Add PAT and IA32_PAT VMX handling

Signed-off-by: Alexey Romko <[email protected]>

Author: nevilad

core/include/compiler.h

@@ -43,7 +43,7 @@
 // a non-POD structure.
 // We have to use 1 instead of 0 so the compiler doesn't generate an error.
 #define offsetof(type, mem) \
-        ((uint32)((char *)&((const type *)1)->mem - (char *)((const type *)1)))
+        ((uint32_t)((char *)&((const type *)1)->mem - (char *)((const type *)1)))
 
 #define ALWAYS_INLINE           __attribute__ ((always_inline))
 #define NOINLINE                __attribute__ ((noinline))

core/include/cpu.h

@@ -84,6 +84,7 @@ struct hstate {
     uint64_t dr7;
     // CR0
     bool cr0_ts;
+    uint64_t _pat;
 };
 
 struct hstate_compare {

core/vcpu.c

@@ -1229,6 +1229,9 @@ void vcpu_save_host_state(struct vcpu_t *vcpu)
         vmwrite(vcpu, HOST_EFER, hstate->_efer);
     }
 
+    hstate->_pat = ia32_rdmsr(IA32_CR_PAT);
+    vmwrite(vcpu, HOST_PAT, hstate->_pat);
+
 #ifdef HAX_ARCH_X86_64
     vmwrite(vcpu, HOST_CS_SELECTOR, get_kernel_cs());
 #else
@@ -1395,15 +1398,15 @@ static void fill_common_vmcs(struct vcpu_t *vcpu)
 
 #ifdef HAX_ARCH_X86_64
     exit_ctls = EXIT_CONTROL_HOST_ADDR_SPACE_SIZE | EXIT_CONTROL_LOAD_EFER |
-                EXIT_CONTROL_SAVE_DEBUG_CONTROLS;
+                EXIT_CONTROL_SAVE_DEBUG_CONTROLS | EXIT_CONTROL_LOAD_PAT;
 #endif
 
 #ifdef HAX_ARCH_X86_32
     if (is_compatible()) {
         exit_ctls = EXIT_CONTROL_HOST_ADDR_SPACE_SIZE | EXIT_CONTROL_LOAD_EFER |
-                    EXIT_CONTROL_SAVE_DEBUG_CONTROLS;
+                    EXIT_CONTROL_SAVE_DEBUG_CONTROLS | EXIT_CONTROL_LOAD_PAT;
     } else {
-        exit_ctls = EXIT_CONTROL_SAVE_DEBUG_CONTROLS;
+        exit_ctls = EXIT_CONTROL_SAVE_DEBUG_CONTROLS | EXIT_CONTROL_LOAD_PAT;
     }
 #endif
 
@@ -1474,6 +1477,8 @@ static void fill_common_vmcs(struct vcpu_t *vcpu)
     if (exit_ctls & EXIT_CONTROL_LOAD_EFER) {
         vmwrite(vcpu, HOST_EFER, ia32_rdmsr(IA32_EFER));
     }
+    vmwrite(vcpu, HOST_PAT, ia32_rdmsr(IA32_CR_PAT));
+    vmwrite(vcpu, GUEST_PAT, vcpu->cr_pat);
 
     WRITE_CONTROLS(vcpu, VMX_ENTRY_CONTROLS, entry_ctls);
 
@@ -2070,6 +2075,8 @@ static void vmwrite_cr(struct vcpu_t *vcpu)
         entry_ctls &= ~ENTRY_CONTROL_LOAD_EFER;
     }
 
+    entry_ctls |= ENTRY_CONTROL_LOAD_PAT;
+
     if (pcpu_ctls != vmx(vcpu, pcpu_ctls)) {
         vmx(vcpu, pcpu_ctls) = pcpu_ctls;
         vcpu->pcpu_ctls_dirty = 1;
@@ -2575,7 +2582,7 @@ static void handle_cpuid_virtual(struct vcpu_t *vcpu, uint32_t a, uint32_t c)
     uint8_t physical_address_size;
 
     static uint32_t cpuid_1_features_edx =
-            // pat is disabled!
+            FEATURE(PAT)        |
             FEATURE(FPU)        |
             FEATURE(VME)        |
             FEATURE(DE)         |
@@ -3605,6 +3612,15 @@ static int misc_msr_write(struct vcpu_t *vcpu, uint32_t msr, uint64_t val)
     return 1;
 }
 
+static inline bool pat_valid(uint64_t val)
+{
+    if (val & 0xF8F8F8F8F8F8F8F8)
+        return false;
+
+    /* 0, 1, 4, 5, 6, 7 are valid values. */
+    return (val | ((val & 0x0202020202020202) << 1)) == val;
+}
+
 static int handle_msr_write(struct vcpu_t *vcpu, uint32_t msr, uint64_t val,
                             bool by_host)
 {
@@ -3763,7 +3779,15 @@ static int handle_msr_write(struct vcpu_t *vcpu, uint32_t msr, uint64_t val,
             break;
         }
         case IA32_CR_PAT: {
+            //Attempting to write an undefined memory type encoding into the PAT causes a
+            //general-protection (#GP) exception to be generated.
+            if (!pat_valid(val)) {
+                r = 1;
+                break;
+            }
+
             vcpu->cr_pat = val;
+            vmwrite(vcpu, GUEST_PAT, vcpu->cr_pat);
             break;
         }
         case IA32_MTRR_DEF_TYPE: {