vmx.aEntryMsrLoadArea));
2930	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.aExitMsrStoreArea[0], sizeof(pGstCtx->hwvirt.vmx.aExitMsrStoreArea));
2931	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.aExitMsrLoadArea[0], sizeof(pGstCtx->hwvirt.vmx.aExitMsrLoadArea));
2932	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.abMsrBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abMsrBitmap));
2933	SSMR3GetMem(pSSM, &pGstCtx->hwvirt.vmx.abIoBitmap[0], sizeof(pGstCtx->hwvirt.vmx.abIoBitmap));
2934	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.uFirstPauseLoopTick);
2935	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.uPrevPauseTick);
2936	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.uEntryTick);
2937	SSMR3GetU16(pSSM, &pGstCtx->hwvirt.vmx.offVirtApicWrite);
2938	SSMR3GetBool(pSSM, &pGstCtx->hwvirt.vmx.fVirtNmiBlocking);
2939	SSMR3Skip(pSSM, sizeof(uint64_t)); /* Unused - used to be IA32_FEATURE_CONTROL, see @bugref{10106}. */
2940	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Basic);
2941	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.PinCtls.u);
2942	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.ProcCtls.u);
2943	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.ProcCtls2.u);
2944	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.ExitCtls.u);
2945	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.EntryCtls.u);
2946	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.TruePinCtls.u);
2947	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.TrueProcCtls.u);
2948	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.TrueEntryCtls.u);
2949	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.TrueExitCtls.u);
2950	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Misc);
2951	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Cr0Fixed0);
2952	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Cr0Fixed1);
2953	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Cr4Fixed0);
2954	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64Cr4Fixed1);
2955	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64VmcsEnum);
2956	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64VmFunc);
2957	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64EptVpidCaps);
2958	if (uVersion >= CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_2)
2959	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64ProcCtls3);
2960	if (uVersion >= CPUM_SAVED_STATE_VERSION_HWVIRT_VMX_3)
2961	SSMR3GetU64(pSSM, &pGstCtx->hwvirt.vmx.Msrs.u64ExitCtls2);
2962	}
2963	}
2964	}
2965	else
2966	{
2967	/*
2968	* Pre XSAVE saved state.
2969	*/
2970	SSMR3GetStructEx(pSSM, &pGstCtx->XState.x87, sizeof(pGstCtx->XState.x87),
2971	fLoad \| SSMSTRUCT_FLAGS_NO_TAIL_MARKER, paCpumCtx1Fields, NULL);
2972	SSMR3GetStructEx(pSSM, pGstCtx, sizeof(*pGstCtx), fLoad \| SSMSTRUCT_FLAGS_NO_LEAD_MARKER, paCpumCtx2Fields, NULL);
2973	}
2974
2975	/*
2976	* Restore a couple of flags and the MSRs.
2977	*/
2978	uint32_t fIgnoredUsedFlags = 0;
2979	rc = SSMR3GetU32(pSSM, &fIgnoredUsedFlags); /* we're recalc the two relevant flags after loading state. */
2980	AssertRCReturn(rc, rc);
2981	SSMR3GetU32(pSSM, &pVCpu->cpum.s.fChanged);
2982
2983	rc = VINF_SUCCESS;
2984	if (uVersion > CPUM_SAVED_STATE_VERSION_NO_MSR_SIZE)
2985	rc = SSMR3GetMem(pSSM, &pVCpu->cpum.s.GuestMsrs.au64[0], cbMsrs);
2986	else if (uVersion >= CPUM_SAVED_STATE_VERSION_VER3_0)
2987	{
2988	SSMR3GetMem(pSSM, &pVCpu->cpum.s.GuestMsrs.au64[0], 2 * sizeof(uint64_t)); /* Restore two MSRs. */
2989	rc = SSMR3Skip(pSSM, 62 * sizeof(uint64_t));
2990	}
2991	AssertRCReturn(rc, rc);
2992
2993	/* Deal with the reusing of reserved RFLAGS bits. */
2994	pGstCtx->rflags.uBoth \|= pVM->cpum.s.fReservedRFlagsCookie;
2995
2996	/* REM and other may have cleared must-be-one fields in DR6 and
2997	DR7, fix these. */
2998	pGstCtx->dr[6] &= ~(X86_DR6_RAZ_MASK \| X86_DR6_MBZ_MASK);
2999	pGstCtx->dr[6] \|= X86_DR6_RA1_MASK;
3000	pGstCtx->dr[7] &= ~(X86_DR7_RAZ_MASK \| X86_DR7_MBZ_MASK);
3001	pGstCtx->dr[7] \|= X86_DR7_RA1_MASK;
3002	}
3003
3004	/* Older states does not have the internal selector register flags
3005	and valid selector value. Supply those. */
3006	if (uVersion <= CPUM_SAVED_STATE_VERSION_MEM)
3007	{
3008	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3009	{
3010	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
3011	bool const fValid = true /!VM_IS_RAW_MODE_ENABLED(pVM)/
3012	\|\| ( uVersion > CPUM_SAVED_STATE_VERSION_VER3_2
3013	&& !(pVCpu->cpum.s.fChanged & CPUM_CHANGED_HIDDEN_SEL_REGS_INVALID));
3014	PCPUMSELREG paSelReg = CPUMCTX_FIRST_SREG(&pVCpu->cpum.s.Guest);
3015	if (fValid)
3016	{
3017	for (uint32_t iSelReg = 0; iSelReg < X86_SREG_COUNT; iSelReg++)
3018	{
3019	paSelReg[iSelReg].fFlags = CPUMSELREG_FLAGS_VALID;
3020	paSelReg[iSelReg].ValidSel = paSelReg[iSelReg].Sel;
3021	}
3022
3023	pVCpu->cpum.s.Guest.ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
3024	pVCpu->cpum.s.Guest.ldtr.ValidSel = pVCpu->cpum.s.Guest.ldtr.Sel;
3025	}
3026	else
3027	{
3028	for (uint32_t iSelReg = 0; iSelReg < X86_SREG_COUNT; iSelReg++)
3029	{
3030	paSelReg[iSelReg].fFlags = 0;
3031	paSelReg[iSelReg].ValidSel = 0;
3032	}
3033
3034	/* This might not be 104% correct, but I think it's close
3035	enough for all practical purposes... (REM always loaded
3036	LDTR registers.) */
3037	pVCpu->cpum.s.Guest.ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
3038	pVCpu->cpum.s.Guest.ldtr.ValidSel = pVCpu->cpum.s.Guest.ldtr.Sel;
3039	}
3040	pVCpu->cpum.s.Guest.tr.fFlags = CPUMSELREG_FLAGS_VALID;
3041	pVCpu->cpum.s.Guest.tr.ValidSel = pVCpu->cpum.s.Guest.tr.Sel;
3042	}
3043	}
3044
3045	/* Clear CPUM_CHANGED_HIDDEN_SEL_REGS_INVALID. */
3046	if ( uVersion > CPUM_SAVED_STATE_VERSION_VER3_2
3047	&& uVersion <= CPUM_SAVED_STATE_VERSION_MEM)
3048	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3049	{
3050	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
3051	pVCpu->cpum.s.fChanged &= CPUM_CHANGED_HIDDEN_SEL_REGS_INVALID;
3052	}
3053
3054	/*
3055	* A quick sanity check.
3056	*/
3057	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3058	{
3059	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
3060	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.es.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3061	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.cs.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3062	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.ss.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3063	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.ds.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3064	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.fs.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3065	AssertLogRelReturn(!(pVCpu->cpum.s.Guest.gs.fFlags & ~CPUMSELREG_FLAGS_VALID_MASK), VERR_SSM_UNEXPECTED_DATA);
3066	}
3067	}
3068
3069	pVM->cpum.s.fPendingRestore = false;
3070
3071	/*
3072	* Guest CPUIDs (and VMX MSR features).
3073	*/
3074	if (uVersion >= CPUM_SAVED_STATE_VERSION_VER3_2)
3075	{
3076	CPUMMSRS GuestMsrs;
3077	RT_ZERO(GuestMsrs);
3078
3079	CPUMFEATURES BaseFeatures;
3080	bool const fVmxGstFeat = pVM->cpum.s.GuestFeatures.fVmx;
3081	if (fVmxGstFeat)
3082	{
3083	/*
3084	* At this point the MSRs in the guest CPU-context are loaded with the guest VMX MSRs from the saved state.
3085	* However the VMX sub-features have not been exploded yet. So cache the base (host derived) VMX features
3086	* here so we can compare them for compatibility after exploding guest features.
3087	*/
3088	BaseFeatures = pVM->cpum.s.GuestFeatures;
3089
3090	/* Use the VMX MSR features from the saved state while exploding guest features. */
3091	GuestMsrs.hwvirt.vmx = pVM->apCpusR3[0]->cpum.s.Guest.hwvirt.vmx.Msrs;
3092	}
3093
3094	/* Load CPUID and explode guest features. */
3095	rc = cpumR3LoadCpuId(pVM, pSSM, uVersion, &GuestMsrs);
3096	if (fVmxGstFeat)
3097	{
3098	/*
3099	* Check if the exploded VMX features from the saved state are compatible with the host-derived features
3100	* we cached earlier (above). The is required if we use hardware-assisted nested-guest execution with
3101	* VMX features presented to the guest.
3102	*/
3103	bool const fIsCompat = cpumR3AreVmxCpuFeaturesCompatible(pVM, &BaseFeatures, &pVM->cpum.s.GuestFeatures);
3104	if (!fIsCompat)
3105	return VERR_CPUM_INVALID_HWVIRT_FEAT_COMBO;
3106	}
3107	return rc;
3108	}
3109	return cpumR3LoadCpuIdPre32(pVM, pSSM, uVersion);
3110	}
3111
3112
3113	/**
3114	* @callback_method_impl{FNSSMINTLOADDONE}
3115	*/
3116	static DECLCALLBACK(int) cpumR3LoadDone(PVM pVM, PSSMHANDLE pSSM)
3117	{
3118	if (RT_FAILURE(SSMR3HandleGetStatus(pSSM)))
3119	return VINF_SUCCESS;
3120
3121	/* just check this since we can. / /* @todo Add a SSM unit flag for indicating that it's mandatory during a restore. */
3122	if (pVM->cpum.s.fPendingRestore)
3123	{
3124	LogRel(("CPUM: Missing state!\n"));
3125	return VERR_INTERNAL_ERROR_2;
3126	}
3127
3128	bool const fSupportsLongMode = VMR3IsLongModeAllowed(pVM);
3129	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3130	{
3131	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
3132
3133	/* Notify PGM of the NXE states in case they've changed. */
3134	PGMNotifyNxeChanged(pVCpu, RT_BOOL(pVCpu->cpum.s.Guest.msrEFER & MSR_K6_EFER_NXE));
3135
3136	/* During init. this is done in CPUMR3InitCompleted(). */
3137	if (fSupportsLongMode)
3138	pVCpu->cpum.s.fUseFlags \|= CPUM_USE_SUPPORTS_LONGMODE;
3139
3140	/* Recalc the CPUM_USE_DEBUG_REGS_HYPER value. */
3141	CPUMRecalcHyperDRx(pVCpu, UINT8_MAX);
3142	}
3143	return VINF_SUCCESS;
3144	}
3145
3146
3147	/**
3148	* Checks if the CPUM state restore is still pending.
3149	*
3150	* @returns true / false.
3151	* @param pVM The cross context VM structure.
3152	*/
3153	VMMDECL(bool) CPUMR3IsStateRestorePending(PVM pVM)
3154	{
3155	return pVM->cpum.s.fPendingRestore;
3156	}
3157
3158
3159	/**
3160	* Formats the EFLAGS value into mnemonics.
3161	*
3162	* @param pszEFlags Where to write the mnemonics. (Assumes sufficient buffer space.)
3163	* @param efl The EFLAGS value with both guest hardware and VBox
3164	* internal bits included.
3165	*/
3166	static void cpumR3InfoFormatFlags(char *pszEFlags, uint32_t efl)
3167	{
3168	/*
3169	* Format the flags.
3170	*/
3171	static const struct
3172	{
3173	const char pszSet; const char pszClear; uint32_t fFlag;
3174	} s_aFlags[] =
3175	{
3176	{ "vip",NULL, X86_EFL_VIP },
3177	{ "vif",NULL, X86_EFL_VIF },
3178	{ "ac", NULL, X86_EFL_AC },
3179	{ "vm", NULL, X86_EFL_VM },
3180	{ "rf", NULL, X86_EFL_RF },
3181	{ "nt", NULL, X86_EFL_NT },
3182	{ "ov", "nv", X86_EFL_OF },
3183	{ "dn", "up", X86_EFL_DF },
3184	{ "ei", "di", X86_EFL_IF },
3185	{ "tf", NULL, X86_EFL_TF },
3186	{ "nt", "pl", X86_EFL_SF },
3187	{ "nz", "zr", X86_EFL_ZF },
3188	{ "ac", "na", X86_EFL_AF },
3189	{ "po", "pe", X86_EFL_PF },
3190	{ "cy", "nc", X86_EFL_CF },
3191	{ "inh-ss", NULL, CPUMCTX_INHIBIT_SHADOW_SS },
3192	{ "inh-sti", NULL, CPUMCTX_INHIBIT_SHADOW_STI },
3193	{ "inh-nmi", NULL, CPUMCTX_INHIBIT_NMI },
3194	};
3195	char *psz = pszEFlags;
3196	for (unsigned i = 0; i < RT_ELEMENTS(s_aFlags); i++)
3197	{
3198	const char *pszAdd = s_aFlags[i].fFlag & efl ? s_aFlags[i].pszSet : s_aFlags[i].pszClear;
3199	if (pszAdd)
3200	{
3201	strcpy(psz, pszAdd);
3202	psz += strlen(pszAdd);
3203	*psz++ = ' ';
3204	}
3205	}
3206	psz[-1] = '\0';
3207	}
3208
3209
3210	/**
3211	* Formats a full register dump.
3212	*
3213	* @param pVM The cross context VM structure.
3214	* @param pCtx The context to format.
3215	* @param pHlp Output functions.
3216	* @param enmType The dump type.
3217	* @param pszPrefix Register name prefix.
3218	*/
3219	static void cpumR3InfoOne(PVM pVM, PCPUMCTX pCtx, PCDBGFINFOHLP pHlp, CPUMDUMPTYPE enmType, const char *pszPrefix)
3220	{
3221	NOREF(pVM);
3222
3223	/*
3224	* Format the EFLAGS.
3225	*/
3226	char szEFlags[80];
3227	cpumR3InfoFormatFlags(&szEFlags[0], pCtx->eflags.uBoth);
3228
3229	/*
3230	* Format the registers.
3231	*/
3232	uint32_t const efl = pCtx->eflags.u;
3233	switch (enmType)
3234	{
3235	case CPUMDUMPTYPE_TERSE:
3236	if (CPUMIsGuestIn64BitCodeEx(pCtx))
3237	pHlp->pfnPrintf(pHlp,
3238	"%srax=%016RX64 %srbx=%016RX64 %srcx=%016RX64 %srdx=%016RX64\n"
3239	"%srsi=%016RX64 %srdi=%016RX64 %sr8 =%016RX64 %sr9 =%016RX64\n"
3240	"%sr10=%016RX64 %sr11=%016RX64 %sr12=%016RX64 %sr13=%016RX64\n"
3241	"%sr14=%016RX64 %sr15=%016RX64\n"
3242	"%srip=%016RX64 %srsp=%016RX64 %srbp=%016RX64 %siopl=%d %*s\n"
3243	"%scs=%04x %sss=%04x %sds=%04x %ses=%04x %sfs=%04x %sgs=%04x %seflags=%08x\n",
3244	pszPrefix, pCtx->rax, pszPrefix, pCtx->rbx, pszPrefix, pCtx->rcx, pszPrefix, pCtx->rdx, pszPrefix, pCtx->rsi, pszPrefix, pCtx->rdi,
3245	pszPrefix, pCtx->r8, pszPrefix, pCtx->r9, pszPrefix, pCtx->r10, pszPrefix, pCtx->r11, pszPrefix, pCtx->r12, pszPrefix, pCtx->r13,
3246	pszPrefix, pCtx->r14, pszPrefix, pCtx->r15,
3247	pszPrefix, pCtx->rip, pszPrefix, pCtx->rsp, pszPrefix, pCtx->rbp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3248	pszPrefix, pCtx->cs.Sel, pszPrefix, pCtx->ss.Sel, pszPrefix, pCtx->ds.Sel, pszPrefix, pCtx->es.Sel,
3249	pszPrefix, pCtx->fs.Sel, pszPrefix, pCtx->gs.Sel, pszPrefix, efl);
3250	else
3251	pHlp->pfnPrintf(pHlp,
3252	"%seax=%08x %sebx=%08x %secx=%08x %sedx=%08x %sesi=%08x %sedi=%08x\n"
3253	"%seip=%08x %sesp=%08x %sebp=%08x %siopl=%d %*s\n"
3254	"%scs=%04x %sss=%04x %sds=%04x %ses=%04x %sfs=%04x %sgs=%04x %seflags=%08x\n",
3255	pszPrefix, pCtx->eax, pszPrefix, pCtx->ebx, pszPrefix, pCtx->ecx, pszPrefix, pCtx->edx, pszPrefix, pCtx->esi, pszPrefix, pCtx->edi,
3256	pszPrefix, pCtx->eip, pszPrefix, pCtx->esp, pszPrefix, pCtx->ebp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3257	pszPrefix, pCtx->cs.Sel, pszPrefix, pCtx->ss.Sel, pszPrefix, pCtx->ds.Sel, pszPrefix, pCtx->es.Sel,
3258	pszPrefix, pCtx->fs.Sel, pszPrefix, pCtx->gs.Sel, pszPrefix, efl);
3259	break;
3260
3261	case CPUMDUMPTYPE_DEFAULT:
3262	if (CPUMIsGuestIn64BitCodeEx(pCtx))
3263	pHlp->pfnPrintf(pHlp,
3264	"%srax=%016RX64 %srbx=%016RX64 %srcx=%016RX64 %srdx=%016RX64\n"
3265	"%srsi=%016RX64 %srdi=%016RX64 %sr8 =%016RX64 %sr9 =%016RX64\n"
3266	"%sr10=%016RX64 %sr11=%016RX64 %sr12=%016RX64 %sr13=%016RX64\n"
3267	"%sr14=%016RX64 %sr15=%016RX64\n"
3268	"%srip=%016RX64 %srsp=%016RX64 %srbp=%016RX64 %siopl=%d %*s\n"
3269	"%scs=%04x %sss=%04x %sds=%04x %ses=%04x %sfs=%04x %sgs=%04x %str=%04x %seflags=%08x\n"
3270	"%scr0=%08RX64 %scr2=%08RX64 %scr3=%08RX64 %scr4=%08RX64 %sgdtr=%016RX64:%04x %sldtr=%04x\n"
3271	,
3272	pszPrefix, pCtx->rax, pszPrefix, pCtx->rbx, pszPrefix, pCtx->rcx, pszPrefix, pCtx->rdx, pszPrefix, pCtx->rsi, pszPrefix, pCtx->rdi,
3273	pszPrefix, pCtx->r8, pszPrefix, pCtx->r9, pszPrefix, pCtx->r10, pszPrefix, pCtx->r11, pszPrefix, pCtx->r12, pszPrefix, pCtx->r13,
3274	pszPrefix, pCtx->r14, pszPrefix, pCtx->r15,
3275	pszPrefix, pCtx->rip, pszPrefix, pCtx->rsp, pszPrefix, pCtx->rbp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3276	pszPrefix, pCtx->cs.Sel, pszPrefix, pCtx->ss.Sel, pszPrefix, pCtx->ds.Sel, pszPrefix, pCtx->es.Sel,
3277	pszPrefix, pCtx->fs.Sel, pszPrefix, pCtx->gs.Sel, pszPrefix, pCtx->tr.Sel, pszPrefix, efl,
3278	pszPrefix, pCtx->cr0, pszPrefix, pCtx->cr2, pszPrefix, pCtx->cr3, pszPrefix, pCtx->cr4,
3279	pszPrefix, pCtx->gdtr.pGdt, pCtx->gdtr.cbGdt, pszPrefix, pCtx->ldtr.Sel);
3280	else
3281	pHlp->pfnPrintf(pHlp,
3282	"%seax=%08x %sebx=%08x %secx=%08x %sedx=%08x %sesi=%08x %sedi=%08x\n"
3283	"%seip=%08x %sesp=%08x %sebp=%08x %siopl=%d %*s\n"
3284	"%scs=%04x %sss=%04x %sds=%04x %ses=%04x %sfs=%04x %sgs=%04x %str=%04x %seflags=%08x\n"
3285	"%scr0=%08RX64 %scr2=%08RX64 %scr3=%08RX64 %scr4=%08RX64 %sgdtr=%08RX64:%04x %sldtr=%04x\n"
3286	,
3287	pszPrefix, pCtx->eax, pszPrefix, pCtx->ebx, pszPrefix, pCtx->ecx, pszPrefix, pCtx->edx, pszPrefix, pCtx->esi, pszPrefix, pCtx->edi,
3288	pszPrefix, pCtx->eip, pszPrefix, pCtx->esp, pszPrefix, pCtx->ebp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3289	pszPrefix, pCtx->cs.Sel, pszPrefix, pCtx->ss.Sel, pszPrefix, pCtx->ds.Sel, pszPrefix, pCtx->es.Sel,
3290	pszPrefix, pCtx->fs.Sel, pszPrefix, pCtx->gs.Sel, pszPrefix, pCtx->tr.Sel, pszPrefix, efl,
3291	pszPrefix, pCtx->cr0, pszPrefix, pCtx->cr2, pszPrefix, pCtx->cr3, pszPrefix, pCtx->cr4,
3292	pszPrefix, pCtx->gdtr.pGdt, pCtx->gdtr.cbGdt, pszPrefix, pCtx->ldtr.Sel);
3293	break;
3294
3295	case CPUMDUMPTYPE_VERBOSE:
3296	if (CPUMIsGuestIn64BitCodeEx(pCtx))
3297	pHlp->pfnPrintf(pHlp,
3298	"%srax=%016RX64 %srbx=%016RX64 %srcx=%016RX64 %srdx=%016RX64\n"
3299	"%srsi=%016RX64 %srdi=%016RX64 %sr8 =%016RX64 %sr9 =%016RX64\n"
3300	"%sr10=%016RX64 %sr11=%016RX64 %sr12=%016RX64 %sr13=%016RX64\n"
3301	"%sr14=%016RX64 %sr15=%016RX64\n"
3302	"%srip=%016RX64 %srsp=%016RX64 %srbp=%016RX64 %siopl=%d %*s\n"
3303	"%scs={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3304	"%sds={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3305	"%ses={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3306	"%sfs={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3307	"%sgs={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3308	"%sss={%04x base=%016RX64 limit=%08x flags=%08x}\n"
3309	"%scr0=%016RX64 %scr2=%016RX64 %scr3=%016RX64 %scr4=%016RX64\n"
3310	"%sdr0=%016RX64 %sdr1=%016RX64 %sdr2=%016RX64 %sdr3=%016RX64\n"
3311	"%sdr4=%016RX64 %sdr5=%016RX64 %sdr6=%016RX64 %sdr7=%016RX64\n"
3312	"%sgdtr=%016RX64:%04x %sidtr=%016RX64:%04x %seflags=%08x\n"
3313	"%sldtr={%04x base=%08RX64 limit=%08x flags=%08x}\n"
3314	"%str ={%04x base=%08RX64 limit=%08x flags=%08x}\n"
3315	"%sSysEnter={cs=%04llx eip=%016RX64 esp=%016RX64}\n"
3316	,
3317	pszPrefix, pCtx->rax, pszPrefix, pCtx->rbx, pszPrefix, pCtx->rcx, pszPrefix, pCtx->rdx, pszPrefix, pCtx->rsi, pszPrefix, pCtx->rdi,
3318	pszPrefix, pCtx->r8, pszPrefix, pCtx->r9, pszPrefix, pCtx->r10, pszPrefix, pCtx->r11, pszPrefix, pCtx->r12, pszPrefix, pCtx->r13,
3319	pszPrefix, pCtx->r14, pszPrefix, pCtx->r15,
3320	pszPrefix, pCtx->rip, pszPrefix, pCtx->rsp, pszPrefix, pCtx->rbp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3321	pszPrefix, pCtx->cs.Sel, pCtx->cs.u64Base, pCtx->cs.u32Limit, pCtx->cs.Attr.u,
3322	pszPrefix, pCtx->ds.Sel, pCtx->ds.u64Base, pCtx->ds.u32Limit, pCtx->ds.Attr.u,
3323	pszPrefix, pCtx->es.Sel, pCtx->es.u64Base, pCtx->es.u32Limit, pCtx->es.Attr.u,
3324	pszPrefix, pCtx->fs.Sel, pCtx->fs.u64Base, pCtx->fs.u32Limit, pCtx->fs.Attr.u,
3325	pszPrefix, pCtx->gs.Sel, pCtx->gs.u64Base, pCtx->gs.u32Limit, pCtx->gs.Attr.u,
3326	pszPrefix, pCtx->ss.Sel, pCtx->ss.u64Base, pCtx->ss.u32Limit, pCtx->ss.Attr.u,
3327	pszPrefix, pCtx->cr0, pszPrefix, pCtx->cr2, pszPrefix, pCtx->cr3, pszPrefix, pCtx->cr4,
3328	pszPrefix, pCtx->dr[0], pszPrefix, pCtx->dr[1], pszPrefix, pCtx->dr[2], pszPrefix, pCtx->dr[3],
3329	pszPrefix, pCtx->dr[4], pszPrefix, pCtx->dr[5], pszPrefix, pCtx->dr[6], pszPrefix, pCtx->dr[7],
3330	pszPrefix, pCtx->gdtr.pGdt, pCtx->gdtr.cbGdt, pszPrefix, pCtx->idtr.pIdt, pCtx->idtr.cbIdt, pszPrefix, efl,
3331	pszPrefix, pCtx->ldtr.Sel, pCtx->ldtr.u64Base, pCtx->ldtr.u32Limit, pCtx->ldtr.Attr.u,
3332	pszPrefix, pCtx->tr.Sel, pCtx->tr.u64Base, pCtx->tr.u32Limit, pCtx->tr.Attr.u,
3333	pszPrefix, pCtx->SysEnter.cs, pCtx->SysEnter.eip, pCtx->SysEnter.esp);
3334	else
3335	pHlp->pfnPrintf(pHlp,
3336	"%seax=%08x %sebx=%08x %secx=%08x %sedx=%08x %sesi=%08x %sedi=%08x\n"
3337	"%seip=%08x %sesp=%08x %sebp=%08x %siopl=%d %*s\n"
3338	"%scs={%04x base=%016RX64 limit=%08x flags=%08x} %sdr0=%08RX64 %sdr1=%08RX64\n"
3339	"%sds={%04x base=%016RX64 limit=%08x flags=%08x} %sdr2=%08RX64 %sdr3=%08RX64\n"
3340	"%ses={%04x base=%016RX64 limit=%08x flags=%08x} %sdr4=%08RX64 %sdr5=%08RX64\n"
3341	"%sfs={%04x base=%016RX64 limit=%08x flags=%08x} %sdr6=%08RX64 %sdr7=%08RX64\n"
3342	"%sgs={%04x base=%016RX64 limit=%08x flags=%08x} %scr0=%08RX64 %scr2=%08RX64\n"
3343	"%sss={%04x base=%016RX64 limit=%08x flags=%08x} %scr3=%08RX64 %scr4=%08RX64\n"
3344	"%sgdtr=%016RX64:%04x %sidtr=%016RX64:%04x %seflags=%08x\n"
3345	"%sldtr={%04x base=%08RX64 limit=%08x flags=%08x}\n"
3346	"%str ={%04x base=%08RX64 limit=%08x flags=%08x}\n"
3347	"%sSysEnter={cs=%04llx eip=%08llx esp=%08llx}\n"
3348	,
3349	pszPrefix, pCtx->eax, pszPrefix, pCtx->ebx, pszPrefix, pCtx->ecx, pszPrefix, pCtx->edx, pszPrefix, pCtx->esi, pszPrefix, pCtx->edi,
3350	pszPrefix, pCtx->eip, pszPrefix, pCtx->esp, pszPrefix, pCtx->ebp, pszPrefix, X86_EFL_GET_IOPL(efl), *pszPrefix ? 33 : 31, szEFlags,
3351	pszPrefix, pCtx->cs.Sel, pCtx->cs.u64Base, pCtx->cs.u32Limit, pCtx->cs.Attr.u, pszPrefix, pCtx->dr[0], pszPrefix, pCtx->dr[1],
3352	pszPrefix, pCtx->ds.Sel, pCtx->ds.u64Base, pCtx->ds.u32Limit, pCtx->ds.Attr.u, pszPrefix, pCtx->dr[2], pszPrefix, pCtx->dr[3],
3353	pszPrefix, pCtx->es.Sel, pCtx->es.u64Base, pCtx->es.u32Limit, pCtx->es.Attr.u, pszPrefix, pCtx->dr[4], pszPrefix, pCtx->dr[5],
3354	pszPrefix, pCtx->fs.Sel, pCtx->fs.u64Base, pCtx->fs.u32Limit, pCtx->fs.Attr.u, pszPrefix, pCtx->dr[6], pszPrefix, pCtx->dr[7],
3355	pszPrefix, pCtx->gs.Sel, pCtx->gs.u64Base, pCtx->gs.u32Limit, pCtx->gs.Attr.u, pszPrefix, pCtx->cr0, pszPrefix, pCtx->cr2,
3356	pszPrefix, pCtx->ss.Sel, pCtx->ss.u64Base, pCtx->ss.u32Limit, pCtx->ss.Attr.u, pszPrefix, pCtx->cr3, pszPrefix, pCtx->cr4,
3357	pszPrefix, pCtx->gdtr.pGdt, pCtx->gdtr.cbGdt, pszPrefix, pCtx->idtr.pIdt, pCtx->idtr.cbIdt, pszPrefix, efl,
3358	pszPrefix, pCtx->ldtr.Sel, pCtx->ldtr.u64Base, pCtx->ldtr.u32Limit, pCtx->ldtr.Attr.u,
3359	pszPrefix, pCtx->tr.Sel, pCtx->tr.u64Base, pCtx->tr.u32Limit, pCtx->tr.Attr.u,
3360	pszPrefix, pCtx->SysEnter.cs, pCtx->SysEnter.eip, pCtx->SysEnter.esp);
3361
3362	pHlp->pfnPrintf(pHlp, "%sxcr=%016RX64 %sxcr1=%016RX64 %sxss=%016RX64 (fXStateMask=%016RX64)\n",
3363	pszPrefix, pCtx->aXcr[0], pszPrefix, pCtx->aXcr[1],
3364	pszPrefix, UINT64_C(0) /** @todo XSS */, pCtx->fXStateMask);
3365	{
3366	PX86FXSTATE pFpuCtx = &pCtx->XState.x87;
3367	pHlp->pfnPrintf(pHlp,
3368	"%sFCW=%04x %sFSW=%04x %sFTW=%04x %sFOP=%04x %sMXCSR=%08x %sMXCSR_MASK=%08x\n"
3369	"%sFPUIP=%08x %sCS=%04x %sRsrvd1=%04x %sFPUDP=%08x %sDS=%04x %sRsvrd2=%04x\n"
3370	,
3371	pszPrefix, pFpuCtx->FCW, pszPrefix, pFpuCtx->FSW, pszPrefix, pFpuCtx->FTW, pszPrefix, pFpuCtx->FOP,
3372	pszPrefix, pFpuCtx->MXCSR, pszPrefix, pFpuCtx->MXCSR_MASK,
3373	pszPrefix, pFpuCtx->FPUIP, pszPrefix, pFpuCtx->CS, pszPrefix, pFpuCtx->Rsrvd1,
3374	pszPrefix, pFpuCtx->FPUDP, pszPrefix, pFpuCtx->DS, pszPrefix, pFpuCtx->Rsrvd2
3375	);
3376	/*
3377	* The FSAVE style memory image contains ST(0)-ST(7) at increasing addresses,
3378	* not (FP)R0-7 as Intel SDM suggests.
3379	*/
3380	unsigned iShift = (pFpuCtx->FSW >> 11) & 7;
3381	for (unsigned iST = 0; iST < RT_ELEMENTS(pFpuCtx->aRegs); iST++)
3382	{
3383	unsigned iFPR = (iST + iShift) % RT_ELEMENTS(pFpuCtx->aRegs);
3384	unsigned uTag = (pFpuCtx->FTW >> (2 * iFPR)) & 3;
3385	char chSign = pFpuCtx->aRegs[iST].au16[4] & 0x8000 ? '-' : '+';
3386	unsigned iInteger = (unsigned)(pFpuCtx->aRegs[iST].au64[0] >> 63);
3387	uint64_t u64Fraction = pFpuCtx->aRegs[iST].au64[0] & UINT64_C(0x7fffffffffffffff);
3388	int iExponent = pFpuCtx->aRegs[iST].au16[4] & 0x7fff;
3389	iExponent -= 16383; /* subtract bias */
3390	/** @todo This isn't entirenly correct and needs more work! */
3391	pHlp->pfnPrintf(pHlp,
3392	"%sST(%u)=%sFPR%u={%04RX16'%08RX32'%08RX32} t%d %c%u.%022llu * 2 ^ %d (*)",
3393	pszPrefix, iST, pszPrefix, iFPR,
3394	pFpuCtx->aRegs[iST].au16[4], pFpuCtx->aRegs[iST].au32[1], pFpuCtx->aRegs[iST].au32[0],
3395	uTag, chSign, iInteger, u64Fraction, iExponent);
3396	if (pFpuCtx->aRegs[iST].au16[5] \|\| pFpuCtx->aRegs[iST].au16[6] \|\| pFpuCtx->aRegs[iST].au16[7])
3397	pHlp->pfnPrintf(pHlp, " res={%04RX16,%04RX16,%04RX16}\n",
3398	pFpuCtx->aRegs[iST].au16[5], pFpuCtx->aRegs[iST].au16[6], pFpuCtx->aRegs[iST].au16[7]);
3399	else
3400	pHlp->pfnPrintf(pHlp, "\n");
3401	}
3402
3403	/* XMM/YMM/ZMM registers. */
3404	if (pCtx->fXStateMask & XSAVE_C_YMM)
3405	{
3406	PCX86XSAVEYMMHI pYmmHiCtx = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_YMM_BIT, PCX86XSAVEYMMHI);
3407	if (!(pCtx->fXStateMask & XSAVE_C_ZMM_HI256))
3408	for (unsigned i = 0; i < RT_ELEMENTS(pFpuCtx->aXMM); i++)
3409	pHlp->pfnPrintf(pHlp, "%sYMM%u%s=%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32\n",
3410	pszPrefix, i, i < 10 ? " " : "",
3411	pYmmHiCtx->aYmmHi[i].au32[3],
3412	pYmmHiCtx->aYmmHi[i].au32[2],
3413	pYmmHiCtx->aYmmHi[i].au32[1],
3414	pYmmHiCtx->aYmmHi[i].au32[0],
3415	pFpuCtx->aXMM[i].au32[3],
3416	pFpuCtx->aXMM[i].au32[2],
3417	pFpuCtx->aXMM[i].au32[1],
3418	pFpuCtx->aXMM[i].au32[0]);
3419	else
3420	{
3421	PCX86XSAVEZMMHI256 pZmmHi256 = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_ZMM_HI256_BIT, PCX86XSAVEZMMHI256);
3422	for (unsigned i = 0; i < RT_ELEMENTS(pFpuCtx->aXMM); i++)
3423	pHlp->pfnPrintf(pHlp,
3424	"%sZMM%u%s=%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32''%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32\n",
3425	pszPrefix, i, i < 10 ? " " : "",
3426	pZmmHi256->aHi256Regs[i].au32[7],
3427	pZmmHi256->aHi256Regs[i].au32[6],
3428	pZmmHi256->aHi256Regs[i].au32[5],
3429	pZmmHi256->aHi256Regs[i].au32[4],
3430	pZmmHi256->aHi256Regs[i].au32[3],
3431	pZmmHi256->aHi256Regs[i].au32[2],
3432	pZmmHi256->aHi256Regs[i].au32[1],
3433	pZmmHi256->aHi256Regs[i].au32[0],
3434	pYmmHiCtx->aYmmHi[i].au32[3],
3435	pYmmHiCtx->aYmmHi[i].au32[2],
3436	pYmmHiCtx->aYmmHi[i].au32[1],
3437	pYmmHiCtx->aYmmHi[i].au32[0],
3438	pFpuCtx->aXMM[i].au32[3],
3439	pFpuCtx->aXMM[i].au32[2],
3440	pFpuCtx->aXMM[i].au32[1],
3441	pFpuCtx->aXMM[i].au32[0]);
3442
3443	PCX86XSAVEZMM16HI pZmm16Hi = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_ZMM_16HI_BIT, PCX86XSAVEZMM16HI);
3444	for (unsigned i = 0; i < RT_ELEMENTS(pZmm16Hi->aRegs); i++)
3445	pHlp->pfnPrintf(pHlp,
3446	"%sZMM%u=%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32''%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32'%08RX32\n",
3447	pszPrefix, i + 16,
3448	pZmm16Hi->aRegs[i].au32[15],
3449	pZmm16Hi->aRegs[i].au32[14],
3450	pZmm16Hi->aRegs[i].au32[13],
3451	pZmm16Hi->aRegs[i].au32[12],
3452	pZmm16Hi->aRegs[i].au32[11],
3453	pZmm16Hi->aRegs[i].au32[10],
3454	pZmm16Hi->aRegs[i].au32[9],
3455	pZmm16Hi->aRegs[i].au32[8],
3456	pZmm16Hi->aRegs[i].au32[7],
3457	pZmm16Hi->aRegs[i].au32[6],
3458	pZmm16Hi->aRegs[i].au32[5],
3459	pZmm16Hi->aRegs[i].au32[4],
3460	pZmm16Hi->aRegs[i].au32[3],
3461	pZmm16Hi->aRegs[i].au32[2],
3462	pZmm16Hi->aRegs[i].au32[1],
3463	pZmm16Hi->aRegs[i].au32[0]);
3464	}
3465	}
3466	else
3467	for (unsigned i = 0; i < RT_ELEMENTS(pFpuCtx->aXMM); i++)
3468	pHlp->pfnPrintf(pHlp,
3469	i & 1
3470	? "%sXMM%u%s=%08RX32'%08RX32'%08RX32'%08RX32\n"
3471	: "%sXMM%u%s=%08RX32'%08RX32'%08RX32'%08RX32 ",
3472	pszPrefix, i, i < 10 ? " " : "",
3473	pFpuCtx->aXMM[i].au32[3],
3474	pFpuCtx->aXMM[i].au32[2],
3475	pFpuCtx->aXMM[i].au32[1],
3476	pFpuCtx->aXMM[i].au32[0]);
3477
3478	if (pCtx->fXStateMask & XSAVE_C_OPMASK)
3479	{
3480	PCX86XSAVEOPMASK pOpMask = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_OPMASK_BIT, PCX86XSAVEOPMASK);
3481	for (unsigned i = 0; i < RT_ELEMENTS(pOpMask->aKRegs); i += 4)
3482	pHlp->pfnPrintf(pHlp, "%sK%u=%016RX64 %sK%u=%016RX64 %sK%u=%016RX64 %sK%u=%016RX64\n",
3483	pszPrefix, i + 0, pOpMask->aKRegs[i + 0],
3484	pszPrefix, i + 1, pOpMask->aKRegs[i + 1],
3485	pszPrefix, i + 2, pOpMask->aKRegs[i + 2],
3486	pszPrefix, i + 3, pOpMask->aKRegs[i + 3]);
3487	}
3488
3489	if (pCtx->fXStateMask & XSAVE_C_BNDREGS)
3490	{
3491	PCX86XSAVEBNDREGS pBndRegs = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_BNDREGS_BIT, PCX86XSAVEBNDREGS);
3492	for (unsigned i = 0; i < RT_ELEMENTS(pBndRegs->aRegs); i += 2)
3493	pHlp->pfnPrintf(pHlp, "%sBNDREG%u=%016RX64/%016RX64 %sBNDREG%u=%016RX64/%016RX64\n",
3494	pszPrefix, i, pBndRegs->aRegs[i].uLowerBound, pBndRegs->aRegs[i].uUpperBound,
3495	pszPrefix, i + 1, pBndRegs->aRegs[i + 1].uLowerBound, pBndRegs->aRegs[i + 1].uUpperBound);
3496	}
3497
3498	if (pCtx->fXStateMask & XSAVE_C_BNDCSR)
3499	{
3500	PCX86XSAVEBNDCFG pBndCfg = CPUMCTX_XSAVE_C_PTR(pCtx, XSAVE_C_BNDCSR_BIT, PCX86XSAVEBNDCFG);
3501	pHlp->pfnPrintf(pHlp, "%sBNDCFG.CONFIG=%016RX64 %sBNDCFG.STATUS=%016RX64\n",
3502	pszPrefix, pBndCfg->fConfig, pszPrefix, pBndCfg->fStatus);
3503	}
3504
3505	for (unsigned i = 0; i < RT_ELEMENTS(pFpuCtx->au32RsrvdRest); i++)
3506	if (pFpuCtx->au32RsrvdRest[i])
3507	pHlp->pfnPrintf(pHlp, "%sRsrvdRest[%u]=%RX32 (offset=%#x)\n",
3508	pszPrefix, i, pFpuCtx->au32RsrvdRest[i], RT_UOFFSETOF_DYN(X86FXSTATE, au32RsrvdRest[i]) );
3509	}
3510
3511	pHlp->pfnPrintf(pHlp,
3512	"%sEFER =%016RX64\n"
3513	"%sPAT =%016RX64\n"
3514	"%sSTAR =%016RX64\n"
3515	"%sCSTAR =%016RX64\n"
3516	"%sLSTAR =%016RX64\n"
3517	"%sSFMASK =%016RX64\n"
3518	"%sKERNELGSBASE =%016RX64\n",
3519	pszPrefix, pCtx->msrEFER,
3520	pszPrefix, pCtx->msrPAT,
3521	pszPrefix, pCtx->msrSTAR,
3522	pszPrefix, pCtx->msrCSTAR,
3523	pszPrefix, pCtx->msrLSTAR,
3524	pszPrefix, pCtx->msrSFMASK,
3525	pszPrefix, pCtx->msrKERNELGSBASE);
3526
3527	if (CPUMIsGuestInPAEModeEx(pCtx))
3528	for (unsigned i = 0; i < RT_ELEMENTS(pCtx->aPaePdpes); i++)
3529	pHlp->pfnPrintf(pHlp, "%sPAE PDPTE %u =%016RX64\n", pszPrefix, i, pCtx->aPaePdpes[i]);
3530	break;
3531	}
3532	}
3533
3534
3535	/**
3536	* Display all cpu states and any other cpum info.
3537	*
3538	* @param pVM The cross context VM structure.
3539	* @param pHlp The info helper functions.
3540	* @param pszArgs Arguments, ignored.
3541	*/
3542	static DECLCALLBACK(void) cpumR3InfoAll(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
3543	{
3544	cpumR3InfoGuest(pVM, pHlp, pszArgs);
3545	cpumR3InfoGuestInstr(pVM, pHlp, pszArgs);
3546	cpumR3InfoGuestHwvirt(pVM, pHlp, pszArgs);
3547	cpumR3InfoHyper(pVM, pHlp, pszArgs);
3548	cpumR3InfoHost(pVM, pHlp, pszArgs);
3549	}
3550
3551
3552	/**
3553	* Parses the info argument.
3554	*
3555	* The argument starts with 'verbose', 'terse' or 'default' and then
3556	* continues with the comment string.
3557	*
3558	* @param pszArgs The pointer to the argument string.
3559	* @param penmType Where to store the dump type request.
3560	* @param ppszComment Where to store the pointer to the comment string.
3561	*/
3562	static void cpumR3InfoParseArg(const char pszArgs, CPUMDUMPTYPE penmType, const char **ppszComment)
3563	{
3564	if (!pszArgs)
3565	{
3566	*penmType = CPUMDUMPTYPE_DEFAULT;
3567	*ppszComment = "";
3568	}
3569	else
3570	{
3571	if (!strncmp(pszArgs, RT_STR_TUPLE("verbose")))
3572	{
3573	pszArgs += 7;
3574	*penmType = CPUMDUMPTYPE_VERBOSE;
3575	}
3576	else if (!strncmp(pszArgs, RT_STR_TUPLE("terse")))
3577	{
3578	pszArgs += 5;
3579	*penmType = CPUMDUMPTYPE_TERSE;
3580	}
3581	else if (!strncmp(pszArgs, RT_STR_TUPLE("default")))
3582	{
3583	pszArgs += 7;
3584	*penmType = CPUMDUMPTYPE_DEFAULT;
3585	}
3586	else
3587	*penmType = CPUMDUMPTYPE_DEFAULT;
3588	*ppszComment = RTStrStripL(pszArgs);
3589	}
3590	}
3591
3592
3593	/**
3594	* Display the guest cpu state.
3595	*
3596	* @param pVM The cross context VM structure.
3597	* @param pHlp The info helper functions.
3598	* @param pszArgs Arguments.
3599	*/
3600	static DECLCALLBACK(void) cpumR3InfoGuest(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
3601	{
3602	CPUMDUMPTYPE enmType;
3603	const char *pszComment;
3604	cpumR3InfoParseArg(pszArgs, &enmType, &pszComment);
3605
3606	PVMCPU pVCpu = VMMGetCpu(pVM);
3607	if (!pVCpu)
3608	pVCpu = pVM->apCpusR3[0];
3609
3610	pHlp->pfnPrintf(pHlp, "Guest CPUM (VCPU %d) state: %s\n", pVCpu->idCpu, pszComment);
3611
3612	PCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
3613	cpumR3InfoOne(pVM, pCtx, pHlp, enmType, "");
3614	}
3615
3616
3617	/**
3618	* Displays an SVM VMCB control area.
3619	*
3620	* @param pHlp The info helper functions.
3621	* @param pVmcbCtrl Pointer to a SVM VMCB controls area.
3622	* @param pszPrefix Caller specified string prefix.
3623	*/
3624	static void cpumR3InfoSvmVmcbCtrl(PCDBGFINFOHLP pHlp, PCSVMVMCBCTRL pVmcbCtrl, const char *pszPrefix)
3625	{
3626	AssertReturnVoid(pHlp);
3627	AssertReturnVoid(pVmcbCtrl);
3628
3629	pHlp->pfnPrintf(pHlp, "%sCRX-read intercepts = %#RX16\n", pszPrefix, pVmcbCtrl->u16InterceptRdCRx);
3630	pHlp->pfnPrintf(pHlp, "%sCRX-write intercepts = %#RX16\n", pszPrefix, pVmcbCtrl->u16InterceptWrCRx);
3631	pHlp->pfnPrintf(pHlp, "%sDRX-read intercepts = %#RX16\n", pszPrefix, pVmcbCtrl->u16InterceptRdDRx);
3632	pHlp->pfnPrintf(pHlp, "%sDRX-write intercepts = %#RX16\n", pszPrefix, pVmcbCtrl->u16InterceptWrDRx);
3633	pHlp->pfnPrintf(pHlp, "%sException intercepts = %#RX32\n", pszPrefix, pVmcbCtrl->u32InterceptXcpt);
3634	pHlp->pfnPrintf(pHlp, "%sControl intercepts = %#RX64\n", pszPrefix, pVmcbCtrl->u64InterceptCtrl);
3635	pHlp->pfnPrintf(pHlp, "%sPause-filter threshold = %#RX16\n", pszPrefix, pVmcbCtrl->u16PauseFilterThreshold);
3636	pHlp->pfnPrintf(pHlp, "%sPause-filter count = %#RX16\n", pszPrefix, pVmcbCtrl->u16PauseFilterCount);
3637	pHlp->pfnPrintf(pHlp, "%sIOPM bitmap physaddr = %#RX64\n", pszPrefix, pVmcbCtrl->u64IOPMPhysAddr);
3638	pHlp->pfnPrintf(pHlp, "%sMSRPM bitmap physaddr = %#RX64\n", pszPrefix, pVmcbCtrl->u64MSRPMPhysAddr);
3639	pHlp->pfnPrintf(pHlp, "%sTSC offset = %#RX64\n", pszPrefix, pVmcbCtrl->u64TSCOffset);
3640	pHlp->pfnPrintf(pHlp, "%sTLB Control\n", pszPrefix);
3641	pHlp->pfnPrintf(pHlp, " %sASID = %#RX32\n", pszPrefix, pVmcbCtrl->TLBCtrl.n.u32ASID);
3642	pHlp->pfnPrintf(pHlp, " %sTLB-flush type = %u\n", pszPrefix, pVmcbCtrl->TLBCtrl.n.u8TLBFlush);
3643	pHlp->pfnPrintf(pHlp, "%sInterrupt Control\n", pszPrefix);
3644	pHlp->pfnPrintf(pHlp, " %sVTPR = %#RX8 (%u)\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u8VTPR, pVmcbCtrl->IntCtrl.n.u8VTPR);
3645	pHlp->pfnPrintf(pHlp, " %sVIRQ (Pending) = %RTbool\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1VIrqPending);
3646	pHlp->pfnPrintf(pHlp, " %sVINTR vector = %#RX8\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u8VIntrVector);
3647	pHlp->pfnPrintf(pHlp, " %sVGIF = %u\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1VGif);
3648	pHlp->pfnPrintf(pHlp, " %sVINTR priority = %#RX8\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u4VIntrPrio);
3649	pHlp->pfnPrintf(pHlp, " %sIgnore TPR = %RTbool\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1IgnoreTPR);
3650	pHlp->pfnPrintf(pHlp, " %sVINTR masking = %RTbool\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1VIntrMasking);
3651	pHlp->pfnPrintf(pHlp, " %sVGIF enable = %RTbool\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1VGifEnable);
3652	pHlp->pfnPrintf(pHlp, " %sAVIC enable = %RTbool\n", pszPrefix, pVmcbCtrl->IntCtrl.n.u1AvicEnable);
3653	pHlp->pfnPrintf(pHlp, "%sInterrupt Shadow\n", pszPrefix);
3654	pHlp->pfnPrintf(pHlp, " %sInterrupt shadow = %RTbool\n", pszPrefix, pVmcbCtrl->IntShadow.n.u1IntShadow);
3655	pHlp->pfnPrintf(pHlp, " %sGuest-interrupt Mask = %RTbool\n", pszPrefix, pVmcbCtrl->IntShadow.n.u1GuestIntMask);
3656	pHlp->pfnPrintf(pHlp, "%sExit Code = %#RX64\n", pszPrefix, pVmcbCtrl->u64ExitCode);
3657	pHlp->pfnPrintf(pHlp, "%sEXITINFO1 = %#RX64\n", pszPrefix, pVmcbCtrl->u64ExitInfo1);
3658	pHlp->pfnPrintf(pHlp, "%sEXITINFO2 = %#RX64\n", pszPrefix, pVmcbCtrl->u64ExitInfo2);
3659	pHlp->pfnPrintf(pHlp, "%sExit Interrupt Info\n", pszPrefix);
3660	pHlp->pfnPrintf(pHlp, " %sValid = %RTbool\n", pszPrefix, pVmcbCtrl->ExitIntInfo.n.u1Valid);
3661	pHlp->pfnPrintf(pHlp, " %sVector = %#RX8 (%u)\n", pszPrefix, pVmcbCtrl->ExitIntInfo.n.u8Vector, pVmcbCtrl->ExitIntInfo.n.u8Vector);
3662	pHlp->pfnPrintf(pHlp, " %sType = %u\n", pszPrefix, pVmcbCtrl->ExitIntInfo.n.u3Type);
3663	pHlp->pfnPrintf(pHlp, " %sError-code valid = %RTbool\n", pszPrefix, pVmcbCtrl->ExitIntInfo.n.u1ErrorCodeValid);
3664	pHlp->pfnPrintf(pHlp, " %sError-code = %#RX32\n", pszPrefix, pVmcbCtrl->ExitIntInfo.n.u32ErrorCode);
3665	pHlp->pfnPrintf(pHlp, "%sNested paging and SEV\n", pszPrefix);
3666	pHlp->pfnPrintf(pHlp, " %sNested paging = %RTbool\n", pszPrefix, pVmcbCtrl->NestedPagingCtrl.n.u1NestedPaging);
3667	pHlp->pfnPrintf(pHlp, " %sSEV (Secure Encrypted VM) = %RTbool\n", pszPrefix, pVmcbCtrl->NestedPagingCtrl.n.u1Sev);
3668	pHlp->pfnPrintf(pHlp, " %sSEV-ES (Encrypted State) = %RTbool\n", pszPrefix, pVmcbCtrl->NestedPagingCtrl.n.u1SevEs);
3669	pHlp->pfnPrintf(pHlp, "%sEvent Inject\n", pszPrefix);
3670	pHlp->pfnPrintf(pHlp, " %sValid = %RTbool\n", pszPrefix, pVmcbCtrl->EventInject.n.u1Valid);
3671	pHlp->pfnPrintf(pHlp, " %sVector = %#RX32 (%u)\n", pszPrefix, pVmcbCtrl->EventInject.n.u8Vector, pVmcbCtrl->EventInject.n.u8Vector);
3672	pHlp->pfnPrintf(pHlp, " %sType = %u\n", pszPrefix, pVmcbCtrl->EventInject.n.u3Type);
3673	pHlp->pfnPrintf(pHlp, " %sError-code valid = %RTbool\n", pszPrefix, pVmcbCtrl->EventInject.n.u1ErrorCodeValid);
3674	pHlp->pfnPrintf(pHlp, " %sError-code = %#RX32\n", pszPrefix, pVmcbCtrl->EventInject.n.u32ErrorCode);
3675	pHlp->pfnPrintf(pHlp, "%sNested-paging CR3 = %#RX64\n", pszPrefix, pVmcbCtrl->u64NestedPagingCR3);
3676	pHlp->pfnPrintf(pHlp, "%sLBR Virtualization\n", pszPrefix);
3677	pHlp->pfnPrintf(pHlp, " %sLBR virt = %RTbool\n", pszPrefix, pVmcbCtrl->LbrVirt.n.u1LbrVirt);
3678	pHlp->pfnPrintf(pHlp, " %sVirt. VMSAVE/VMLOAD = %RTbool\n", pszPrefix, pVmcbCtrl->LbrVirt.n.u1VirtVmsaveVmload);
3679	pHlp->pfnPrintf(pHlp, "%sVMCB Clean Bits = %#RX32\n", pszPrefix, pVmcbCtrl->u32VmcbCleanBits);
3680	pHlp->pfnPrintf(pHlp, "%sNext-RIP = %#RX64\n", pszPrefix, pVmcbCtrl->u64NextRIP);
3681	pHlp->pfnPrintf(pHlp, "%sInstruction bytes fetched = %u\n", pszPrefix, pVmcbCtrl->cbInstrFetched);
3682	pHlp->pfnPrintf(pHlp, "%sInstruction bytes = %.*Rhxs\n", pszPrefix, sizeof(pVmcbCtrl->abInstr), pVmcbCtrl->abInstr);
3683	pHlp->pfnPrintf(pHlp, "%sAVIC\n", pszPrefix);
3684	pHlp->pfnPrintf(pHlp, " %sBar addr = %#RX64\n", pszPrefix, pVmcbCtrl->AvicBar.n.u40Addr);
3685	pHlp->pfnPrintf(pHlp, " %sBacking page addr = %#RX64\n", pszPrefix, pVmcbCtrl->AvicBackingPagePtr.n.u40Addr);
3686	pHlp->pfnPrintf(pHlp, " %sLogical table addr = %#RX64\n", pszPrefix, pVmcbCtrl->AvicLogicalTablePtr.n.u40Addr);
3687	pHlp->pfnPrintf(pHlp, " %sPhysical table addr = %#RX64\n", pszPrefix, pVmcbCtrl->AvicPhysicalTablePtr.n.u40Addr);
3688	pHlp->pfnPrintf(pHlp, " %sLast guest core Id = %u\n", pszPrefix, pVmcbCtrl->AvicPhysicalTablePtr.n.u8LastGuestCoreId);
3689	}
3690
3691
3692	/**
3693	* Helper for dumping the SVM VMCB selector registers.
3694	*
3695	* @param pHlp The info helper functions.
3696	* @param pSel Pointer to the SVM selector register.
3697	* @param pszName Name of the selector.
3698	* @param pszPrefix Caller specified string prefix.
3699	*/
3700	DECLINLINE(void) cpumR3InfoSvmVmcbSelReg(PCDBGFINFOHLP pHlp, PCSVMSELREG pSel, const char pszName, const char pszPrefix)
3701	{
3702	/* The string width of 4 used below is to handle 'LDTR'. Change later if longer register names are used. */
3703	pHlp->pfnPrintf(pHlp, "%s%-4s = {%04x base=%016RX64 limit=%08x flags=%04x}\n", pszPrefix,
3704	pszName, pSel->u16Sel, pSel->u64Base, pSel->u32Limit, pSel->u16Attr);
3705	}
3706
3707
3708	/**
3709	* Helper for dumping the SVM VMCB GDTR/IDTR registers.
3710	*
3711	* @param pHlp The info helper functions.
3712	* @param pXdtr Pointer to the descriptor table register.
3713	* @param pszName Name of the descriptor table register.
3714	* @param pszPrefix Caller specified string prefix.
3715	*/
3716	DECLINLINE(void) cpumR3InfoSvmVmcbXdtr(PCDBGFINFOHLP pHlp, PCSVMXDTR pXdtr, const char pszName, const char pszPrefix)
3717	{
3718	/* The string width of 4 used below is to cover 'GDTR', 'IDTR'. Change later if longer register names are used. */
3719	pHlp->pfnPrintf(pHlp, "%s%-4s = %016RX64:%04x\n", pszPrefix, pszName, pXdtr->u64Base, pXdtr->u32Limit);
3720	}
3721
3722
3723	/**
3724	* Displays an SVM VMCB state-save area.
3725	*
3726	* @param pHlp The info helper functions.
3727	* @param pVmcbStateSave Pointer to a SVM VMCB controls area.
3728	* @param pszPrefix Caller specified string prefix.
3729	*/
3730	static void cpumR3InfoSvmVmcbStateSave(PCDBGFINFOHLP pHlp, PCSVMVMCBSTATESAVE pVmcbStateSave, const char *pszPrefix)
3731	{
3732	AssertReturnVoid(pHlp);
3733	AssertReturnVoid(pVmcbStateSave);
3734
3735	char szEFlags[80];
3736	cpumR3InfoFormatFlags(&szEFlags[0], pVmcbStateSave->u64RFlags);
3737
3738	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->CS, "CS", pszPrefix);
3739	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->SS, "SS", pszPrefix);
3740	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->ES, "ES", pszPrefix);
3741	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->DS, "DS", pszPrefix);
3742	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->FS, "FS", pszPrefix);
3743	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->GS, "GS", pszPrefix);
3744	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->LDTR, "LDTR", pszPrefix);
3745	cpumR3InfoSvmVmcbSelReg(pHlp, &pVmcbStateSave->TR, "TR", pszPrefix);
3746	cpumR3InfoSvmVmcbXdtr(pHlp, &pVmcbStateSave->GDTR, "GDTR", pszPrefix);
3747	cpumR3InfoSvmVmcbXdtr(pHlp, &pVmcbStateSave->IDTR, "IDTR", pszPrefix);
3748	pHlp->pfnPrintf(pHlp, "%sCPL = %u\n", pszPrefix, pVmcbStateSave->u8CPL);
3749	pHlp->pfnPrintf(pHlp, "%sEFER = %#RX64\n", pszPrefix, pVmcbStateSave->u64EFER);
3750	pHlp->pfnPrintf(pHlp, "%sCR4 = %#RX64\n", pszPrefix, pVmcbStateSave->u64CR4);
3751	pHlp->pfnPrintf(pHlp, "%sCR3 = %#RX64\n", pszPrefix, pVmcbStateSave->u64CR3);
3752	pHlp->pfnPrintf(pHlp, "%sCR0 = %#RX64\n", pszPrefix, pVmcbStateSave->u64CR0);
3753	pHlp->pfnPrintf(pHlp, "%sDR7 = %#RX64\n", pszPrefix, pVmcbStateSave->u64DR7);
3754	pHlp->pfnPrintf(pHlp, "%sDR6 = %#RX64\n", pszPrefix, pVmcbStateSave->u64DR6);
3755	pHlp->pfnPrintf(pHlp, "%sRFLAGS = %#RX64 %31s\n", pszPrefix, pVmcbStateSave->u64RFlags, szEFlags);
3756	pHlp->pfnPrintf(pHlp, "%sRIP = %#RX64\n", pszPrefix, pVmcbStateSave->u64RIP);
3757	pHlp->pfnPrintf(pHlp, "%sRSP = %#RX64\n", pszPrefix, pVmcbStateSave->u64RSP);
3758	pHlp->pfnPrintf(pHlp, "%sRAX = %#RX64\n", pszPrefix, pVmcbStateSave->u64RAX);
3759	pHlp->pfnPrintf(pHlp, "%sSTAR = %#RX64\n", pszPrefix, pVmcbStateSave->u64STAR);
3760	pHlp->pfnPrintf(pHlp, "%sLSTAR = %#RX64\n", pszPrefix, pVmcbStateSave->u64LSTAR);
3761	pHlp->pfnPrintf(pHlp, "%sCSTAR = %#RX64\n", pszPrefix, pVmcbStateSave->u64CSTAR);
3762	pHlp->pfnPrintf(pHlp, "%sSFMASK = %#RX64\n", pszPrefix, pVmcbStateSave->u64SFMASK);
3763	pHlp->pfnPrintf(pHlp, "%sKERNELGSBASE = %#RX64\n", pszPrefix, pVmcbStateSave->u64KernelGSBase);
3764	pHlp->pfnPrintf(pHlp, "%sSysEnter CS = %#RX64\n", pszPrefix, pVmcbStateSave->u64SysEnterCS);
3765	pHlp->pfnPrintf(pHlp, "%sSysEnter EIP = %#RX64\n", pszPrefix, pVmcbStateSave->u64SysEnterEIP);
3766	pHlp->pfnPrintf(pHlp, "%sSysEnter ESP = %#RX64\n", pszPrefix, pVmcbStateSave->u64SysEnterESP);
3767	pHlp->pfnPrintf(pHlp, "%sCR2 = %#RX64\n", pszPrefix, pVmcbStateSave->u64CR2);
3768	pHlp->pfnPrintf(pHlp, "%sPAT = %#RX64\n", pszPrefix, pVmcbStateSave->u64PAT);
3769	pHlp->pfnPrintf(pHlp, "%sDBGCTL = %#RX64\n", pszPrefix, pVmcbStateSave->u64DBGCTL);
3770	pHlp->pfnPrintf(pHlp, "%sBR_FROM = %#RX64\n", pszPrefix, pVmcbStateSave->u64BR_FROM);
3771	pHlp->pfnPrintf(pHlp, "%sBR_TO = %#RX64\n", pszPrefix, pVmcbStateSave->u64BR_TO);
3772	pHlp->pfnPrintf(pHlp, "%sLASTXCPT_FROM = %#RX64\n", pszPrefix, pVmcbStateSave->u64LASTEXCPFROM);
3773	pHlp->pfnPrintf(pHlp, "%sLASTXCPT_TO = %#RX64\n", pszPrefix, pVmcbStateSave->u64LASTEXCPTO);
3774	}
3775
3776
3777	/**
3778	* Displays a virtual-VMCS.
3779	*
3780	* @param pVCpu The cross context virtual CPU structure.
3781	* @param pHlp The info helper functions.
3782	* @param pVmcs Pointer to a virtual VMCS.
3783	* @param pszPrefix Caller specified string prefix.
3784	*/
3785	static void cpumR3InfoVmxVmcs(PVMCPU pVCpu, PCDBGFINFOHLP pHlp, PCVMXVVMCS pVmcs, const char *pszPrefix)
3786	{
3787	AssertReturnVoid(pHlp);
3788	AssertReturnVoid(pVmcs);
3789
3790	/* The string width of -4 used in the macros below to cover 'LDTR', 'GDTR', 'IDTR. */
3791	#define CPUMVMX_DUMP_HOST_XDTR(a_pHlp, a_pVmcs, a_Seg, a_SegName, a_pszPrefix) \
3792	do { \
3793	(a_pHlp)->pfnPrintf((a_pHlp), " %s%-4s = {base=%016RX64}\n", \
3794	(a_pszPrefix), (a_SegName), (a_pVmcs)->u64Host##a_Seg##Base.u); \
3795	} while (0)
3796
3797	#define CPUMVMX_DUMP_HOST_FS_GS_TR(a_pHlp, a_pVmcs, a_Seg, a_SegName, a_pszPrefix) \
3798	do { \
3799	(a_pHlp)->pfnPrintf((a_pHlp), " %s%-4s = {%04x base=%016RX64}\n", \
3800	(a_pszPrefix), (a_SegName), (a_pVmcs)->Host##a_Seg, (a_pVmcs)->u64Host##a_Seg##Base.u); \
3801	} while (0)
3802
3803	#define CPUMVMX_DUMP_GUEST_SEGREG(a_pHlp, a_pVmcs, a_Seg, a_SegName, a_pszPrefix) \
3804	do { \
3805	(a_pHlp)->pfnPrintf((a_pHlp), " %s%-4s = {%04x base=%016RX64 limit=%08x flags=%04x}\n", \
3806	(a_pszPrefix), (a_SegName), (a_pVmcs)->Guest##a_Seg, (a_pVmcs)->u64Guest##a_Seg##Base.u, \
3807	(a_pVmcs)->u32Guest##a_Seg##Limit, (a_pVmcs)->u32Guest##a_Seg##Attr); \
3808	} while (0)
3809
3810	#define CPUMVMX_DUMP_GUEST_XDTR(a_pHlp, a_pVmcs, a_Seg, a_SegName, a_pszPrefix) \
3811	do { \
3812	(a_pHlp)->pfnPrintf((a_pHlp), " %s%-4s = {base=%016RX64 limit=%08x}\n", \
3813	(a_pszPrefix), (a_SegName), (a_pVmcs)->u64Guest##a_Seg##Base.u, (a_pVmcs)->u32Guest##a_Seg##Limit); \
3814	} while (0)
3815
3816	/* Header. */
3817	{
3818	pHlp->pfnPrintf(pHlp, "%sHeader:\n", pszPrefix);
3819	pHlp->pfnPrintf(pHlp, " %sVMCS revision id = %#RX32\n", pszPrefix, pVmcs->u32VmcsRevId);
3820	pHlp->pfnPrintf(pHlp, " %sVMX-abort id = %#RX32 (%s)\n", pszPrefix, pVmcs->enmVmxAbort, VMXGetAbortDesc(pVmcs->enmVmxAbort));
3821	pHlp->pfnPrintf(pHlp, " %sVMCS state = %#x (%s)\n", pszPrefix, pVmcs->fVmcsState, VMXGetVmcsStateDesc(pVmcs->fVmcsState));
3822	}
3823
3824	/* Control fields. */
3825	{
3826	/* 16-bit. */
3827	pHlp->pfnPrintf(pHlp, "%sControl:\n", pszPrefix);
3828	pHlp->pfnPrintf(pHlp, " %sVPID = %#RX16\n", pszPrefix, pVmcs->u16Vpid);
3829	pHlp->pfnPrintf(pHlp, " %sPosted intr notify vector = %#RX16\n", pszPrefix, pVmcs->u16PostIntNotifyVector);
3830	pHlp->pfnPrintf(pHlp, " %sEPTP index = %#RX16\n", pszPrefix, pVmcs->u16EptpIndex);
3831	pHlp->pfnPrintf(pHlp, " %sHLAT prefix size = %#RX16\n", pszPrefix, pVmcs->u16HlatPrefixSize);
3832
3833	/* 32-bit. */
3834	pHlp->pfnPrintf(pHlp, " %sPin ctls = %#RX32\n", pszPrefix, pVmcs->u32PinCtls);
3835	pHlp->pfnPrintf(pHlp, " %sProcessor ctls = %#RX32\n", pszPrefix, pVmcs->u32ProcCtls);
3836	pHlp->pfnPrintf(pHlp, " %sSecondary processor ctls = %#RX32\n", pszPrefix, pVmcs->u32ProcCtls2);
3837	pHlp->pfnPrintf(pHlp, " %sVM-exit ctls = %#RX32\n", pszPrefix, pVmcs->u32ExitCtls);
3838	pHlp->pfnPrintf(pHlp, " %sVM-entry ctls = %#RX32\n", pszPrefix, pVmcs->u32EntryCtls);
3839	pHlp->pfnPrintf(pHlp, " %sException bitmap = %#RX32\n", pszPrefix, pVmcs->u32XcptBitmap);
3840	pHlp->pfnPrintf(pHlp, " %sPage-fault mask = %#RX32\n", pszPrefix, pVmcs->u32XcptPFMask);
3841	pHlp->pfnPrintf(pHlp, " %sPage-fault match = %#RX32\n", pszPrefix, pVmcs->u32XcptPFMatch);
3842	pHlp->pfnPrintf(pHlp, " %sCR3-target count = %RU32\n", pszPrefix, pVmcs->u32Cr3TargetCount);
3843	pHlp->pfnPrintf(pHlp, " %sVM-exit MSR store count = %RU32\n", pszPrefix, pVmcs->u32ExitMsrStoreCount);
3844	pHlp->pfnPrintf(pHlp, " %sVM-exit MSR load count = %RU32\n", pszPrefix, pVmcs->u32ExitMsrLoadCount);
3845	pHlp->pfnPrintf(pHlp, " %sVM-entry MSR load count = %RU32\n", pszPrefix, pVmcs->u32EntryMsrLoadCount);
3846	pHlp->pfnPrintf(pHlp, " %sVM-entry interruption info = %#RX32\n", pszPrefix, pVmcs->u32EntryIntInfo);
3847	{
3848	uint32_t const fInfo = pVmcs->u32EntryIntInfo;
3849	uint8_t const uType = VMX_ENTRY_INT_INFO_TYPE(fInfo);
3850	pHlp->pfnPrintf(pHlp, " %sValid = %RTbool\n", pszPrefix, VMX_ENTRY_INT_INFO_IS_VALID(fInfo));
3851	pHlp->pfnPrintf(pHlp, " %sType = %#x (%s)\n", pszPrefix, uType, VMXGetEntryIntInfoTypeDesc(uType));
3852	pHlp->pfnPrintf(pHlp, " %sVector = %#x\n", pszPrefix, VMX_ENTRY_INT_INFO_VECTOR(fInfo));
3853	pHlp->pfnPrintf(pHlp, " %sNMI-unblocking-IRET = %RTbool\n", pszPrefix, VMX_ENTRY_INT_INFO_IS_NMI_UNBLOCK_IRET(fInfo));
3854	pHlp->pfnPrintf(pHlp, " %sError-code valid = %RTbool\n", pszPrefix, VMX_ENTRY_INT_INFO_IS_ERROR_CODE_VALID(fInfo));
3855	}
3856	pHlp->pfnPrintf(pHlp, " %sVM-entry xcpt error-code = %#RX32\n", pszPrefix, pVmcs->u32EntryXcptErrCode);
3857	pHlp->pfnPrintf(pHlp, " %sVM-entry instr length = %u byte(s)\n", pszPrefix, pVmcs->u32EntryInstrLen);
3858	pHlp->pfnPrintf(pHlp, " %sTPR threshold = %#RX32\n", pszPrefix, pVmcs->u32TprThreshold);
3859	pHlp->pfnPrintf(pHlp, " %sPLE gap = %#RX32\n", pszPrefix, pVmcs->u32PleGap);
3860	pHlp->pfnPrintf(pHlp, " %sPLE window = %#RX32\n", pszPrefix, pVmcs->u32PleWindow);
3861
3862	/* 64-bit. */
3863	pHlp->pfnPrintf(pHlp, " %sIO-bitmap A addr = %#RX64\n", pszPrefix, pVmcs->u64AddrIoBitmapA.u);
3864	pHlp->pfnPrintf(pHlp, " %sIO-bitmap B addr = %#RX64\n", pszPrefix, pVmcs->u64AddrIoBitmapB.u);
3865	pHlp->pfnPrintf(pHlp, " %sMSR-bitmap addr = %#RX64\n", pszPrefix, pVmcs->u64AddrMsrBitmap.u);
3866	pHlp->pfnPrintf(pHlp, " %sVM-exit MSR store addr = %#RX64\n", pszPrefix, pVmcs->u64AddrExitMsrStore.u);
3867	pHlp->pfnPrintf(pHlp, " %sVM-exit MSR load addr = %#RX64\n", pszPrefix, pVmcs->u64AddrExitMsrLoad.u);
3868	pHlp->pfnPrintf(pHlp, " %sVM-entry MSR load addr = %#RX64\n", pszPrefix, pVmcs->u64AddrEntryMsrLoad.u);
3869	pHlp->pfnPrintf(pHlp, " %sExecutive VMCS ptr = %#RX64\n", pszPrefix, pVmcs->u64ExecVmcsPtr.u);
3870	pHlp->pfnPrintf(pHlp, " %sPML addr = %#RX64\n", pszPrefix, pVmcs->u64AddrPml.u);
3871	pHlp->pfnPrintf(pHlp, " %sTSC offset = %#RX64\n", pszPrefix, pVmcs->u64TscOffset.u);
3872	pHlp->pfnPrintf(pHlp, " %sVirtual-APIC addr = %#RX64\n", pszPrefix, pVmcs->u64AddrVirtApic.u);
3873	pHlp->pfnPrintf(pHlp, " %sAPIC-access addr = %#RX64\n", pszPrefix, pVmcs->u64AddrApicAccess.u);
3874	pHlp->pfnPrintf(pHlp, " %sPosted-intr desc addr = %#RX64\n", pszPrefix, pVmcs->u64AddrPostedIntDesc.u);
3875	pHlp->pfnPrintf(pHlp, " %sVM-functions control = %#RX64\n", pszPrefix, pVmcs->u64VmFuncCtls.u);
3876	pHlp->pfnPrintf(pHlp, " %sEPTP ptr = %#RX64\n", pszPrefix, pVmcs->u64EptPtr.u);
3877	pHlp->pfnPrintf(pHlp, " %sEOI-exit bitmap 0 = %#RX64\n", pszPrefix, pVmcs->u64EoiExitBitmap0.u);
3878	pHlp->pfnPrintf(pHlp, " %sEOI-exit bitmap 1 = %#RX64\n", pszPrefix, pVmcs->u64EoiExitBitmap1.u);
3879	pHlp->pfnPrintf(pHlp, " %sEOI-exit bitmap 2 = %#RX64\n", pszPrefix, pVmcs->u64EoiExitBitmap2.u);
3880	pHlp->pfnPrintf(pHlp, " %sEOI-exit bitmap 3 = %#RX64\n", pszPrefix, pVmcs->u64EoiExitBitmap3.u);
3881	pHlp->pfnPrintf(pHlp, " %sEPTP-list addr = %#RX64\n", pszPrefix, pVmcs->u64AddrEptpList.u);
3882	pHlp->pfnPrintf(pHlp, " %sVMREAD-bitmap addr = %#RX64\n", pszPrefix, pVmcs->u64AddrVmreadBitmap.u);
3883	pHlp->pfnPrintf(pHlp, " %sVMWRITE-bitmap addr = %#RX64\n", pszPrefix, pVmcs->u64AddrVmwriteBitmap.u);
3884	pHlp->pfnPrintf(pHlp, " %sVirt-Xcpt info addr = %#RX64\n", pszPrefix, pVmcs->u64AddrXcptVeInfo.u);
3885	pHlp->pfnPrintf(pHlp, " %sXSS-exiting bitmap = %#RX64\n", pszPrefix, pVmcs->u64XssExitBitmap.u);
3886	pHlp->pfnPrintf(pHlp, " %sENCLS-exiting bitmap = %#RX64\n", pszPrefix, pVmcs->u64EnclsExitBitmap.u);
3887	pHlp->pfnPrintf(pHlp, " %sSPP-table ptr = %#RX64\n", pszPrefix, pVmcs->u64SppTablePtr.u);
3888	pHlp->pfnPrintf(pHlp, " %sTSC multiplier = %#RX64\n", pszPrefix, pVmcs->u64TscMultiplier.u);
3889	pHlp->pfnPrintf(pHlp, " %sTertiary processor ctls = %#RX64\n", pszPrefix, pVmcs->u64ProcCtls3.u);
3890	pHlp->pfnPrintf(pHlp, " %sENCLV-exiting bitmap = %#RX64\n", pszPrefix, pVmcs->u64EnclvExitBitmap.u);
3891	pHlp->pfnPrintf(pHlp, " %sPCONFIG-exiting bitmap = %#RX64\n", pszPrefix, pVmcs->u64PconfigExitBitmap.u);
3892	pHlp->pfnPrintf(pHlp, " %sHLAT ptr = %#RX64\n", pszPrefix, pVmcs->u64HlatPtr.u);
3893	pHlp->pfnPrintf(pHlp, " %sSecondary VM-exit controls = %#RX64\n", pszPrefix, pVmcs->u64ExitCtls2.u);
3894
3895	/* Natural width. */
3896	pHlp->pfnPrintf(pHlp, " %sCR0 guest/host mask = %#RX64\n", pszPrefix, pVmcs->u64Cr0Mask.u);
3897	pHlp->pfnPrintf(pHlp, " %sCR4 guest/host mask = %#RX64\n", pszPrefix, pVmcs->u64Cr4Mask.u);
3898	pHlp->pfnPrintf(pHlp, " %sCR0 read shadow = %#RX64\n", pszPrefix, pVmcs->u64Cr0ReadShadow.u);
3899	pHlp->pfnPrintf(pHlp, " %sCR4 read shadow = %#RX64\n", pszPrefix, pVmcs->u64Cr4ReadShadow.u);
3900	pHlp->pfnPrintf(pHlp, " %sCR3-target 0 = %#RX64\n", pszPrefix, pVmcs->u64Cr3Target0.u);
3901	pHlp->pfnPrintf(pHlp, " %sCR3-target 1 = %#RX64\n", pszPrefix, pVmcs->u64Cr3Target1.u);
3902	pHlp->pfnPrintf(pHlp, " %sCR3-target 2 = %#RX64\n", pszPrefix, pVmcs->u64Cr3Target2.u);
3903	pHlp->pfnPrintf(pHlp, " %sCR3-target 3 = %#RX64\n", pszPrefix, pVmcs->u64Cr3Target3.u);
3904	}
3905
3906	/* Guest state. */
3907	{
3908	char szEFlags[80];
3909	cpumR3InfoFormatFlags(&szEFlags[0], pVmcs->u64GuestRFlags.u);
3910	pHlp->pfnPrintf(pHlp, "%sGuest state:\n", pszPrefix);
3911
3912	/* 16-bit. */
3913	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Cs, "CS", pszPrefix);
3914	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Ss, "SS", pszPrefix);
3915	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Es, "ES", pszPrefix);
3916	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Ds, "DS", pszPrefix);
3917	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Fs, "FS", pszPrefix);
3918	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Gs, "GS", pszPrefix);
3919	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Ldtr, "LDTR", pszPrefix);
3920	CPUMVMX_DUMP_GUEST_SEGREG(pHlp, pVmcs, Tr, "TR", pszPrefix);
3921	CPUMVMX_DUMP_GUEST_XDTR(pHlp, pVmcs, Gdtr, "GDTR", pszPrefix);
3922	CPUMVMX_DUMP_GUEST_XDTR(pHlp, pVmcs, Idtr, "IDTR", pszPrefix);
3923	pHlp->pfnPrintf(pHlp, " %sInterrupt status = %#RX16\n", pszPrefix, pVmcs->u16GuestIntStatus);
3924	pHlp->pfnPrintf(pHlp, " %sPML index = %#RX16\n", pszPrefix, pVmcs->u16PmlIndex);
3925
3926	/* 32-bit. */
3927	pHlp->pfnPrintf(pHlp, " %sInterruptibility state = %#RX32\n", pszPrefix, pVmcs->u32GuestIntrState);
3928	pHlp->pfnPrintf(pHlp, " %sActivity state = %#RX32\n", pszPrefix, pVmcs->u32GuestActivityState);
3929	pHlp->pfnPrintf(pHlp, " %sSMBASE = %#RX32\n", pszPrefix, pVmcs->u32GuestSmBase);
3930	pHlp->pfnPrintf(pHlp, " %sSysEnter CS = %#RX32\n", pszPrefix, pVmcs->u32GuestSysenterCS);
3931	pHlp->pfnPrintf(pHlp, " %sVMX-preemption timer value = %#RX32\n", pszPrefix, pVmcs->u32PreemptTimer);
3932
3933	/* 64-bit. */
3934	pHlp->pfnPrintf(pHlp, " %sVMCS link ptr = %#RX64\n", pszPrefix, pVmcs->u64VmcsLinkPtr.u);
3935	pHlp->pfnPrintf(pHlp, " %sDBGCTL = %#RX64\n", pszPrefix, pVmcs->u64GuestDebugCtlMsr.u);
3936	pHlp->pfnPrintf(pHlp, " %sPAT = %#RX64\n", pszPrefix, pVmcs->u64GuestPatMsr.u);
3937	pHlp->pfnPrintf(pHlp, " %sEFER = %#RX64\n", pszPrefix, pVmcs->u64GuestEferMsr.u);
3938	pHlp->pfnPrintf(pHlp, " %sPERFGLOBALCTRL = %#RX64\n", pszPrefix, pVmcs->u64GuestPerfGlobalCtlMsr.u);
3939	pHlp->pfnPrintf(pHlp, " %sPDPTE 0 = %#RX64\n", pszPrefix, pVmcs->u64GuestPdpte0.u);
3940	pHlp->pfnPrintf(pHlp, " %sPDPTE 1 = %#RX64\n", pszPrefix, pVmcs->u64GuestPdpte1.u);
3941	pHlp->pfnPrintf(pHlp, " %sPDPTE 2 = %#RX64\n", pszPrefix, pVmcs->u64GuestPdpte2.u);
3942	pHlp->pfnPrintf(pHlp, " %sPDPTE 3 = %#RX64\n", pszPrefix, pVmcs->u64GuestPdpte3.u);
3943	pHlp->pfnPrintf(pHlp, " %sBNDCFGS = %#RX64\n", pszPrefix, pVmcs->u64GuestBndcfgsMsr.u);
3944	pHlp->pfnPrintf(pHlp, " %sRTIT_CTL = %#RX64\n", pszPrefix, pVmcs->u64GuestRtitCtlMsr.u);
3945	pHlp->pfnPrintf(pHlp, " %sPKRS = %#RX64\n", pszPrefix, pVmcs->u64GuestPkrsMsr.u);
3946
3947	/* Natural width. */
3948	pHlp->pfnPrintf(pHlp, " %sCR0 = %#RX64\n", pszPrefix, pVmcs->u64GuestCr0.u);
3949	pHlp->pfnPrintf(pHlp, " %sCR3 = %#RX64\n", pszPrefix, pVmcs->u64GuestCr3.u);
3950	pHlp->pfnPrintf(pHlp, " %sCR4 = %#RX64\n", pszPrefix, pVmcs->u64GuestCr4.u);
3951	pHlp->pfnPrintf(pHlp, " %sDR7 = %#RX64\n", pszPrefix, pVmcs->u64GuestDr7.u);
3952	pHlp->pfnPrintf(pHlp, " %sRSP = %#RX64\n", pszPrefix, pVmcs->u64GuestRsp.u);
3953	pHlp->pfnPrintf(pHlp, " %sRIP = %#RX64\n", pszPrefix, pVmcs->u64GuestRip.u);
3954	pHlp->pfnPrintf(pHlp, " %sRFLAGS = %#RX64 %31s\n",pszPrefix, pVmcs->u64GuestRFlags.u, szEFlags);
3955	pHlp->pfnPrintf(pHlp, " %sPending debug xcpts = %#RX64\n", pszPrefix, pVmcs->u64GuestPendingDbgXcpts.u);
3956	pHlp->pfnPrintf(pHlp, " %sSysEnter ESP = %#RX64\n", pszPrefix, pVmcs->u64GuestSysenterEsp.u);
3957	pHlp->pfnPrintf(pHlp, " %sSysEnter EIP = %#RX64\n", pszPrefix, pVmcs->u64GuestSysenterEip.u);
3958	pHlp->pfnPrintf(pHlp, " %sS_CET = %#RX64\n", pszPrefix, pVmcs->u64GuestSCetMsr.u);
3959	pHlp->pfnPrintf(pHlp, " %sSSP = %#RX64\n", pszPrefix, pVmcs->u64GuestSsp.u);
3960	pHlp->pfnPrintf(pHlp, " %sINTERRUPT_SSP_TABLE_ADDR = %#RX64\n", pszPrefix, pVmcs->u64GuestIntrSspTableAddrMsr.u);
3961	}
3962
3963	/* Host state. */
3964	{
3965	pHlp->pfnPrintf(pHlp, "%sHost state:\n", pszPrefix);
3966
3967	/* 16-bit. */
3968	pHlp->pfnPrintf(pHlp, " %sCS = %#RX16\n", pszPrefix, pVmcs->HostCs);
3969	pHlp->pfnPrintf(pHlp, " %sSS = %#RX16\n", pszPrefix, pVmcs->HostSs);
3970	pHlp->pfnPrintf(pHlp, " %sDS = %#RX16\n", pszPrefix, pVmcs->HostDs);
3971	pHlp->pfnPrintf(pHlp, " %sES = %#RX16\n", pszPrefix, pVmcs->HostEs);
3972	CPUMVMX_DUMP_HOST_FS_GS_TR(pHlp, pVmcs, Fs, "FS", pszPrefix);
3973	CPUMVMX_DUMP_HOST_FS_GS_TR(pHlp, pVmcs, Gs, "GS", pszPrefix);
3974	CPUMVMX_DUMP_HOST_FS_GS_TR(pHlp, pVmcs, Tr, "TR", pszPrefix);
3975	CPUMVMX_DUMP_HOST_XDTR(pHlp, pVmcs, Gdtr, "GDTR", pszPrefix);
3976	CPUMVMX_DUMP_HOST_XDTR(pHlp, pVmcs, Idtr, "IDTR", pszPrefix);
3977
3978	/* 32-bit. */
3979	pHlp->pfnPrintf(pHlp, " %sSysEnter CS = %#RX32\n", pszPrefix, pVmcs->u32HostSysenterCs);
3980
3981	/* 64-bit. */
3982	pHlp->pfnPrintf(pHlp, " %sEFER = %#RX64\n", pszPrefix, pVmcs->u64HostEferMsr.u);
3983	pHlp->pfnPrintf(pHlp, " %sPAT = %#RX64\n", pszPrefix, pVmcs->u64HostPatMsr.u);
3984	pHlp->pfnPrintf(pHlp, " %sPERFGLOBALCTRL = %#RX64\n", pszPrefix, pVmcs->u64HostPerfGlobalCtlMsr.u);
3985	pHlp->pfnPrintf(pHlp, " %sPKRS = %#RX64\n", pszPrefix, pVmcs->u64HostPkrsMsr.u);
3986
3987	/* Natural width. */
3988	pHlp->pfnPrintf(pHlp, " %sCR0 = %#RX64\n", pszPrefix, pVmcs->u64HostCr0.u);
3989	pHlp->pfnPrintf(pHlp, " %sCR3 = %#RX64\n", pszPrefix, pVmcs->u64HostCr3.u);
3990	pHlp->pfnPrintf(pHlp, " %sCR4 = %#RX64\n", pszPrefix, pVmcs->u64HostCr4.u);
3991	pHlp->pfnPrintf(pHlp, " %sSysEnter ESP = %#RX64\n", pszPrefix, pVmcs->u64HostSysenterEsp.u);
3992	pHlp->pfnPrintf(pHlp, " %sSysEnter EIP = %#RX64\n", pszPrefix, pVmcs->u64HostSysenterEip.u);
3993	pHlp->pfnPrintf(pHlp, " %sRSP = %#RX64\n", pszPrefix, pVmcs->u64HostRsp.u);
3994	pHlp->pfnPrintf(pHlp, " %sRIP = %#RX64\n", pszPrefix, pVmcs->u64HostRip.u);
3995	pHlp->pfnPrintf(pHlp, " %sS_CET = %#RX64\n", pszPrefix, pVmcs->u64HostSCetMsr.u);
3996	pHlp->pfnPrintf(pHlp, " %sSSP = %#RX64\n", pszPrefix, pVmcs->u64HostSsp.u);
3997	pHlp->pfnPrintf(pHlp, " %sINTERRUPT_SSP_TABLE_ADDR = %#RX64\n", pszPrefix, pVmcs->u64HostIntrSspTableAddrMsr.u);
3998	}
3999
4000	/* Read-only fields. */
4001	{
4002	pHlp->pfnPrintf(pHlp, "%sRead-only data fields:\n", pszPrefix);
4003
4004	/* 16-bit (none currently). */
4005
4006	/* 32-bit. */
4007	pHlp->pfnPrintf(pHlp, " %sExit reason = %u (%s)\n", pszPrefix, pVmcs->u32RoExitReason, HMGetVmxExitName(pVmcs->u32RoExitReason));
4008	pHlp->pfnPrintf(pHlp, " %sExit qualification = %#RX64\n", pszPrefix, pVmcs->u64RoExitQual.u);
4009	pHlp->pfnPrintf(pHlp, " %sVM-instruction error = %#RX32\n", pszPrefix, pVmcs->u32RoVmInstrError);
4010	pHlp->pfnPrintf(pHlp, " %sVM-exit intr info = %#RX32\n", pszPrefix, pVmcs->u32RoExitIntInfo);
4011	{
4012	uint32_t const fInfo = pVmcs->u32RoExitIntInfo;
4013	uint8_t const uType = VMX_EXIT_INT_INFO_TYPE(fInfo);
4014	pHlp->pfnPrintf(pHlp, " %sValid = %RTbool\n", pszPrefix, VMX_EXIT_INT_INFO_IS_VALID(fInfo));
4015	pHlp->pfnPrintf(pHlp, " %sType = %#x (%s)\n", pszPrefix, uType, VMXGetExitIntInfoTypeDesc(uType));
4016	pHlp->pfnPrintf(pHlp, " %sVector = %#x\n", pszPrefix, VMX_EXIT_INT_INFO_VECTOR(fInfo));
4017	pHlp->pfnPrintf(pHlp, " %sNMI-unblocking-IRET = %RTbool\n", pszPrefix, VMX_EXIT_INT_INFO_IS_NMI_UNBLOCK_IRET(fInfo));
4018	pHlp->pfnPrintf(pHlp, " %sError-code valid = %RTbool\n", pszPrefix, VMX_EXIT_INT_INFO_IS_ERROR_CODE_VALID(fInfo));
4019	}
4020	pHlp->pfnPrintf(pHlp, " %sVM-exit intr error-code = %#RX32\n", pszPrefix, pVmcs->u32RoExitIntErrCode);
4021	pHlp->pfnPrintf(pHlp, " %sIDT-vectoring info = %#RX32\n", pszPrefix, pVmcs->u32RoIdtVectoringInfo);
4022	{
4023	uint32_t const fInfo = pVmcs->u32RoIdtVectoringInfo;
4024	uint8_t const uType = VMX_IDT_VECTORING_INFO_TYPE(fInfo);
4025	pHlp->pfnPrintf(pHlp, " %sValid = %RTbool\n", pszPrefix, VMX_IDT_VECTORING_INFO_IS_VALID(fInfo));
4026	pHlp->pfnPrintf(pHlp, " %sType = %#x (%s)\n", pszPrefix, uType, VMXGetIdtVectoringInfoTypeDesc(uType));
4027	pHlp->pfnPrintf(pHlp, " %sVector = %#x\n", pszPrefix, VMX_IDT_VECTORING_INFO_VECTOR(fInfo));
4028	pHlp->pfnPrintf(pHlp, " %sError-code valid = %RTbool\n", pszPrefix, VMX_IDT_VECTORING_INFO_IS_ERROR_CODE_VALID(fInfo));
4029	}
4030	pHlp->pfnPrintf(pHlp, " %sIDT-vectoring error-code = %#RX32\n", pszPrefix, pVmcs->u32RoIdtVectoringErrCode);
4031	pHlp->pfnPrintf(pHlp, " %sVM-exit instruction length = %u byte(s)\n", pszPrefix, pVmcs->u32RoExitInstrLen);
4032	pHlp->pfnPrintf(pHlp, " %sVM-exit instruction info = %#RX64\n", pszPrefix, pVmcs->u32RoExitInstrInfo);
4033
4034	/* 64-bit. */
4035	pHlp->pfnPrintf(pHlp, " %sGuest-physical addr = %#RX64\n", pszPrefix, pVmcs->u64RoGuestPhysAddr.u);
4036
4037	/* Natural width. */
4038	pHlp->pfnPrintf(pHlp, " %sI/O RCX = %#RX64\n", pszPrefix, pVmcs->u64RoIoRcx.u);
4039	pHlp->pfnPrintf(pHlp, " %sI/O RSI = %#RX64\n", pszPrefix, pVmcs->u64RoIoRsi.u);
4040	pHlp->pfnPrintf(pHlp, " %sI/O RDI = %#RX64\n", pszPrefix, pVmcs->u64RoIoRdi.u);
4041	pHlp->pfnPrintf(pHlp, " %sI/O RIP = %#RX64\n", pszPrefix, pVmcs->u64RoIoRip.u);
4042	pHlp->pfnPrintf(pHlp, " %sGuest-linear addr = %#RX64\n", pszPrefix, pVmcs->u64RoGuestLinearAddr.u);
4043	}
4044
4045	#ifdef DEBUG_ramshankar
4046	if (pVmcs->u32ProcCtls & VMX_PROC_CTLS_USE_TPR_SHADOW)
4047	{
4048	void *pvPage = RTMemTmpAllocZ(VMX_V_VIRT_APIC_SIZE);
4049	Assert(pvPage);
4050	RTGCPHYS const GCPhysVirtApic = pVmcs->u64AddrVirtApic.u;
4051	int rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), pvPage, GCPhysVirtApic, VMX_V_VIRT_APIC_SIZE);
4052	if (RT_SUCCESS(rc))
4053	{
4054	pHlp->pfnPrintf(pHlp, " %sVirtual-APIC page\n", pszPrefix);
4055	pHlp->pfnPrintf(pHlp, "%.*Rhxs\n", VMX_V_VIRT_APIC_SIZE, pvPage);
4056	pHlp->pfnPrintf(pHlp, "\n");
4057	}
4058	RTMemTmpFree(pvPage);
4059	}
4060	#else
4061	NOREF(pVCpu);
4062	#endif
4063
4064	#undef CPUMVMX_DUMP_HOST_XDTR
4065	#undef CPUMVMX_DUMP_HOST_FS_GS_TR
4066	#undef CPUMVMX_DUMP_GUEST_SEGREG
4067	#undef CPUMVMX_DUMP_GUEST_XDTR
4068	}
4069
4070
4071	/**
4072	* Display the guest's hardware-virtualization cpu state.
4073	*
4074	* @param pVM The cross context VM structure.
4075	* @param pHlp The info helper functions.
4076	* @param pszArgs Arguments, ignored.
4077	*/
4078	static DECLCALLBACK(void) cpumR3InfoGuestHwvirt(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
4079	{
4080	RT_NOREF(pszArgs);
4081
4082	PVMCPU pVCpu = VMMGetCpu(pVM);
4083	if (!pVCpu)
4084	pVCpu = pVM->apCpusR3[0];
4085
4086	PCCPUMCTX pCtx = &pVCpu->cpum.s.Guest;
4087	bool const fSvm = pVM->cpum.s.GuestFeatures.fSvm;
4088	bool const fVmx = pVM->cpum.s.GuestFeatures.fVmx;
4089
4090	pHlp->pfnPrintf(pHlp, "VCPU[%u] hardware virtualization state:\n", pVCpu->idCpu);
4091	pHlp->pfnPrintf(pHlp, "fSavedInhibit = %#RX32\n", pCtx->hwvirt.fSavedInhibit);
4092	pHlp->pfnPrintf(pHlp, "In nested-guest hwvirt mode = %RTbool\n", CPUMIsGuestInNestedHwvirtMode(pCtx));
4093
4094	if (fSvm)
4095	{
4096	pHlp->pfnPrintf(pHlp, "SVM hwvirt state:\n");
4097	pHlp->pfnPrintf(pHlp, " fGif = %RTbool\n", pCtx->hwvirt.fGif);
4098
4099	char szEFlags[80];
4100	cpumR3InfoFormatFlags(&szEFlags[0], pCtx->hwvirt.svm.HostState.rflags.u);
4101	pHlp->pfnPrintf(pHlp, " uMsrHSavePa = %#RX64\n", pCtx->hwvirt.svm.uMsrHSavePa);
4102	pHlp->pfnPrintf(pHlp, " GCPhysVmcb = %#RGp\n", pCtx->hwvirt.svm.GCPhysVmcb);
4103	pHlp->pfnPrintf(pHlp, " VmcbCtrl:\n");
4104	cpumR3InfoSvmVmcbCtrl(pHlp, &pCtx->hwvirt.svm.Vmcb.ctrl, " " /* pszPrefix */);
4105	pHlp->pfnPrintf(pHlp, " VmcbStateSave:\n");
4106	cpumR3InfoSvmVmcbStateSave(pHlp, &pCtx->hwvirt.svm.Vmcb.guest, " " /* pszPrefix */);
4107	pHlp->pfnPrintf(pHlp, " HostState:\n");
4108	pHlp->pfnPrintf(pHlp, " uEferMsr = %#RX64\n", pCtx->hwvirt.svm.HostState.uEferMsr);
4109	pHlp->pfnPrintf(pHlp, " uCr0 = %#RX64\n", pCtx->hwvirt.svm.HostState.uCr0);
4110	pHlp->pfnPrintf(pHlp, " uCr4 = %#RX64\n", pCtx->hwvirt.svm.HostState.uCr4);
4111	pHlp->pfnPrintf(pHlp, " uCr3 = %#RX64\n", pCtx->hwvirt.svm.HostState.uCr3);
4112	pHlp->pfnPrintf(pHlp, " uRip = %#RX64\n", pCtx->hwvirt.svm.HostState.uRip);
4113	pHlp->pfnPrintf(pHlp, " uRsp = %#RX64\n", pCtx->hwvirt.svm.HostState.uRsp);
4114	pHlp->pfnPrintf(pHlp, " uRax = %#RX64\n", pCtx->hwvirt.svm.HostState.uRax);
4115	pHlp->pfnPrintf(pHlp, " rflags = %#RX64 %31s\n", pCtx->hwvirt.svm.HostState.rflags.u64, szEFlags);
4116	PCCPUMSELREG pSelEs = &pCtx->hwvirt.svm.HostState.es;
4117	pHlp->pfnPrintf(pHlp, " es = {%04x base=%016RX64 limit=%08x flags=%08x}\n",
4118	pSelEs->Sel, pSelEs->u64Base, pSelEs->u32Limit, pSelEs->Attr.u);
4119	PCCPUMSELREG pSelCs = &pCtx->hwvirt.svm.HostState.cs;
4120	pHlp->pfnPrintf(pHlp, " cs = {%04x base=%016RX64 limit=%08x flags=%08x}\n",
4121	pSelCs->Sel, pSelCs->u64Base, pSelCs->u32Limit, pSelCs->Attr.u);
4122	PCCPUMSELREG pSelSs = &pCtx->hwvirt.svm.HostState.ss;
4123	pHlp->pfnPrintf(pHlp, " ss = {%04x base=%016RX64 limit=%08x flags=%08x}\n",
4124	pSelSs->Sel, pSelSs->u64Base, pSelSs->u32Limit, pSelSs->Attr.u);
4125	PCCPUMSELREG pSelDs = &pCtx->hwvirt.svm.HostState.ds;
4126	pHlp->pfnPrintf(pHlp, " ds = {%04x base=%016RX64 limit=%08x flags=%08x}\n",
4127	pSelDs->Sel, pSelDs->u64Base, pSelDs->u32Limit, pSelDs->Attr.u);
4128	pHlp->pfnPrintf(pHlp, " gdtr = %016RX64:%04x\n", pCtx->hwvirt.svm.HostState.gdtr.pGdt,
4129	pCtx->hwvirt.svm.HostState.gdtr.cbGdt);
4130	pHlp->pfnPrintf(pHlp, " idtr = %016RX64:%04x\n", pCtx->hwvirt.svm.HostState.idtr.pIdt,
4131	pCtx->hwvirt.svm.HostState.idtr.cbIdt);
4132	pHlp->pfnPrintf(pHlp, " cPauseFilter = %RU16\n", pCtx->hwvirt.svm.cPauseFilter);
4133	pHlp->pfnPrintf(pHlp, " cPauseFilterThreshold = %RU32\n", pCtx->hwvirt.svm.cPauseFilterThreshold);
4134	pHlp->pfnPrintf(pHlp, " fInterceptEvents = %u\n", pCtx->hwvirt.svm.fInterceptEvents);
4135	}
4136	else if (fVmx)
4137	{
4138	pHlp->pfnPrintf(pHlp, "VMX hwvirt state:\n");
4139	pHlp->pfnPrintf(pHlp, " GCPhysVmxon = %#RGp\n", pCtx->hwvirt.vmx.GCPhysVmxon);
4140	pHlp->pfnPrintf(pHlp, " GCPhysVmcs = %#RGp\n", pCtx->hwvirt.vmx.GCPhysVmcs);
4141	pHlp->pfnPrintf(pHlp, " GCPhysShadowVmcs = %#RGp\n", pCtx->hwvirt.vmx.GCPhysShadowVmcs);
4142	pHlp->pfnPrintf(pHlp, " enmDiag = %u (%s)\n", pCtx->hwvirt.vmx.enmDiag, HMGetVmxDiagDesc(pCtx->hwvirt.vmx.enmDiag));
4143	pHlp->pfnPrintf(pHlp, " uDiagAux = %#RX64\n", pCtx->hwvirt.vmx.uDiagAux);
4144	pHlp->pfnPrintf(pHlp, " enmAbort = %u (%s)\n", pCtx->hwvirt.vmx.enmAbort, VMXGetAbortDesc(pCtx->hwvirt.vmx.enmAbort));
4145	pHlp->pfnPrintf(pHlp, " uAbortAux = %u (%#x)\n", pCtx->hwvirt.vmx.uAbortAux, pCtx->hwvirt.vmx.uAbortAux);
4146	pHlp->pfnPrintf(pHlp, " fInVmxRootMode = %RTbool\n", pCtx->hwvirt.vmx.fInVmxRootMode);
4147	pHlp->pfnPrintf(pHlp, " fInVmxNonRootMode = %RTbool\n", pCtx->hwvirt.vmx.fInVmxNonRootMode);
4148	pHlp->pfnPrintf(pHlp, " fInterceptEvents = %RTbool\n", pCtx->hwvirt.vmx.fInterceptEvents);
4149	pHlp->pfnPrintf(pHlp, " fNmiUnblockingIret = %RTbool\n", pCtx->hwvirt.vmx.fNmiUnblockingIret);
4150	pHlp->pfnPrintf(pHlp, " uFirstPauseLoopTick = %RX64\n", pCtx->hwvirt.vmx.uFirstPauseLoopTick);
4151	pHlp->pfnPrintf(pHlp, " uPrevPauseTick = %RX64\n", pCtx->hwvirt.vmx.uPrevPauseTick);
4152	pHlp->pfnPrintf(pHlp, " uEntryTick = %RX64\n", pCtx->hwvirt.vmx.uEntryTick);
4153	pHlp->pfnPrintf(pHlp, " offVirtApicWrite = %#RX16\n", pCtx->hwvirt.vmx.offVirtApicWrite);
4154	pHlp->pfnPrintf(pHlp, " fVirtNmiBlocking = %RTbool\n", pCtx->hwvirt.vmx.fVirtNmiBlocking);
4155	pHlp->pfnPrintf(pHlp, " VMCS cache:\n");
4156	cpumR3InfoVmxVmcs(pVCpu, pHlp, &pCtx->hwvirt.vmx.Vmcs, " " /* pszPrefix */);
4157	}
4158	else
4159	pHlp->pfnPrintf(pHlp, "Hwvirt state disabled.\n");
4160
4161	#undef CPUMHWVIRTDUMP_NONE
4162	#undef CPUMHWVIRTDUMP_COMMON
4163	#undef CPUMHWVIRTDUMP_SVM
4164	#undef CPUMHWVIRTDUMP_VMX
4165	#undef CPUMHWVIRTDUMP_LAST
4166	#undef CPUMHWVIRTDUMP_ALL
4167	}
4168
4169	/**
4170	* Display the current guest instruction
4171	*
4172	* @param pVM The cross context VM structure.
4173	* @param pHlp The info helper functions.
4174	* @param pszArgs Arguments, ignored.
4175	*/
4176	static DECLCALLBACK(void) cpumR3InfoGuestInstr(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
4177	{
4178	NOREF(pszArgs);
4179
4180	PVMCPU pVCpu = VMMGetCpu(pVM);
4181	if (!pVCpu)
4182	pVCpu = pVM->apCpusR3[0];
4183
4184	char szInstruction[256];
4185	szInstruction[0] = '\0';
4186	DBGFR3DisasInstrCurrent(pVCpu, szInstruction, sizeof(szInstruction));
4187	pHlp->pfnPrintf(pHlp, "\nCPUM%u: %s\n\n", pVCpu->idCpu, szInstruction);
4188	}
4189
4190
4191	/**
4192	* Display the hypervisor cpu state.
4193	*
4194	* @param pVM The cross context VM structure.
4195	* @param pHlp The info helper functions.
4196	* @param pszArgs Arguments, ignored.
4197	*/
4198	static DECLCALLBACK(void) cpumR3InfoHyper(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
4199	{
4200	PVMCPU pVCpu = VMMGetCpu(pVM);
4201	if (!pVCpu)
4202	pVCpu = pVM->apCpusR3[0];
4203
4204	CPUMDUMPTYPE enmType;
4205	const char *pszComment;
4206	cpumR3InfoParseArg(pszArgs, &enmType, &pszComment);
4207	pHlp->pfnPrintf(pHlp, "Hypervisor CPUM state: %s\n", pszComment);
4208
4209	pHlp->pfnPrintf(pHlp,
4210	".dr0=%016RX64 .dr1=%016RX64 .dr2=%016RX64 .dr3=%016RX64\n"
4211	".dr4=%016RX64 .dr5=%016RX64 .dr6=%016RX64 .dr7=%016RX64\n",
4212	pVCpu->cpum.s.Hyper.dr[0], pVCpu->cpum.s.Hyper.dr[1], pVCpu->cpum.s.Hyper.dr[2], pVCpu->cpum.s.Hyper.dr[3],
4213	pVCpu->cpum.s.Hyper.dr[4], pVCpu->cpum.s.Hyper.dr[5], pVCpu->cpum.s.Hyper.dr[6], pVCpu->cpum.s.Hyper.dr[7]);
4214	pHlp->pfnPrintf(pHlp, "CR4OrMask=%#x CR4AndMask=%#x\n", pVM->cpum.s.CR4.OrMask, pVM->cpum.s.CR4.AndMask);
4215	}
4216
4217
4218	/**
4219	* Display the host cpu state.
4220	*
4221	* @param pVM The cross context VM structure.
4222	* @param pHlp The info helper functions.
4223	* @param pszArgs Arguments, ignored.
4224	*/
4225	static DECLCALLBACK(void) cpumR3InfoHost(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs)
4226	{
4227	CPUMDUMPTYPE enmType;
4228	const char *pszComment;
4229	cpumR3InfoParseArg(pszArgs, &enmType, &pszComment);
4230	pHlp->pfnPrintf(pHlp, "Host CPUM state: %s\n", pszComment);
4231
4232	PVMCPU pVCpu = VMMGetCpu(pVM);
4233	if (!pVCpu)
4234	pVCpu = pVM->apCpusR3[0];
4235	PCPUMHOSTCTX pCtx = &pVCpu->cpum.s.Host;
4236
4237	/*
4238	* Format the EFLAGS.
4239	*/
4240	uint64_t efl = pCtx->rflags;
4241	char szEFlags[80];
4242	cpumR3InfoFormatFlags(&szEFlags[0], efl);
4243
4244	/*
4245	* Format the registers.
4246	*/
4247	pHlp->pfnPrintf(pHlp,
4248	"rax=xxxxxxxxxxxxxxxx rbx=%016RX64 rcx=xxxxxxxxxxxxxxxx\n"
4249	"rdx=xxxxxxxxxxxxxxxx rsi=%016RX64 rdi=%016RX64\n"
4250	"rip=xxxxxxxxxxxxxxxx rsp=%016RX64 rbp=%016RX64\n"
4251	" r8=xxxxxxxxxxxxxxxx r9=xxxxxxxxxxxxxxxx r10=%016RX64\n"
4252	"r11=%016RX64 r12=%016RX64 r13=%016RX64\n"
4253	"r14=%016RX64 r15=%016RX64\n"
4254	"iopl=%d %31s\n"
4255	"cs=%04x ds=%04x es=%04x fs=%04x gs=%04x eflags=%08RX64\n"
4256	"cr0=%016RX64 cr2=xxxxxxxxxxxxxxxx cr3=%016RX64\n"
4257	"cr4=%016RX64 ldtr=%04x tr=%04x\n"
4258	"dr[0]=%016RX64 dr[1]=%016RX64 dr[2]=%016RX64\n"
4259	"dr[3]=%016RX64 dr[6]=%016RX64 dr[7]=%016RX64\n"
4260	"gdtr=%016RX64:%04x idtr=%016RX64:%04x\n"
4261	"SysEnter={cs=%04x eip=%08x esp=%08x}\n"
4262	"FSbase=%016RX64 GSbase=%016RX64 efer=%08RX64\n"
4263	,
4264	/pCtx->rax,/ pCtx->rbx, /*pCtx->rcx,
4265	pCtx->rdx,*/ pCtx->rsi, pCtx->rdi,
4266	/pCtx->rip,/ pCtx->rsp, pCtx->rbp,
4267	/pCtx->r8, pCtx->r9,/ pCtx->r10,
4268	pCtx->r11, pCtx->r12, pCtx->r13,
4269	pCtx->r14, pCtx->r15,
4270	X86_EFL_GET_IOPL(efl), szEFlags,
4271	pCtx->cs, pCtx->ds, pCtx->es, pCtx->fs, pCtx->gs, efl,
4272	pCtx->cr0, /pCtx->cr2,/ pCtx->cr3,
4273	pCtx->cr4, pCtx->ldtr, pCtx->tr,
4274	pCtx->dr0, pCtx->dr1, pCtx->dr2,
4275	pCtx->dr3, pCtx->dr6, pCtx->dr7,
4276	pCtx->gdtr.uAddr, pCtx->gdtr.cb, pCtx->idtr.uAddr, pCtx->idtr.cb,
4277	pCtx->SysEnter.cs, pCtx->SysEnter.eip, pCtx->SysEnter.esp,
4278	pCtx->FSbase, pCtx->GSbase, pCtx->efer);
4279	}
4280
4281	/**
4282	* Structure used when disassembling and instructions in DBGF.
4283	* This is used so the reader function can get the stuff it needs.
4284	*/
4285	typedef struct CPUMDISASSTATE
4286	{
4287	/** Pointer to the CPU structure. */
4288	PDISSTATE pDis;
4289	/** Pointer to the VM. */
4290	PVM pVM;
4291	/** Pointer to the VMCPU. */
4292	PVMCPU pVCpu;
4293	/** Pointer to the first byte in the segment. */
4294	RTGCUINTPTR GCPtrSegBase;
4295	/** Pointer to the byte after the end of the segment. (might have wrapped!) */
4296	RTGCUINTPTR GCPtrSegEnd;
4297	/** The size of the segment minus 1. */
4298	RTGCUINTPTR cbSegLimit;
4299	/** Pointer to the current page - R3 Ptr. */
4300	void const *pvPageR3;
4301	/** Pointer to the current page - GC Ptr. */
4302	RTGCPTR pvPageGC;
4303	/** The lock information that PGMPhysReleasePageMappingLock needs. */
4304	PGMPAGEMAPLOCK PageMapLock;
4305	/** Whether the PageMapLock is valid or not. */
4306	bool fLocked;
4307	/** 64 bits mode or not. */
4308	bool f64Bits;
4309	} CPUMDISASSTATE, *PCPUMDISASSTATE;
4310
4311
4312	/**
4313	* @callback_method_impl{FNDISREADBYTES}
4314	*/
4315	static DECLCALLBACK(int) cpumR3DisasInstrRead(PDISSTATE pDis, uint8_t offInstr, uint8_t cbMinRead, uint8_t cbMaxRead)
4316	{
4317	PCPUMDISASSTATE pState = (PCPUMDISASSTATE)pDis->pvUser;
4318	for (;;)
4319	{
4320	RTGCUINTPTR GCPtr = pDis->uInstrAddr + offInstr + pState->GCPtrSegBase;
4321
4322	/*
4323	* Need to update the page translation?
4324	*/
4325	if ( !pState->pvPageR3
4326	\|\| (GCPtr >> GUEST_PAGE_SHIFT) != (pState->pvPageGC >> GUEST_PAGE_SHIFT))
4327	{
4328	/* translate the address */
4329	pState->pvPageGC = GCPtr & ~(RTGCPTR)GUEST_PAGE_OFFSET_MASK;
4330
4331	/* Release mapping lock previously acquired. */
4332	if (pState->fLocked)
4333	PGMPhysReleasePageMappingLock(pState->pVM, &pState->PageMapLock);
4334	int rc = PGMPhysGCPtr2CCPtrReadOnly(pState->pVCpu, pState->pvPageGC, &pState->pvPageR3, &pState->PageMapLock);
4335	if (RT_SUCCESS(rc))
4336	pState->fLocked = true;
4337	else
4338	{
4339	pState->fLocked = false;
4340	pState->pvPageR3 = NULL;
4341	return rc;
4342	}
4343	}
4344
4345	/*
4346	* Check the segment limit.
4347	*/
4348	if (!pState->f64Bits && pDis->uInstrAddr + offInstr > pState->cbSegLimit)
4349	return VERR_OUT_OF_SELECTOR_BOUNDS;
4350
4351	/*
4352	* Calc how much we can read.
4353	*/
4354	uint32_t cb = GUEST_PAGE_SIZE - (GCPtr & GUEST_PAGE_OFFSET_MASK);
4355	if (!pState->f64Bits)
4356	{
4357	RTGCUINTPTR cbSeg = pState->GCPtrSegEnd - GCPtr;
4358	if (cb > cbSeg && cbSeg)
4359	cb = cbSeg;
4360	}
4361	if (cb > cbMaxRead)
4362	cb = cbMaxRead;
4363
4364	/*
4365	* Read and advance or exit.
4366	*/
4367	memcpy(&pDis->u.abInstr[offInstr], (uint8_t *)pState->pvPageR3 + (GCPtr & GUEST_PAGE_OFFSET_MASK), cb);
4368	offInstr += (uint8_t)cb;
4369	if (cb >= cbMinRead)
4370	{
4371	pDis->cbCachedInstr = offInstr;
4372	return VINF_SUCCESS;
4373	}
4374	cbMinRead -= (uint8_t)cb;
4375	cbMaxRead -= (uint8_t)cb;
4376	}
4377	}
4378
4379
4380	/**
4381	* Disassemble an instruction and return the information in the provided structure.
4382	*
4383	* @returns VBox status code.
4384	* @param pVM The cross context VM structure.
4385	* @param pVCpu The cross context virtual CPU structure.
4386	* @param pCtx Pointer to the guest CPU context.
4387	* @param GCPtrPC Program counter (relative to CS) to disassemble from.
4388	* @param pDis Disassembly state.
4389	* @param pszPrefix String prefix for logging (debug only).
4390	*
4391	*/
4392	VMMR3DECL(int) CPUMR3DisasmInstrCPU(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, RTGCPTR GCPtrPC, PDISSTATE pDis,
4393	const char *pszPrefix)
4394	{
4395	CPUMDISASSTATE State;
4396	int rc;
4397
4398	const PGMMODE enmMode = PGMGetGuestMode(pVCpu);
4399	State.pDis = pDis;
4400	State.pvPageGC = 0;
4401	State.pvPageR3 = NULL;
4402	State.pVM = pVM;
4403	State.pVCpu = pVCpu;
4404	State.fLocked = false;
4405	State.f64Bits = false;
4406
4407	/*
4408	* Get selector information.
4409	*/
4410	DISCPUMODE enmDisCpuMode;
4411	if ( (pCtx->cr0 & X86_CR0_PE)
4412	&& pCtx->eflags.Bits.u1VM == 0)
4413	{
4414	if (!CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->cs))
4415	return VERR_CPUM_HIDDEN_CS_LOAD_ERROR;
4416	State.f64Bits = enmMode >= PGMMODE_AMD64 && pCtx->cs.Attr.n.u1Long;
4417	State.GCPtrSegBase = pCtx->cs.u64Base;
4418	State.GCPtrSegEnd = pCtx->cs.u32Limit + 1 + (RTGCUINTPTR)pCtx->cs.u64Base;
4419	State.cbSegLimit = pCtx->cs.u32Limit;
4420	enmDisCpuMode = (State.f64Bits)
4421	? DISCPUMODE_64BIT
4422	: pCtx->cs.Attr.n.u1DefBig
4423	? DISCPUMODE_32BIT
4424	: DISCPUMODE_16BIT;
4425	}
4426	else
4427	{
4428	/* real or V86 mode */
4429	enmDisCpuMode = DISCPUMODE_16BIT;
4430	State.GCPtrSegBase = pCtx->cs.Sel * 16;
4431	State.GCPtrSegEnd = 0xFFFFFFFF;
4432	State.cbSegLimit = 0xFFFFFFFF;
4433	}
4434
4435	/*
4436	* Disassemble the instruction.
4437	*/
4438	uint32_t cbInstr;
4439	#ifndef LOG_ENABLED
4440	RT_NOREF_PV(pszPrefix);
4441	rc = DISInstrWithReader(GCPtrPC, enmDisCpuMode, cpumR3DisasInstrRead, &State, pDis, &cbInstr);
4442	if (RT_SUCCESS(rc))
4443	{
4444	#else
4445	char szOutput[160];
4446	rc = DISInstrToStrWithReader(GCPtrPC, enmDisCpuMode, cpumR3DisasInstrRead, &State,
4447	pDis, &cbInstr, szOutput, sizeof(szOutput));
4448	if (RT_SUCCESS(rc))
4449	{
4450	/* log it */
4451	if (pszPrefix)
4452	Log(("%s-CPU%d: %s", pszPrefix, pVCpu->idCpu, szOutput));
4453	else
4454	Log(("%s", szOutput));
4455	#endif
4456	rc = VINF_SUCCESS;
4457	}
4458	else
4459	Log(("CPUMR3DisasmInstrCPU: DISInstr failed for %04X:%RGv rc=%Rrc\n", pCtx->cs.Sel, GCPtrPC, rc));
4460
4461	/* Release mapping lock acquired in cpumR3DisasInstrRead. */
4462	if (State.fLocked)
4463	PGMPhysReleasePageMappingLock(pVM, &State.PageMapLock);
4464
4465	return rc;
4466	}
4467
4468
4469
4470	/**
4471	* API for controlling a few of the CPU features found in CR4.
4472	*
4473	* Currently only X86_CR4_TSD is accepted as input.
4474	*
4475	* @returns VBox status code.
4476	*
4477	* @param pVM The cross context VM structure.
4478	* @param fOr The CR4 OR mask.
4479	* @param fAnd The CR4 AND mask.
4480	*/
4481	VMMR3DECL(int) CPUMR3SetCR4Feature(PVM pVM, RTHCUINTREG fOr, RTHCUINTREG fAnd)
4482	{
4483	AssertMsgReturn(!(fOr & ~(X86_CR4_TSD)), ("%#x\n", fOr), VERR_INVALID_PARAMETER);
4484	AssertMsgReturn((fAnd & ~(X86_CR4_TSD)) == ~(X86_CR4_TSD), ("%#x\n", fAnd), VERR_INVALID_PARAMETER);
4485
4486	pVM->cpum.s.CR4.OrMask &= fAnd;
4487	pVM->cpum.s.CR4.OrMask \|= fOr;
4488
4489	return VINF_SUCCESS;
4490	}
4491
4492
4493	/**
4494	* Called when the ring-3 init phase completes.
4495	*
4496	* @returns VBox status code.
4497	* @param pVM The cross context VM structure.
4498	* @param enmWhat Which init phase.
4499	*/
4500	VMMR3DECL(int) CPUMR3InitCompleted(PVM pVM, VMINITCOMPLETED enmWhat)
4501	{
4502	switch (enmWhat)
4503	{
4504	case VMINITCOMPLETED_RING3:
4505	{
4506	/*
4507	* Figure out if the guest uses 32-bit or 64-bit FPU state at runtime for 64-bit capable VMs.
4508	* Only applicable/used on 64-bit hosts, refer CPUMR0A.asm. See @bugref{7138}.
4509	*/
4510	bool const fSupportsLongMode = VMR3IsLongModeAllowed(pVM);
4511	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
4512	{
4513	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
4514
4515	/* While loading a saved-state we fix it up in, cpumR3LoadDone(). */
4516	if (fSupportsLongMode)
4517	pVCpu->cpum.s.fUseFlags \|= CPUM_USE_SUPPORTS_LONGMODE;
4518	}
4519
4520	/* Register statistic counters for MSRs. */
4521	cpumR3MsrRegStats(pVM);
4522
4523	/* There shouldn't be any more calls to CPUMR3SetGuestCpuIdFeature and
4524	CPUMR3ClearGuestCpuIdFeature now, so do some final CPUID polishing (NX). */
4525	cpumR3CpuIdRing3InitDone(pVM);
4526
4527	/* Create VMX-preemption timer for nested guests if required. Must be
4528	done here as CPUM is initialized before TM. */
4529	if (pVM->cpum.s.GuestFeatures.fVmx)
4530	{
4531	for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
4532	{
4533	PVMCPU pVCpu = pVM->apCpusR3[idCpu];
4534	char szName[32];
4535	RTStrPrintf(szName, sizeof(szName), "Nested VMX-preemption %u", idCpu);
4536	int rc = TMR3TimerCreate(pVM, TMCLOCK_VIRTUAL_SYNC, cpumR3VmxPreemptTimerCallback, pVCpu,
4537	TMTIMER_FLAGS_RING0, szName, &pVCpu->cpum.s.hNestedVmxPreemptTimer);
4538	AssertLogRelRCReturn(rc, rc);
4539	}
4540	}
4541	break;
4542	}
4543
4544	default:
4545	break;
4546	}
4547	return VINF_SUCCESS;
4548	}
4549
4550
4551	/**
4552	* Called when the ring-0 init phases completed.
4553	*
4554	* @param pVM The cross context VM structure.
4555	*/
4556	VMMR3DECL(void) CPUMR3LogCpuIdAndMsrFeatures(PVM pVM)
4557	{
4558	/*
4559	* Enable log buffering as we're going to log a lot of lines.
4560	*/
4561	bool const fOldBuffered = RTLogRelSetBuffering(true /fBuffered/);
4562
4563	/*
4564	* Log the cpuid.
4565	*/
4566	RTCPUSET OnlineSet;
4567	LogRel(("CPUM: Logical host processors: %u present, %u max, %u online, online mask: %016RX64\n",
4568	(unsigned)RTMpGetPresentCount(), (unsigned)RTMpGetCount(), (unsigned)RTMpGetOnlineCount(),
4569	RTCpuSetToU64(RTMpGetOnlineSet(&OnlineSet)) ));
4570	RTCPUID cCores = RTMpGetCoreCount();
4571	if (cCores)
4572	LogRel(("CPUM: Physical host cores: %u\n", (unsigned)cCores));
4573	LogRel(("*********************** CPUID dump **********************\n"));
4574	DBGFR3Info(pVM->pUVM, "cpuid", "verbose", DBGFR3InfoLogRelHlp());
4575	LogRel(("\n"));
4576	DBGFR3_INFO_LOG_SAFE(pVM, "cpuid", "verbose"); /* macro */
4577	LogRel(("****************** End of CPUID dump ********************\n"));
4578
4579	/*
4580	* Log VT-x extended features.
4581	*
4582	* SVM features are currently all covered under CPUID so there is nothing
4583	* to do here for SVM.
4584	*/
4585	if (pVM->cpum.s.HostFeatures.fVmx)
4586	{
4587	LogRel(("********************* VT-x features *********************\n"));
4588	DBGFR3Info(pVM->pUVM, "cpumvmxfeat", "default", DBGFR3InfoLogRelHlp());
4589	LogRel(("\n"));
4590	LogRel(("***************** End of VT-x features ******************\n"));
4591	}
4592
4593	/*
4594	* Restore the log buffering state to what it was previously.
4595	*/
4596	RTLogRelSetBuffering(fOldBuffered);
4597	}
4598
4599
4600	/**
4601	* Marks the guest debug state as active.
4602	*
4603	* @param pVCpu The cross context virtual CPU structure.
4604	*
4605	* @note This is used solely by NEM (hence the name) to set the correct flags here
4606	* without loading the host's DRx registers, which is not possible from ring-3 anyway.
4607	* The specific NEM backends have to make sure to load the correct values.
4608	*/
4609	VMMR3_INT_DECL(void) CPUMR3NemActivateGuestDebugState(PVMCPUCC pVCpu)
4610	{
4611	ASMAtomicAndU32(&pVCpu->cpum.s.fUseFlags, ~CPUM_USED_DEBUG_REGS_HYPER);
4612	ASMAtomicOrU32(&pVCpu->cpum.s.fUseFlags, CPUM_USED_DEBUG_REGS_GUEST);
4613	}
4614
4615
4616	/**
4617	* Marks the hyper debug state as active.
4618	*
4619	* @param pVCpu The cross context virtual CPU structure.
4620	*
4621	* @note This is used solely by NEM (hence the name) to set the correct flags here
4622	* without loading the host's DRx registers, which is not possible from ring-3 anyway.
4623	* The specific NEM backends have to make sure to load the correct values.
4624	*/
4625	VMMR3_INT_DECL(void) CPUMR3NemActivateHyperDebugState(PVMCPUCC pVCpu)
4626	{
4627	/*
4628	* Make sure the hypervisor values are up to date.
4629	*/
4630	CPUMRecalcHyperDRx(pVCpu, UINT8_MAX /* no loading, please */);
4631
4632	ASMAtomicAndU32(&pVCpu->cpum.s.fUseFlags, ~CPUM_USED_DEBUG_REGS_GUEST);
4633	ASMAtomicOrU32(&pVCpu->cpum.s.fUseFlags, CPUM_USED_DEBUG_REGS_HYPER);
4634	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/VMM/VMMR3/CPUM.cpp@ 100101

Download in other formats: