vmcs_intel_x64_check_guest.cpp
Go to the documentation of this file.
1 //
2 // Bareflank Hypervisor
3 //
4 // Copyright (C) 2015 Assured Information Security, Inc.
5 // Author: Rian Quinn <quinnr@ainfosec.com>
6 // Author: Brendan Kerrigan <kerriganb@ainfosec.com>
7 // Author: Connor Davis <davisc@ainfosec.com>
8 //
9 // This library is free software; you can redistribute it and/or
10 // modify it under the terms of the GNU Lesser General Public
11 // License as published by the Free Software Foundation; either
12 // version 2.1 of the License, or (at your option) any later version.
13 //
14 // This library is distributed in the hope that it will be useful,
15 // but WITHOUT ANY WARRANTY; without even the implied warranty of
16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 // Lesser General Public License for more details.
18 //
19 // You should have received a copy of the GNU Lesser General Public
20 // License along with this library; if not, write to the Free Software
21 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 
23 #include <vmcs/vmcs_intel_x64.h>
24 #include <vmcs/vmcs_intel_x64_32bit_control_fields.h>
25 #include <vmcs/vmcs_intel_x64_16bit_guest_state_fields.h>
26 #include <vmcs/vmcs_intel_x64_32bit_guest_state_fields.h>
27 #include <vmcs/vmcs_intel_x64_64bit_guest_state_fields.h>
28 #include <vmcs/vmcs_intel_x64_natural_width_guest_state_fields.h>
29 #include <vmcs/vmcs_intel_x64_check.h>
30 
31 #include <intrinsics/cpuid_x64.h>
32 #include <intrinsics/pdpte_x64.h>
33 #include <intrinsics/crs_intel_x64.h>
34 
35 #include <memory_manager/memory_manager_x64.h>
36 
37 using namespace x64;
38 using namespace intel_x64;
39 using namespace vmcs;
40 using namespace check;
41 
42 void
43 check::guest_state_all()
44 {
45  check::guest_control_registers_debug_registers_and_msrs_all();
46  check::guest_segment_registers_all();
47  check::guest_descriptor_table_registers_all();
48  check::guest_rip_and_rflags_all();
49  check::guest_non_register_state_all();
50  check::guest_pdptes_all();
51 }
52 
53 void
54 check::guest_control_registers_debug_registers_and_msrs_all()
55 {
56  check::guest_cr0_for_unsupported_bits();
57  check::guest_cr0_verify_paging_enabled();
58  check::guest_cr4_for_unsupported_bits();
59  check::guest_load_debug_controls_verify_reserved();
60  check::guest_verify_ia_32e_mode_enabled();
61  check::guest_verify_ia_32e_mode_disabled();
62  check::guest_cr3_for_unsupported_bits();
63  check::guest_load_debug_controls_verify_dr7();
64  check::guest_ia32_sysenter_esp_canonical_address();
65  check::guest_ia32_sysenter_eip_canonical_address();
66  check::guest_verify_load_ia32_perf_global_ctrl();
67  check::guest_verify_load_ia32_pat();
68  check::guest_verify_load_ia32_efer();
69  check::guest_verify_load_ia32_bndcfgs();
70 }
71 
72 void
73 check::guest_cr0_for_unsupported_bits()
74 {
75  auto cr0 = guest_cr0::get();
76  auto ia32_vmx_cr0_fixed0 = msrs::ia32_vmx_cr0_fixed0::get();
77  auto ia32_vmx_cr0_fixed1 = msrs::ia32_vmx_cr0_fixed1::get();
78 
79  if (secondary_processor_based_vm_execution_controls::unrestricted_guest::is_enabled_if_exists())
80  ia32_vmx_cr0_fixed0 &= ~(intel_x64::cr0::paging::mask | intel_x64::cr0::protection_enable::mask);
81 
82  if (0 != ((~cr0 & ia32_vmx_cr0_fixed0) | (cr0 & ~ia32_vmx_cr0_fixed1)))
83  {
84  bferror << " failed: check_guest_cr0_for_unsupported_bits" << bfendl;
85  bferror << " - ia32_vmx_cr0_fixed0: " << view_as_pointer(ia32_vmx_cr0_fixed0) << bfendl;
86  bferror << " - ia32_vmx_cr0_fixed1: " << view_as_pointer(ia32_vmx_cr0_fixed1) << bfendl;
87  bferror << " - cr0: " << view_as_pointer(cr0) << bfendl;
88 
89  throw std::logic_error("invalid cr0");
90  }
91 }
92 
93 void
94 check::guest_cr0_verify_paging_enabled()
95 {
96  if (guest_cr0::paging::is_disabled())
97  return;
98 
99  if (guest_cr0::protection_enable::is_disabled())
100  throw std::logic_error("PE must be enabled in cr0 if PG is enabled");
101 }
102 
103 void
104 check::guest_cr4_for_unsupported_bits()
105 {
106  auto cr4 = guest_cr4::get();
107  auto ia32_vmx_cr4_fixed0 = msrs::ia32_vmx_cr4_fixed0::get();
108  auto ia32_vmx_cr4_fixed1 = msrs::ia32_vmx_cr4_fixed1::get();
109 
110  if (0 != ((~cr4 & ia32_vmx_cr4_fixed0) | (cr4 & ~ia32_vmx_cr4_fixed1)))
111  {
112  bferror << " failed: check_guest_cr4_for_unsupported_bits" << bfendl;
113  bferror << " - ia32_vmx_cr4_fixed0: " << view_as_pointer(ia32_vmx_cr4_fixed0) << bfendl;
114  bferror << " - ia32_vmx_cr4_fixed1: " << view_as_pointer(ia32_vmx_cr4_fixed1) << bfendl;
115  bferror << " - cr4: " << view_as_pointer(cr4) << bfendl;
116 
117  throw std::logic_error("invalid cr4");
118  }
119 }
120 
121 void
122 check::guest_load_debug_controls_verify_reserved()
123 {
124  if (vm_entry_controls::load_debug_controls::is_disabled())
125  return;
126 
127  if (vmcs::guest_ia32_debugctl::reserved::get() != 0)
128  throw std::logic_error("debug ctrl msr reserved bits must be 0");
129 }
130 
131 void
132 check::guest_verify_ia_32e_mode_enabled()
133 {
134  if (vm_entry_controls::ia_32e_mode_guest::is_disabled())
135  return;
136 
137  if (guest_cr0::paging::is_disabled())
138  throw std::logic_error("paging must be enabled if ia 32e guest mode is enabled");
139 
140  if (guest_cr4::physical_address_extensions::is_disabled())
141  throw std::logic_error("pae must be enabled if ia 32e guest mode is enabled");
142 }
143 
144 void
145 check::guest_verify_ia_32e_mode_disabled()
146 {
147  if (vm_entry_controls::ia_32e_mode_guest::is_enabled())
148  return;
149 
150  if (guest_cr4::pcid_enable_bit::is_enabled())
151  throw std::logic_error("pcide in cr4 must be disabled if ia 32e guest mode is disabled");
152 }
153 
154 void
155 check::guest_cr3_for_unsupported_bits()
156 {
157  if (!x64::is_physical_address_valid(guest_cr3::get()))
158  throw std::logic_error("guest cr3 too large");
159 }
160 
161 void
162 check::guest_load_debug_controls_verify_dr7()
163 {
164  if (vm_entry_controls::load_debug_controls::is_disabled())
165  return;
166 
167  auto dr7 = vmcs::guest_dr7::get();
168 
169  if ((dr7 & 0xFFFFFFFF00000000) != 0)
170  throw std::logic_error("bits 63:32 of dr7 must be 0 if load debug controls is 1");
171 }
172 
173 void
174 check::guest_ia32_sysenter_esp_canonical_address()
175 {
176  if (!x64::is_address_canonical(vmcs::guest_ia32_sysenter_esp::get()))
177  throw std::logic_error("guest sysenter esp must be canonical");
178 }
179 
180 void
181 check::guest_ia32_sysenter_eip_canonical_address()
182 {
183  if (!x64::is_address_canonical(vmcs::guest_ia32_sysenter_eip::get()))
184  throw std::logic_error("guest sysenter eip must be canonical");
185 }
186 
187 void
188 check::guest_verify_load_ia32_perf_global_ctrl()
189 {
190  if (vm_entry_controls::load_ia32_perf_global_ctrl::is_disabled())
191  return;
192 
193  if (vmcs::guest_ia32_perf_global_ctrl::reserved::get() != 0)
194  throw std::logic_error("perf global ctrl msr reserved bits must be 0");
195 }
196 
197 void
198 check::guest_verify_load_ia32_pat()
199 {
200  if (vm_entry_controls::load_ia32_pat::is_disabled())
201  return;
202 
203  if (check::memory_type_reserved(guest_ia32_pat::pa0::memory_type::get()))
204  throw std::logic_error("pat0 has a reserved memory type");
205 
206  if (check::memory_type_reserved(guest_ia32_pat::pa1::memory_type::get()))
207  throw std::logic_error("pat1 has a reserved memory type");
208 
209  if (check::memory_type_reserved(guest_ia32_pat::pa2::memory_type::get()))
210  throw std::logic_error("pat2 has a reserved memory type");
211 
212  if (check::memory_type_reserved(guest_ia32_pat::pa3::memory_type::get()))
213  throw std::logic_error("pat3 has a reserved memory type");
214 
215  if (check::memory_type_reserved(guest_ia32_pat::pa4::memory_type::get()))
216  throw std::logic_error("pat4 has a reserved memory type");
217 
218  if (check::memory_type_reserved(guest_ia32_pat::pa5::memory_type::get()))
219  throw std::logic_error("pat5 has a reserved memory type");
220 
221  if (check::memory_type_reserved(guest_ia32_pat::pa6::memory_type::get()))
222  throw std::logic_error("pat6 has a reserved memory type");
223 
224  if (check::memory_type_reserved(guest_ia32_pat::pa7::memory_type::get()))
225  throw std::logic_error("pat7 has a reserved memory type");
226 }
227 
228 void
229 check::guest_verify_load_ia32_efer()
230 {
231  if (vm_entry_controls::load_ia32_efer::is_disabled())
232  return;
233 
234  if (guest_ia32_efer::reserved::get() != 0)
235  throw std::logic_error("ia32 efer msr reserved buts must be 0 if "
236  "load ia32 efer entry is enabled");
237 
238  auto lma = guest_ia32_efer::lma::is_enabled();
239  auto lme = guest_ia32_efer::lme::is_enabled();
240 
241  if (vm_entry_controls::ia_32e_mode_guest::is_disabled() && lma)
242  throw std::logic_error("ia 32e mode is 0, but efer.lma is 1");
243 
244  if (vm_entry_controls::ia_32e_mode_guest::is_enabled() && !lma)
245  throw std::logic_error("ia 32e mode is 1, but efer.lma is 0");
246 
247  if (guest_cr0::paging::is_disabled())
248  return;
249 
250  if (!lme && lma)
251  throw std::logic_error("efer.lme is 0, but efer.lma is 1");
252 
253  if (lme && !lma)
254  throw std::logic_error("efer.lme is 1, but efer.lma is 0");
255 }
256 
257 void
258 check::guest_verify_load_ia32_bndcfgs()
259 {
260  if (vm_entry_controls::load_ia32_bndcfgs::is_disabled())
261  return;
262 
263  auto bndcfgs = vmcs::guest_ia32_bndcfgs::get();
264 
265  if ((bndcfgs & 0x0000000000000FFC) != 0)
266  throw std::logic_error("ia32 bndcfgs msr reserved bits must be 0 if "
267  "load ia32 bndcfgs entry is enabled");
268 
269  auto bound_addr = bndcfgs & 0xFFFFFFFFFFFFF000;
270 
271  if (!x64::is_address_canonical(bound_addr))
272  throw std::logic_error("bound address in ia32 bndcfgs msr must be "
273  "canonical if load ia32 bndcfgs entry is enabled");
274 }
275 
276 void
277 check::guest_segment_registers_all()
278 {
279  check::guest_tr_ti_bit_equals_0();
280  check::guest_ldtr_ti_bit_equals_0();
281  check::guest_ss_and_cs_rpl_are_the_same();
282  check::guest_cs_base_is_shifted();
283  check::guest_ss_base_is_shifted();
284  check::guest_ds_base_is_shifted();
285  check::guest_es_base_is_shifted();
286  check::guest_fs_base_is_shifted();
287  check::guest_gs_base_is_shifted();
288  check::guest_tr_base_is_canonical();
289  check::guest_fs_base_is_canonical();
290  check::guest_gs_base_is_canonical();
291  check::guest_ldtr_base_is_canonical();
292  check::guest_cs_base_upper_dword_0();
293  check::guest_ss_base_upper_dword_0();
294  check::guest_ds_base_upper_dword_0();
295  check::guest_es_base_upper_dword_0();
296  check::guest_cs_limit();
297  check::guest_ss_limit();
298  check::guest_ds_limit();
299  check::guest_es_limit();
300  check::guest_gs_limit();
301  check::guest_fs_limit();
302  check::guest_v8086_cs_access_rights();
303  check::guest_v8086_ss_access_rights();
304  check::guest_v8086_ds_access_rights();
305  check::guest_v8086_es_access_rights();
306  check::guest_v8086_fs_access_rights();
307  check::guest_v8086_gs_access_rights();
308  check::guest_cs_access_rights_type();
309  check::guest_ss_access_rights_type();
310  check::guest_ds_access_rights_type();
311  check::guest_es_access_rights_type();
312  check::guest_fs_access_rights_type();
313  check::guest_gs_access_rights_type();
314  check::guest_cs_is_not_a_system_descriptor();
315  check::guest_ss_is_not_a_system_descriptor();
316  check::guest_ds_is_not_a_system_descriptor();
317  check::guest_es_is_not_a_system_descriptor();
318  check::guest_fs_is_not_a_system_descriptor();
319  check::guest_gs_is_not_a_system_descriptor();
320  check::guest_cs_type_not_equal_3();
321  check::guest_cs_dpl_adheres_to_ss_dpl();
322  check::guest_ss_dpl_must_equal_rpl();
323  check::guest_ss_dpl_must_equal_zero();
324  check::guest_ds_dpl();
325  check::guest_es_dpl();
326  check::guest_fs_dpl();
327  check::guest_gs_dpl();
328  check::guest_cs_must_be_present();
329  check::guest_ss_must_be_present_if_usable();
330  check::guest_ds_must_be_present_if_usable();
331  check::guest_es_must_be_present_if_usable();
332  check::guest_fs_must_be_present_if_usable();
333  check::guest_gs_must_be_present_if_usable();
334  check::guest_cs_access_rights_reserved_must_be_0();
335  check::guest_ss_access_rights_reserved_must_be_0();
336  check::guest_ds_access_rights_reserved_must_be_0();
337  check::guest_es_access_rights_reserved_must_be_0();
338  check::guest_fs_access_rights_reserved_must_be_0();
339  check::guest_gs_access_rights_reserved_must_be_0();
340  check::guest_cs_db_must_be_0_if_l_equals_1();
341  check::guest_cs_granularity();
342  check::guest_ss_granularity();
343  check::guest_ds_granularity();
344  check::guest_es_granularity();
345  check::guest_fs_granularity();
346  check::guest_gs_granularity();
347  check::guest_cs_access_rights_remaining_reserved_bit_0();
348  check::guest_ss_access_rights_remaining_reserved_bit_0();
349  check::guest_ds_access_rights_remaining_reserved_bit_0();
350  check::guest_es_access_rights_remaining_reserved_bit_0();
351  check::guest_fs_access_rights_remaining_reserved_bit_0();
352  check::guest_gs_access_rights_remaining_reserved_bit_0();
353  check::guest_tr_type_must_be_11();
354  check::guest_tr_must_be_a_system_descriptor();
355  check::guest_tr_must_be_present();
356  check::guest_tr_access_rights_reserved_must_be_0();
357  check::guest_tr_granularity();
358  check::guest_tr_must_be_usable();
359  check::guest_tr_access_rights_remaining_reserved_bit_0();
360  check::guest_ldtr_type_must_be_2();
361  check::guest_ldtr_must_be_a_system_descriptor();
362  check::guest_ldtr_must_be_present();
363  check::guest_ldtr_access_rights_reserved_must_be_0();
364  check::guest_ldtr_granularity();
365  check::guest_ldtr_access_rights_remaining_reserved_bit_0();
366 }
367 
368 void
369 check::guest_tr_ti_bit_equals_0()
370 {
371  if (guest_tr_selector::ti::get())
372  throw std::logic_error("guest tr's ti flag must be zero");
373 }
374 
375 void
376 check::guest_ldtr_ti_bit_equals_0()
377 {
378  if (guest_ldtr_access_rights::unusable::get() != 0)
379  return;
380 
381  if (guest_ldtr_selector::ti::get())
382  throw std::logic_error("guest ldtr's ti flag must be zero");
383 }
384 
385 void
386 check::guest_ss_and_cs_rpl_are_the_same()
387 {
388  using namespace primary_processor_based_vm_execution_controls;
389  using namespace secondary_processor_based_vm_execution_controls;
390 
391  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
392  return;
393 
394  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
395  return;
396 
397  if (guest_ss_selector::rpl::get() != guest_cs_selector::rpl::get())
398  throw std::logic_error("ss and cs rpl must be the same");
399 }
400 
401 void
402 check::guest_cs_base_is_shifted()
403 {
404  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
405  return;
406 
407  auto cs = guest_cs_selector::get();
408 
409  if ((cs << 4) != vmcs::guest_cs_base::get())
410  throw std::logic_error("if virtual 8086 mode is enabled, cs base must be cs shifted 4 bits");
411 }
412 
413 void
414 check::guest_ss_base_is_shifted()
415 {
416  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
417  return;
418 
419  auto ss = guest_ss_selector::get();
420 
421  if ((ss << 4) != vmcs::guest_ss_base::get())
422  throw std::logic_error("if virtual 8086 mode is enabled, ss base must be ss shifted 4 bits");
423 }
424 
425 void
426 check::guest_ds_base_is_shifted()
427 {
428  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
429  return;
430 
431  auto ds = guest_ds_selector::get();
432 
433  if ((ds << 4) != vmcs::guest_ds_base::get())
434  throw std::logic_error("if virtual 8086 mode is enabled, ds base must be ds shifted 4 bits");
435 }
436 
437 void
438 check::guest_es_base_is_shifted()
439 {
440  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
441  return;
442 
443  auto es = guest_es_selector::get();
444 
445  if ((es << 4) != vmcs::guest_es_base::get())
446  throw std::logic_error("if virtual 8086 mode is enabled, es base must be es shifted 4 bits");
447 }
448 
449 void
450 check::guest_fs_base_is_shifted()
451 {
452  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
453  return;
454 
455  auto fs = guest_fs_selector::get();
456 
457  if ((fs << 4) != vmcs::guest_fs_base::get())
458  throw std::logic_error("if virtual 8086 mode is enabled, fs base must be fs shifted 4 bits");
459 }
460 
461 void
462 check::guest_gs_base_is_shifted()
463 {
464  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
465  return;
466 
467  auto gs = guest_gs_selector::get();
468 
469  if ((gs << 4) != vmcs::guest_gs_base::get())
470  throw std::logic_error("if virtual 8086 mode is enabled, gs base must be gs shift 4 bits");
471 }
472 
473 void
474 check::guest_tr_base_is_canonical()
475 {
476  if (!x64::is_address_canonical(vmcs::guest_tr_base::get()))
477  throw std::logic_error("guest tr base non-canonical");
478 }
479 
480 void
481 check::guest_fs_base_is_canonical()
482 {
483  if (!x64::is_address_canonical(vmcs::guest_fs_base::get()))
484  throw std::logic_error("guest fs base non-canonical");
485 }
486 
487 void
488 check::guest_gs_base_is_canonical()
489 {
490  if (!x64::is_address_canonical(vmcs::guest_gs_base::get()))
491  throw std::logic_error("guest gs base non-canonical");
492 }
493 
494 void
495 check::guest_ldtr_base_is_canonical()
496 {
497  if (guest_ldtr_access_rights::unusable::get() != 0)
498  return;
499 
500  if (!x64::is_address_canonical(vmcs::guest_ldtr_base::get()))
501  throw std::logic_error("guest ldtr base non-canonical");
502 }
503 
504 void
505 check::guest_cs_base_upper_dword_0()
506 {
507  if ((vmcs::guest_cs_base::get() & 0xFFFFFFFF00000000) != 0)
508  throw std::logic_error("guest cs base bits 63:32 must be 0");
509 }
510 
511 void
512 check::guest_ss_base_upper_dword_0()
513 {
514  if (guest_ss_access_rights::unusable::get() != 0)
515  return;
516 
517  if ((vmcs::guest_ss_base::get() & 0xFFFFFFFF00000000) != 0)
518  throw std::logic_error("guest ss base bits 63:32 must be 0");
519 }
520 
521 void
522 check::guest_ds_base_upper_dword_0()
523 {
524  if (guest_ds_access_rights::unusable::get() != 0)
525  return;
526 
527  if ((vmcs::guest_ds_base::get() & 0xFFFFFFFF00000000) != 0)
528  throw std::logic_error("guest ds base bits 63:32 must be 0");
529 }
530 
531 void
532 check::guest_es_base_upper_dword_0()
533 {
534  if (guest_es_access_rights::unusable::get() != 0)
535  return;
536 
537  if ((vmcs::guest_es_base::get() & 0xFFFFFFFF00000000) != 0)
538  throw std::logic_error("guest es base bits 63:32 must be 0");
539 }
540 
541 void
542 check::guest_cs_limit()
543 {
544  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
545  return;
546 
547  auto cs_limit = vmcs::guest_cs_limit::get();
548 
549  if (cs_limit != 0x000000000000FFFF)
550  throw std::logic_error("if virtual 8086 mode is enabled, cs limit must be 0xFFFF");
551 }
552 
553 void
554 check::guest_ss_limit()
555 {
556  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
557  return;
558 
559  auto ss_limit = vmcs::guest_ss_limit::get();
560 
561  if (ss_limit != 0x000000000000FFFF)
562  throw std::logic_error("if virtual 8086 mode is enabled, ss limit must be 0xFFFF");
563 }
564 
565 void
566 check::guest_ds_limit()
567 {
568  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
569  return;
570 
571  auto ds_limit = vmcs::guest_ds_limit::get();
572 
573  if (ds_limit != 0x000000000000FFFF)
574  throw std::logic_error("if virtual 8086 mode is enabled, ds limit must be 0xFFFF");
575 }
576 
577 void
578 check::guest_es_limit()
579 {
580  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
581  return;
582 
583  auto es_limit = vmcs::guest_es_limit::get();
584 
585  if (es_limit != 0x000000000000FFFF)
586  throw std::logic_error("if virtual 8086 mode is enabled, es limit must be 0xFFFF");
587 }
588 
589 void
590 check::guest_gs_limit()
591 {
592  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
593  return;
594 
595  auto gs_limit = vmcs::guest_gs_limit::get();
596 
597  if (gs_limit != 0x000000000000FFFF)
598  throw std::logic_error("if virtual 8086 mode is enabled, gs limit must be 0xFFFF");
599 }
600 
601 void
602 check::guest_fs_limit()
603 {
604  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
605  return;
606 
607  auto fs_limit = vmcs::guest_fs_limit::get();
608 
609  if (fs_limit != 0x000000000000FFFF)
610  throw std::logic_error("if virtual 8086 mode is enabled, fs limit must be 0xFFFF");
611 }
612 
613 void
614 check::guest_v8086_cs_access_rights()
615 {
616  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
617  return;
618 
619  if (guest_cs_access_rights::get() != 0x00000000000000F3)
620  throw std::logic_error("if virtual 8086 mode is enabled, cs access rights must be 0x00F3");
621 }
622 
623 void
624 check::guest_v8086_ss_access_rights()
625 {
626  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
627  return;
628 
629  if (guest_ss_access_rights::get() != 0x00000000000000F3)
630  throw std::logic_error("if virtual 8086 mode is enabled, ss access rights must be 0x00F3");
631 }
632 
633 void
634 check::guest_v8086_ds_access_rights()
635 {
636  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
637  return;
638 
639  if (guest_ds_access_rights::get() != 0x00000000000000F3)
640  throw std::logic_error("if virtual 8086 mode is enabled, ds access rights must be 0x00F3");
641 }
642 
643 void
644 check::guest_v8086_es_access_rights()
645 {
646  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
647  return;
648 
649  if (guest_es_access_rights::get() != 0x00000000000000F3)
650  throw std::logic_error("if virtual 8086 mode is enabled, es access rights must be 0x00F3");
651 }
652 
653 void
654 check::guest_v8086_fs_access_rights()
655 {
656  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
657  return;
658 
659  if (guest_fs_access_rights::get() != 0x00000000000000F3)
660  throw std::logic_error("if virtual 8086 mode is enabled, fs access rights must be 0x00F3");
661 }
662 
663 void
664 check::guest_v8086_gs_access_rights()
665 {
666  if (vmcs::guest_rflags::virtual_8086_mode::is_disabled())
667  return;
668 
669  if (guest_gs_access_rights::get() != 0x00000000000000F3)
670  throw std::logic_error("if virtual 8086 mode is enabled, gs access rights must be 0x00F3");
671 }
672 
673 void
674 check::guest_cs_access_rights_type()
675 {
676  using namespace primary_processor_based_vm_execution_controls;
677  using namespace secondary_processor_based_vm_execution_controls;
678 
679  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
680  return;
681 
682  switch (guest_cs_access_rights::type::get())
683  {
684  case access_rights::type::read_write_accessed:
685  if (activate_secondary_controls::is_disabled())
686  break;
687 
688  if (unrestricted_guest::is_disabled_if_exists())
689  break;
690 
691  case access_rights::type::execute_only_accessed:
692  case access_rights::type::read_execute_accessed:
693  case access_rights::type::execute_only_conforming_accessed:
694  case access_rights::type::read_execute_conforming_accessed:
695  return;
696 
697  default:
698  break;
699  }
700 
701  throw std::logic_error("guest cs type must be 9, 11, 13, 15, or "
702  "3 (if unrestricted guest support is enabled)");
703 }
704 
705 void
706 check::guest_ss_access_rights_type()
707 {
708  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
709  return;
710 
711  if (guest_ss_access_rights::unusable::get() != 0)
712  return;
713 
714  switch (guest_ss_access_rights::type::get())
715  {
716  case access_rights::type::read_write_accessed:
717  case access_rights::type::read_write_expand_down_accessed:
718  return;
719 
720  default:
721  break;
722  }
723 
724  throw std::logic_error("guest ss type must be 3 or 7");
725 }
726 
727 void
728 check::guest_ds_access_rights_type()
729 {
730  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
731  return;
732 
733  if (guest_ds_access_rights::unusable::get() != 0)
734  return;
735 
736  switch (guest_ds_access_rights::type::get())
737  {
738  case access_rights::type::read_only_accessed:
739  case access_rights::type::read_write_accessed:
740  case access_rights::type::read_only_expand_down_accessed:
741  case access_rights::type::read_write_expand_down_accessed:
742  case access_rights::type::read_execute_accessed:
743  case access_rights::type::read_execute_conforming_accessed:
744  return;
745 
746  default:
747  break;
748  }
749 
750  throw std::logic_error("guest ds type must be 1, 3, 5, 7, 11, or 15");
751 }
752 
753 void
754 check::guest_es_access_rights_type()
755 {
756  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
757  return;
758 
759  if (guest_es_access_rights::unusable::get() != 0)
760  return;
761 
762  switch (guest_es_access_rights::type::get())
763  {
764  case access_rights::type::read_only_accessed:
765  case access_rights::type::read_write_accessed:
766  case access_rights::type::read_only_expand_down_accessed:
767  case access_rights::type::read_write_expand_down_accessed:
768  case access_rights::type::read_execute_accessed:
769  case access_rights::type::read_execute_conforming_accessed:
770  return;
771 
772  default:
773  break;
774  }
775 
776  throw std::logic_error("guest ds type must be 1, 3, 5, 7, 11, or 15");
777 }
778 
779 void
780 check::guest_fs_access_rights_type()
781 {
782  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
783  return;
784 
785  if (guest_fs_access_rights::unusable::get() != 0)
786  return;
787 
788  switch (guest_fs_access_rights::type::get())
789  {
790  case access_rights::type::read_only_accessed:
791  case access_rights::type::read_write_accessed:
792  case access_rights::type::read_only_expand_down_accessed:
793  case access_rights::type::read_write_expand_down_accessed:
794  case access_rights::type::read_execute_accessed:
795  case access_rights::type::read_execute_conforming_accessed:
796  return;
797 
798  default:
799  break;
800  }
801 
802  throw std::logic_error("guest fs type must be 1, 3, 5, 7, 11, or 15");
803 }
804 
805 void
806 check::guest_gs_access_rights_type()
807 {
808  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
809  return;
810 
811  if (guest_gs_access_rights::unusable::get() != 0)
812  return;
813 
814  switch (guest_gs_access_rights::type::get())
815  {
816  case access_rights::type::read_only_accessed:
817  case access_rights::type::read_write_accessed:
818  case access_rights::type::read_only_expand_down_accessed:
819  case access_rights::type::read_write_expand_down_accessed:
820  case access_rights::type::read_execute_accessed:
821  case access_rights::type::read_execute_conforming_accessed:
822  return;
823 
824  default:
825  break;
826  }
827 
828  throw std::logic_error("guest gs type must be 1, 3, 5, 7, 11, or 15");
829 }
830 
831 void
832 check::guest_cs_is_not_a_system_descriptor()
833 {
834  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
835  return;
836 
837  if (guest_cs_access_rights::s::get() == 0)
838  throw std::logic_error("cs must be a code/data descriptor. S should equal 1");
839 }
840 
841 void
842 check::guest_ss_is_not_a_system_descriptor()
843 {
844  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
845  return;
846 
847  if (guest_ss_access_rights::unusable::get() != 0)
848  return;
849 
850  if (guest_ss_access_rights::s::get() == 0)
851  throw std::logic_error("ss must be a code/data descriptor. S should equal 1");
852 }
853 
854 void
855 check::guest_ds_is_not_a_system_descriptor()
856 {
857  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
858  return;
859 
860  if (guest_ds_access_rights::unusable::get() != 0)
861  return;
862 
863  if (guest_ds_access_rights::s::get() == 0)
864  throw std::logic_error("ds must be a code/data descriptor. S should equal 1");
865 }
866 
867 void
868 check::guest_es_is_not_a_system_descriptor()
869 {
870  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
871  return;
872 
873  if (guest_es_access_rights::unusable::get() != 0)
874  return;
875 
876  if (guest_es_access_rights::s::get() == 0)
877  throw std::logic_error("es must be a code/data descriptor. S should equal 1");
878 }
879 
880 void
881 check::guest_fs_is_not_a_system_descriptor()
882 {
883  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
884  return;
885 
886  if (guest_fs_access_rights::unusable::get() != 0)
887  return;
888 
889  if (guest_fs_access_rights::s::get() == 0)
890  throw std::logic_error("fs must be a code/data descriptor. S should equal 1");
891 }
892 
893 void
894 check::guest_gs_is_not_a_system_descriptor()
895 {
896  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
897  return;
898 
899  if (guest_gs_access_rights::unusable::get() != 0)
900  return;
901 
902  if (guest_gs_access_rights::s::get() == 0)
903  throw std::logic_error("gs must be a code/data descriptor. S should equal 1");
904 }
905 
906 void
907 check::guest_cs_type_not_equal_3()
908 {
909  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
910  return;
911 
912  switch (guest_cs_access_rights::type::get())
913  {
914  case access_rights::type::read_write_accessed:
915  break;
916 
917  default:
918  return;
919  }
920 
921  if (guest_cs_access_rights::dpl::get() != 0)
922  throw std::logic_error("cs dpl must be 0 if type == 3");
923 }
924 
925 void
926 check::guest_cs_dpl_adheres_to_ss_dpl()
927 {
928  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
929  return;
930 
931  switch (guest_cs_access_rights::type::get())
932  {
933  case access_rights::type::execute_only_accessed:
934  case access_rights::type::read_execute_accessed:
935  {
936  auto cs_dpl = guest_cs_access_rights::dpl::get();
937  auto ss_dpl = guest_ss_access_rights::dpl::get();
938 
939  if (cs_dpl != ss_dpl)
940  throw std::logic_error("if cs access rights type is 9, 11 cs dpl must equal ss dpl");
941 
942  break;
943  }
944 
945  case access_rights::type::execute_only_conforming_accessed:
946  case access_rights::type::read_execute_conforming_accessed:
947  {
948  auto cs_dpl = guest_cs_access_rights::dpl::get();
949  auto ss_dpl = guest_ss_access_rights::dpl::get();
950 
951  if (cs_dpl > ss_dpl)
952  throw std::logic_error("if cs access rights type is 13, 15 cs dpl must not be greater than ss dpl");
953 
954  break;
955  }
956 
957  default:
958  break;
959  }
960 }
961 
962 void
963 check::guest_ss_dpl_must_equal_rpl()
964 {
965  using namespace primary_processor_based_vm_execution_controls;
966  using namespace secondary_processor_based_vm_execution_controls;
967 
968  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
969  return;
970 
971  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
972  return;
973 
974  auto ss_rpl = guest_ss_selector::rpl::get();
975  auto ss_dpl = guest_ss_access_rights::dpl::get();
976 
977  if (ss_dpl != ss_rpl)
978  throw std::logic_error("if unrestricted guest mode is disabled ss dpl must equal ss rpl");
979 }
980 
981 void
982 check::guest_ss_dpl_must_equal_zero()
983 {
984  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
985  return;
986 
987  switch (guest_cs_access_rights::type::get())
988  {
989  case access_rights::type::read_write_accessed:
990  break;
991 
992  default:
993  if (guest_cr0::protection_enable::is_enabled())
994  return;
995  }
996 
997  if (guest_ss_access_rights::dpl::get() != 0)
998  throw std::logic_error("if cs type is 3 or protected mode is disabled, ss DPL must be 0");
999 }
1000 
1001 void
1002 check::guest_ds_dpl()
1003 {
1004  using namespace primary_processor_based_vm_execution_controls;
1005  using namespace secondary_processor_based_vm_execution_controls;
1006 
1007  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1008  return;
1009 
1010  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
1011  return;
1012 
1013  if (guest_ds_access_rights::unusable::get() != 0)
1014  return;
1015 
1016  switch (guest_ds_access_rights::type::get())
1017  {
1018  case access_rights::type::execute_only_conforming:
1019  case access_rights::type::execute_only_conforming_accessed:
1020  case access_rights::type::read_execute_conforming:
1021  case access_rights::type::read_execute_conforming_accessed:
1022  return;
1023 
1024  default:
1025  break;
1026  }
1027 
1028  auto ds_rpl = guest_ds_selector::rpl::get();
1029  auto ds_dpl = guest_ds_access_rights::dpl::get();
1030 
1031  if (ds_dpl < ds_rpl)
1032  throw std::logic_error("if unrestricted guest mode is disabled, "
1033  "and ds is usable, and the access rights "
1034  "type is in the range 0-11, dpl cannot be "
1035  "less than rpl");
1036 }
1037 
1038 void
1039 check::guest_es_dpl()
1040 {
1041  using namespace primary_processor_based_vm_execution_controls;
1042  using namespace secondary_processor_based_vm_execution_controls;
1043 
1044  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1045  return;
1046 
1047  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
1048  return;
1049 
1050  if (guest_es_access_rights::unusable::get() != 0)
1051  return;
1052 
1053  switch (guest_es_access_rights::type::get())
1054  {
1055  case access_rights::type::execute_only_conforming:
1056  case access_rights::type::execute_only_conforming_accessed:
1057  case access_rights::type::read_execute_conforming:
1058  case access_rights::type::read_execute_conforming_accessed:
1059  return;
1060 
1061  default:
1062  break;
1063  }
1064 
1065  auto es_rpl = guest_es_selector::rpl::get();
1066  auto es_dpl = guest_es_access_rights::dpl::get();
1067 
1068  if (es_dpl < es_rpl)
1069  throw std::logic_error("if unrestricted guest mode is disabled, "
1070  "and es is usable, and the access rights "
1071  "type is in the range 0-11, dpl cannot be "
1072  "less than rpl");
1073 }
1074 
1075 void
1076 check::guest_fs_dpl()
1077 {
1078  using namespace primary_processor_based_vm_execution_controls;
1079  using namespace secondary_processor_based_vm_execution_controls;
1080 
1081  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1082  return;
1083 
1084  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
1085  return;
1086 
1087  if (guest_fs_access_rights::unusable::get() != 0)
1088  return;
1089 
1090  switch (guest_fs_access_rights::type::get())
1091  {
1092  case access_rights::type::execute_only_conforming:
1093  case access_rights::type::execute_only_conforming_accessed:
1094  case access_rights::type::read_execute_conforming:
1095  case access_rights::type::read_execute_conforming_accessed:
1096  return;
1097 
1098  default:
1099  break;
1100  }
1101 
1102  auto fs_rpl = guest_fs_selector::rpl::get();
1103  auto fs_dpl = guest_fs_access_rights::dpl::get();
1104 
1105  if (fs_dpl < fs_rpl)
1106  throw std::logic_error("if unrestricted guest mode is disabled, "
1107  "and fs is usable, and the access rights "
1108  "type is in the range 0-11, dpl cannot be "
1109  "less than rpl");
1110 }
1111 
1112 void
1113 check::guest_gs_dpl()
1114 {
1115  using namespace primary_processor_based_vm_execution_controls;
1116  using namespace secondary_processor_based_vm_execution_controls;
1117 
1118  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1119  return;
1120 
1121  if (unrestricted_guest::is_enabled_if_exists() && activate_secondary_controls::is_enabled())
1122  return;
1123 
1124  if (guest_gs_access_rights::unusable::get() != 0)
1125  return;
1126 
1127  switch (guest_gs_access_rights::type::get())
1128  {
1129  case access_rights::type::execute_only_conforming:
1130  case access_rights::type::execute_only_conforming_accessed:
1131  case access_rights::type::read_execute_conforming:
1132  case access_rights::type::read_execute_conforming_accessed:
1133  return;
1134 
1135  default:
1136  break;
1137  }
1138 
1139  auto gs_rpl = guest_gs_selector::rpl::get();
1140  auto gs_dpl = guest_gs_access_rights::dpl::get();
1141 
1142  if (gs_dpl < gs_rpl)
1143  throw std::logic_error("if unrestricted guest mode is disabled, "
1144  "and gs is usable, and the access rights "
1145  "type is in the range 0-11, dpl cannot be "
1146  "less than rpl");
1147 }
1148 
1149 void
1150 check::guest_cs_must_be_present()
1151 {
1152  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1153  return;
1154 
1155  if (guest_cs_access_rights::present::get() == 0)
1156  throw std::logic_error("cs access rights present flag must be 1 ");
1157 }
1158 
1159 void
1160 check::guest_ss_must_be_present_if_usable()
1161 {
1162  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1163  return;
1164 
1165  if (guest_ss_access_rights::unusable::get() != 0)
1166  return;
1167 
1168  if (guest_ss_access_rights::present::get() == 0)
1169  throw std::logic_error("ss access rights present flag must be 1 if ss is usable");
1170 }
1171 
1172 void
1173 check::guest_ds_must_be_present_if_usable()
1174 {
1175  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1176  return;
1177 
1178  if (guest_ds_access_rights::unusable::get() != 0)
1179  return;
1180 
1181  if (guest_ds_access_rights::present::get() == 0)
1182  throw std::logic_error("ds access rights present flag must be 1 if ds is usable");
1183 }
1184 
1185 void
1186 check::guest_es_must_be_present_if_usable()
1187 {
1188  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1189  return;
1190 
1191  if (guest_es_access_rights::unusable::get() != 0)
1192  return;
1193 
1194  if (guest_es_access_rights::present::get() == 0)
1195  throw std::logic_error("es access rights present flag must be 1 if es is usable");
1196 }
1197 
1198 void
1199 check::guest_fs_must_be_present_if_usable()
1200 {
1201  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1202  return;
1203 
1204  if (guest_fs_access_rights::unusable::get() != 0)
1205  return;
1206 
1207  if (guest_fs_access_rights::present::get() == 0)
1208  throw std::logic_error("fs access rights present flag must be 1 if fs is usable");
1209 }
1210 
1211 void
1212 check::guest_gs_must_be_present_if_usable()
1213 {
1214  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1215  return;
1216 
1217  if (guest_gs_access_rights::unusable::get() != 0)
1218  return;
1219 
1220  if (guest_gs_access_rights::present::get() == 0)
1221  throw std::logic_error("gs access rights present flag must be 1 if gs is usable");
1222 }
1223 
1224 void
1225 check::guest_cs_access_rights_reserved_must_be_0()
1226 {
1227  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1228  return;
1229 
1230  if (guest_cs_access_rights::reserved::get() != 0)
1231  throw std::logic_error("cs access rights reserved bits must be 0 ");
1232 }
1233 
1234 void
1235 check::guest_ss_access_rights_reserved_must_be_0()
1236 {
1237  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1238  return;
1239 
1240  if (guest_ss_access_rights::unusable::get() != 0)
1241  return;
1242 
1243  if (guest_ss_access_rights::reserved::get() != 0)
1244  throw std::logic_error("ss access rights reserved bits must be 0 if ss is usable");
1245 }
1246 
1247 void
1248 check::guest_ds_access_rights_reserved_must_be_0()
1249 {
1250  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1251  return;
1252 
1253  if (guest_ds_access_rights::unusable::get() != 0)
1254  return;
1255 
1256  if (guest_ds_access_rights::reserved::get() != 0)
1257  throw std::logic_error("ds access rights reserved bits must be 0 if ds is usable");
1258 }
1259 
1260 void
1261 check::guest_es_access_rights_reserved_must_be_0()
1262 {
1263  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1264  return;
1265 
1266  if (guest_es_access_rights::unusable::get() != 0)
1267  return;
1268 
1269  if (guest_es_access_rights::reserved::get() != 0)
1270  throw std::logic_error("es access rights reserved bits must be 0 if es is usable");
1271 }
1272 
1273 void
1274 check::guest_fs_access_rights_reserved_must_be_0()
1275 {
1276  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1277  return;
1278 
1279  if (guest_fs_access_rights::unusable::get() != 0)
1280  return;
1281 
1282  if (guest_fs_access_rights::reserved::get() != 0)
1283  throw std::logic_error("fs access rights reserved bits must be 0 if fs is usable");
1284 }
1285 
1286 void
1287 check::guest_gs_access_rights_reserved_must_be_0()
1288 {
1289  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1290  return;
1291 
1292  if (guest_gs_access_rights::unusable::get() != 0)
1293  return;
1294 
1295  if (guest_gs_access_rights::reserved::get() != 0)
1296  throw std::logic_error("gs access rights reserved bits must be 0 if gs is usable");
1297 }
1298 
1299 void
1300 check::guest_cs_db_must_be_0_if_l_equals_1()
1301 {
1302  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1303  return;
1304 
1305  if (vm_entry_controls::ia_32e_mode_guest::is_disabled())
1306  return;
1307 
1308  if (guest_cs_access_rights::l::get() == 0)
1309  return;
1310 
1311  if (guest_cs_access_rights::db::get() != 0)
1312  throw std::logic_error("d/b for guest cs must be 0 if in ia 32e mode and l == 1");
1313 }
1314 
1315 void
1316 check::guest_cs_granularity()
1317 {
1318  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1319  return;
1320 
1321  auto cs_limit = vmcs::guest_cs_limit::get();
1322  auto g = guest_cs_access_rights::granularity::get();
1323 
1324  if ((cs_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1325  throw std::logic_error("guest cs granularity must be 0 if any bit 11:0 is 0");
1326 
1327  if ((cs_limit & 0xFFF00000) != 0x00000000 && g == 0)
1328  throw std::logic_error("guest cs granularity must be 1 if any bit 31:20 is 1");
1329 }
1330 
1331 void
1332 check::guest_ss_granularity()
1333 {
1334  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1335  return;
1336 
1337  auto ss_limit = vmcs::guest_ss_limit::get();
1338  auto g = guest_ss_access_rights::granularity::get();
1339 
1340  if (guest_ss_access_rights::unusable::get() != 0)
1341  return;
1342 
1343  if ((ss_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1344  throw std::logic_error("guest ss granularity must be 0 if any bit 11:0 is 0");
1345 
1346  if ((ss_limit & 0xFFF00000) != 0x00000000 && g == 0)
1347  throw std::logic_error("guest ss granularity must be 1 if any bit 31:20 is 1");
1348 }
1349 
1350 void
1351 check::guest_ds_granularity()
1352 {
1353  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1354  return;
1355 
1356  auto ds_limit = vmcs::guest_ds_limit::get();
1357  auto g = guest_ds_access_rights::granularity::get();
1358 
1359  if (guest_ds_access_rights::unusable::get() != 0)
1360  return;
1361 
1362  if ((ds_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1363  throw std::logic_error("guest ds granularity must be 0 if any bit 11:0 is 0");
1364 
1365  if ((ds_limit & 0xFFF00000) != 0x00000000 && g == 0)
1366  throw std::logic_error("guest ds granularity must be 1 if any bit 31:20 is 1");
1367 }
1368 
1369 void
1370 check::guest_es_granularity()
1371 {
1372  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1373  return;
1374 
1375  auto es_limit = vmcs::guest_es_limit::get();
1376  auto g = guest_es_access_rights::granularity::get();
1377 
1378  if (guest_es_access_rights::unusable::get() != 0)
1379  return;
1380 
1381  if ((es_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1382  throw std::logic_error("guest es granularity must be 0 if any bit 11:0 is 0");
1383 
1384  if ((es_limit & 0xFFF00000) != 0x00000000 && g == 0)
1385  throw std::logic_error("guest es granularity must be 1 if any bit 31:20 is 1");
1386 }
1387 
1388 void
1389 check::guest_fs_granularity()
1390 {
1391  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1392  return;
1393 
1394  auto fs_limit = vmcs::guest_fs_limit::get();
1395  auto g = guest_fs_access_rights::granularity::get();
1396 
1397  if (guest_fs_access_rights::unusable::get() != 0)
1398  return;
1399 
1400  if ((fs_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1401  throw std::logic_error("guest fs granularity must be 0 if any bit 11:0 is 0");
1402 
1403  if ((fs_limit & 0xFFF00000) != 0x00000000 && g == 0)
1404  throw std::logic_error("guest fs granularity must be 1 if any bit 31:20 is 1");
1405 }
1406 
1407 void
1408 check::guest_gs_granularity()
1409 {
1410  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1411  return;
1412 
1413  auto gs_limit = vmcs::guest_gs_limit::get();
1414  auto g = guest_gs_access_rights::granularity::get();
1415 
1416  if (guest_gs_access_rights::unusable::get() != 0)
1417  return;
1418 
1419  if ((gs_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1420  throw std::logic_error("guest gs granularity must be 0 if any bit 11:0 is 0");
1421 
1422  if ((gs_limit & 0xFFF00000) != 0x00000000 && g == 0)
1423  throw std::logic_error("guest gs granularity must be 1 if any bit 31:20 is 1");
1424 }
1425 
1426 void
1427 check::guest_cs_access_rights_remaining_reserved_bit_0()
1428 {
1429  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1430  return;
1431 
1432  if ((guest_cs_access_rights::get() & 0xFFFE0000UL) != 0UL)
1433  throw std::logic_error("guest cs access rights bits 31:17 must be 0");
1434 }
1435 
1436 void
1437 check::guest_ss_access_rights_remaining_reserved_bit_0()
1438 {
1439  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1440  return;
1441 
1442  if (guest_ss_access_rights::unusable::get() != 0)
1443  return;
1444 
1445  if ((guest_ss_access_rights::get() & 0xFFFE0000UL) != 0UL)
1446  throw std::logic_error("guest ss access rights bits 31:17 must be 0");
1447 }
1448 
1449 void
1450 check::guest_ds_access_rights_remaining_reserved_bit_0()
1451 {
1452  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1453  return;
1454 
1455  if (guest_ds_access_rights::unusable::get() != 0)
1456  return;
1457 
1458  if ((guest_ds_access_rights::get() & 0xFFFE0000UL) != 0UL)
1459  throw std::logic_error("guest ds access rights bits 31:17 must be 0");
1460 }
1461 
1462 void
1463 check::guest_es_access_rights_remaining_reserved_bit_0()
1464 {
1465  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1466  return;
1467 
1468  if (guest_es_access_rights::unusable::get() != 0)
1469  return;
1470 
1471  if ((guest_es_access_rights::get() & 0xFFFE0000UL) != 0UL)
1472  throw std::logic_error("guest es access rights bits 31:17 must be 0");
1473 }
1474 
1475 void
1476 check::guest_fs_access_rights_remaining_reserved_bit_0()
1477 {
1478  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1479  return;
1480 
1481  if (guest_fs_access_rights::unusable::get() != 0)
1482  return;
1483 
1484  if ((guest_fs_access_rights::get() & 0xFFFE0000UL) != 0UL)
1485  throw std::logic_error("guest fs access rights bits 31:17 must be 0");
1486 }
1487 
1488 void
1489 check::guest_gs_access_rights_remaining_reserved_bit_0()
1490 {
1491  if (vmcs::guest_rflags::virtual_8086_mode::is_enabled())
1492  return;
1493 
1494  if (guest_gs_access_rights::unusable::get() != 0)
1495  return;
1496 
1497  if ((guest_gs_access_rights::get() & 0xFFFE0000UL) != 0UL)
1498  throw std::logic_error("guest gs access rights bits 31:17 must be 0");
1499 }
1500 
1501 void
1502 check::guest_tr_type_must_be_11()
1503 {
1504  switch (guest_tr_access_rights::type::get())
1505  {
1506  case access_rights::type::read_write_accessed:
1507  if (vm_entry_controls::ia_32e_mode_guest::is_enabled())
1508  throw std::logic_error("tr type cannot be 3 if ia_32e_mode_guest is enabled");
1509 
1510  return;
1511 
1512  case access_rights::type::read_execute_accessed:
1513  return;
1514 
1515  default:
1516  throw std::logic_error("tr type must be 3 or 11");
1517  }
1518 }
1519 
1520 void
1521 check::guest_tr_must_be_a_system_descriptor()
1522 {
1523  if (guest_tr_access_rights::s::get() != 0)
1524  throw std::logic_error("tr must be a system descriptor. S should equal 0");
1525 }
1526 
1527 void
1528 check::guest_tr_must_be_present()
1529 {
1530  if (guest_tr_access_rights::present::get() == 0)
1531  throw std::logic_error("tr access rights present flag must be 1 ");
1532 }
1533 
1534 void
1535 check::guest_tr_access_rights_reserved_must_be_0()
1536 {
1537  if (guest_tr_access_rights::reserved::get() != 0)
1538  throw std::logic_error("tr access rights bits 11:8 must be 0");
1539 }
1540 
1541 void
1542 check::guest_tr_granularity()
1543 {
1544  auto tr_limit = vmcs::guest_tr_limit::get();
1545  auto g = guest_tr_access_rights::granularity::get();
1546 
1547  if ((tr_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1548  throw std::logic_error("guest tr granularity must be 0 if any bit 11:0 is 0");
1549 
1550  if ((tr_limit & 0xFFF00000) != 0x00000000 && g == 0)
1551  throw std::logic_error("guest tr granularity must be 1 if any bit 31:20 is 1");
1552 }
1553 
1554 void
1555 check::guest_tr_must_be_usable()
1556 {
1557  if (guest_tr_access_rights::unusable::get() != 0)
1558  throw std::logic_error("tr must be usable");
1559 }
1560 
1561 void
1562 check::guest_tr_access_rights_remaining_reserved_bit_0()
1563 {
1564  auto tr_access = vmcs::guest_tr_access_rights::get();
1565 
1566  if ((tr_access & 0xFFFE0000) != 0)
1567  throw std::logic_error("guest tr access rights bits 31:17 must be 0");
1568 }
1569 
1570 void
1571 check::guest_ldtr_type_must_be_2()
1572 {
1573  if (guest_ldtr_access_rights::unusable::get() != 0)
1574  return;
1575 
1576  switch (guest_ldtr_access_rights::type::get())
1577  {
1578  case access_rights::type::read_write:
1579  break;
1580 
1581  default:
1582  throw std::logic_error("guest ldtr type must 2");
1583  }
1584 }
1585 
1586 void
1587 check::guest_ldtr_must_be_a_system_descriptor()
1588 {
1589  if (guest_ldtr_access_rights::unusable::get() != 0)
1590  return;
1591 
1592  if (guest_ldtr_access_rights::s::get() != 0)
1593  throw std::logic_error("ldtr must be a system descriptor. S should equal 0");
1594 }
1595 
1596 void
1597 check::guest_ldtr_must_be_present()
1598 {
1599  if (guest_ldtr_access_rights::unusable::get() != 0)
1600  return;
1601 
1602  if (guest_ldtr_access_rights::present::get() == 0)
1603  throw std::logic_error("ldtr access rights present flag must be 1 if ldtr is usable");
1604 }
1605 
1606 void
1607 check::guest_ldtr_access_rights_reserved_must_be_0()
1608 {
1609  if (guest_ldtr_access_rights::unusable::get() != 0)
1610  return;
1611 
1612  if (guest_ldtr_access_rights::reserved::get() != 0)
1613  throw std::logic_error("ldtr access rights bits 11:8 must be 0");
1614 }
1615 
1616 void
1617 check::guest_ldtr_granularity()
1618 {
1619  if (guest_ldtr_access_rights::unusable::get() != 0)
1620  return;
1621 
1622  auto ldtr_limit = vmcs::guest_ldtr_limit::get();
1623  auto g = guest_ldtr_access_rights::granularity::get();
1624 
1625  if ((ldtr_limit & 0x00000FFF) != 0x00000FFF && g != 0)
1626  throw std::logic_error("guest ldtr granularity must be 0 if any bit 11:0 is 0");
1627 
1628  if ((ldtr_limit & 0xFFF00000) != 0x00000000 && g == 0)
1629  throw std::logic_error("guest ldtr granularity must be 1 if any bit 31:20 is 1");
1630 }
1631 
1632 void
1633 check::guest_ldtr_access_rights_remaining_reserved_bit_0()
1634 {
1635  if (guest_ldtr_access_rights::unusable::get() != 0)
1636  return;
1637 
1638  auto ldtr_access = vmcs::guest_ldtr_access_rights::get();
1639 
1640  if ((ldtr_access & 0xFFFE0000) != 0)
1641  throw std::logic_error("guest ldtr access rights bits 31:17 must be 0 if ldtr is usable");
1642 }
1643 
1644 void
1645 check::guest_descriptor_table_registers_all()
1646 {
1647  check::guest_gdtr_base_must_be_canonical();
1648  check::guest_idtr_base_must_be_canonical();
1649  check::guest_gdtr_limit_reserved_bits();
1650  check::guest_idtr_limit_reserved_bits();
1651 }
1652 
1653 void
1654 check::guest_gdtr_base_must_be_canonical()
1655 {
1656  if (!x64::is_address_canonical(vmcs::guest_gdtr_base::get()))
1657  throw std::logic_error("gdtr base is non-canonical");
1658 }
1659 
1660 void
1661 check::guest_idtr_base_must_be_canonical()
1662 {
1663  if (!x64::is_address_canonical(vmcs::guest_idtr_base::get()))
1664  throw std::logic_error("idtr base is non-canonical");
1665 }
1666 
1667 void
1668 check::guest_gdtr_limit_reserved_bits()
1669 {
1670  auto gdtr_limit = vmcs::guest_gdtr_limit::get();
1671 
1672  if ((gdtr_limit & 0xFFFF0000) != 0)
1673  throw std::logic_error("gdtr limit bits 31:16 must be 0");
1674 }
1675 
1676 void
1677 check::guest_idtr_limit_reserved_bits()
1678 {
1679  auto idtr_limit = vmcs::guest_idtr_limit::get();
1680 
1681  if ((idtr_limit & 0xFFFF0000) != 0)
1682  throw std::logic_error("idtr limit bits 31:16 must be 0");
1683 }
1684 
1685 void
1686 check::guest_rip_and_rflags_all()
1687 {
1688  check::guest_rip_upper_bits();
1689  check::guest_rip_valid_addr();
1690  check::guest_rflags_reserved_bits();
1691  check::guest_rflags_vm_bit();
1692  check::guest_rflag_interrupt_enable();
1693 }
1694 
1695 void
1696 check::guest_rip_upper_bits()
1697 {
1698  auto cs_l = guest_cs_access_rights::l::get();
1699 
1700  if (vm_entry_controls::ia_32e_mode_guest::is_enabled() && cs_l != 0)
1701  return;
1702 
1703  if ((vmcs::guest_rip::get() & 0xFFFFFFFF00000000) != 0)
1704  throw std::logic_error("rip bits 61:32 must 0 if IA 32e mode is disabled or cs L is disabled");
1705 }
1706 
1707 void
1708 check::guest_rip_valid_addr()
1709 {
1710  auto cs_l = guest_cs_access_rights::l::get();
1711 
1712  if (vm_entry_controls::ia_32e_mode_guest::is_disabled())
1713  return;
1714 
1715  if (cs_l == 0)
1716  return;
1717 
1718  if (!is_linear_address_valid(vmcs::guest_rip::get()))
1719  throw std::logic_error("rip bits must be canonical");
1720 }
1721 
1722 void
1723 check::guest_rflags_reserved_bits()
1724 {
1725  if (guest_rflags::reserved::get() != 0)
1726  throw std::logic_error("reserved bits in rflags must be 0");
1727 
1728  if (guest_rflags::always_enabled::get() == 0)
1729  throw std::logic_error("always enabled bits in rflags must be 1");
1730 }
1731 
1732 void
1733 check::guest_rflags_vm_bit()
1734 {
1735  if (vm_entry_controls::ia_32e_mode_guest::is_disabled() && guest_cr0::protection_enable::is_enabled())
1736  return;
1737 
1738  if (guest_rflags::virtual_8086_mode::is_enabled())
1739  throw std::logic_error("rflags VM must be 0 if ia 32e mode is 1 or PE is 0");
1740 }
1741 
1742 void
1743 check::guest_rflag_interrupt_enable()
1744 {
1745  using namespace vm_entry_interruption_information_field;
1746 
1747  if (valid_bit::is_disabled())
1748  return;
1749 
1750  if (interruption_type::get() != interruption_type::external_interrupt)
1751  return;
1752 
1753  if (guest_rflags::interrupt_enable_flag::is_disabled())
1754  throw std::logic_error("rflags IF must be 1 if the valid bit is 1 and interrupt type is external");
1755 }
1756 
1757 void
1758 check::guest_non_register_state_all()
1759 {
1760  check::guest_valid_activity_state();
1761  check::guest_activity_state_not_hlt_when_dpl_not_0();
1762  check::guest_must_be_active_if_injecting_blocking_state();
1763  check::guest_hlt_valid_interrupts();
1764  check::guest_shutdown_valid_interrupts();
1765  check::guest_sipi_valid_interrupts();
1766  check::guest_valid_activity_state_and_smm();
1767  check::guest_interruptibility_state_reserved();
1768  check::guest_interruptibility_state_sti_mov_ss();
1769  check::guest_interruptibility_state_sti();
1770  check::guest_interruptibility_state_external_interrupt();
1771  check::guest_interruptibility_state_nmi();
1772  check::guest_interruptibility_not_in_smm();
1773  check::guest_interruptibility_entry_to_smm();
1774  check::guest_interruptibility_state_sti_and_nmi();
1775  check::guest_interruptibility_state_virtual_nmi();
1776  check::guest_interruptibility_state_enclave_interrupt();
1777  check::guest_pending_debug_exceptions_reserved();
1778  check::guest_pending_debug_exceptions_dbg_ctl();
1779  check::guest_pending_debug_exceptions_rtm();
1780  check::guest_vmcs_link_pointer_bits_11_0();
1781  check::guest_vmcs_link_pointer_valid_addr();
1782  check::guest_vmcs_link_pointer_first_word();
1783  check::guest_vmcs_link_pointer_not_in_smm();
1784  check::guest_vmcs_link_pointer_in_smm();
1785 }
1786 
1787 void
1788 check::guest_valid_activity_state()
1789 {
1790  if (vmcs::guest_activity_state::get() > 3)
1791  throw std::logic_error("activity state must be 0 - 3");
1792 }
1793 
1794 void
1795 check::guest_activity_state_not_hlt_when_dpl_not_0()
1796 {
1797  if (vmcs::guest_activity_state::get() != vmcs::guest_activity_state::hlt)
1798  return;
1799 
1800  if (guest_ss_access_rights::dpl::get() != 0)
1801  throw std::logic_error("ss.dpl must be 0 if activity state is HLT");
1802 }
1803 
1804 void
1805 check::guest_must_be_active_if_injecting_blocking_state()
1806 {
1807  if (vmcs::guest_activity_state::get() == vmcs::guest_activity_state::active)
1808  return;
1809 
1810  if (vmcs::guest_interruptibility_state::blocking_by_sti::get() != 0U)
1811  throw std::logic_error("activity state must be active if "
1812  "interruptibility state is sti");
1813 
1814  if (vmcs::guest_interruptibility_state::blocking_by_mov_ss::get() != 0U)
1815  throw std::logic_error("activity state must be active if "
1816  "interruptibility state is mov-ss");
1817 }
1818 
1819 void
1820 check::guest_hlt_valid_interrupts()
1821 {
1822  using namespace vm_entry_interruption_information_field;
1823 
1824  if (valid_bit::is_disabled())
1825  return;
1826 
1827  if (vmcs::guest_activity_state::get() != vmcs::guest_activity_state::hlt)
1828  return;
1829 
1830  auto type = interruption_type::get();
1831  auto vector = vector::get();
1832 
1833  switch (type)
1834  {
1835  case interruption_type::external_interrupt:
1836  case interruption_type::non_maskable_interrupt:
1837  return;
1838 
1839  case interruption_type::hardware_exception:
1840  if (vector == interrupt::debug_exception)
1841  return;
1842 
1843  if (vector == interrupt::machine_check)
1844  return;
1845 
1846  break;
1847 
1848  case interruption_type::other_event:
1849  if (vector == interrupt::divide_error)
1850  return;
1851 
1852  break;
1853 
1854  default:
1855  break;
1856  }
1857 
1858  throw std::logic_error("invalid interruption combination for guest hlt");
1859 }
1860 
1861 void
1862 check::guest_shutdown_valid_interrupts()
1863 {
1864  using namespace vm_entry_interruption_information_field;
1865 
1866  if (valid_bit::is_disabled())
1867  return;
1868 
1869  if (vmcs::guest_activity_state::get() != vmcs::guest_activity_state::shutdown)
1870  return;
1871 
1872  auto type = interruption_type::get();
1873  auto vector = vector::get();
1874 
1875  switch (type)
1876  {
1877  case interruption_type::non_maskable_interrupt:
1878  return;
1879 
1880  case interruption_type::hardware_exception:
1881  if (vector == interrupt::machine_check)
1882  return;
1883 
1884  break;
1885 
1886  default:
1887  break;
1888  }
1889 
1890  throw std::logic_error("invalid interruption combination for guest shutdown");
1891 }
1892 
1893 void
1894 check::guest_sipi_valid_interrupts()
1895 {
1896  if (vm_entry_interruption_information_field::valid_bit::is_disabled())
1897  return;
1898 
1899  if (vmcs::guest_activity_state::get() != vmcs::guest_activity_state::wait_for_sipi)
1900  return;
1901 
1902  throw std::logic_error("invalid interruption combination");
1903 }
1904 
1905 void
1906 check::guest_valid_activity_state_and_smm()
1907 {
1908  if (vm_entry_controls::entry_to_smm::is_disabled())
1909  return;
1910 
1911  if (vmcs::guest_activity_state::get() != vmcs::guest_activity_state::wait_for_sipi)
1912  return;
1913 
1914  throw std::logic_error("activity state must not equal wait for sipi if entry to smm is enabled");
1915 }
1916 
1917 void
1918 check::guest_interruptibility_state_reserved()
1919 {
1920  if (vmcs::guest_interruptibility_state::reserved::get() != 0)
1921  throw std::logic_error("interruptibility state reserved bits 31:5 must be 0");
1922 }
1923 
1924 void
1925 check::guest_interruptibility_state_sti_mov_ss()
1926 {
1927  auto sti = vmcs::guest_interruptibility_state::blocking_by_sti::get();
1928  auto mov_ss = vmcs::guest_interruptibility_state::blocking_by_mov_ss::get();
1929 
1930  if (sti != 0U && mov_ss != 0U)
1931  throw std::logic_error("interruptibility state sti and mov ss cannot both be 1");
1932 
1933 }
1934 
1935 void
1936 check::guest_interruptibility_state_sti()
1937 {
1938  if (guest_rflags::interrupt_enable_flag::is_enabled())
1939  return;
1940 
1941  if (vmcs::guest_interruptibility_state::blocking_by_sti::get() != 0U)
1942  throw std::logic_error("interruptibility state sti must be 0 if rflags interrupt enabled is 0");
1943 }
1944 
1945 void
1946 check::guest_interruptibility_state_external_interrupt()
1947 {
1948  using namespace vm_entry_interruption_information_field;
1949 
1950  if (valid_bit::is_disabled())
1951  return;
1952 
1953  if (interruption_type::get() != interruption_type::external_interrupt)
1954  return;
1955 
1956  if (vmcs::guest_interruptibility_state::blocking_by_sti::get() != 0U)
1957  throw std::logic_error("interruptibility state sti must be 0 if "
1958  "interrupt type is external and valid");
1959 
1960  if (vmcs::guest_interruptibility_state::blocking_by_mov_ss::get() != 0U)
1961  throw std::logic_error("activity state must be active if "
1962  "interruptibility state is mov-ss");
1963 }
1964 
1965 void
1966 check::guest_interruptibility_state_nmi()
1967 {
1968  using namespace vm_entry_interruption_information_field;
1969 
1970  if (valid_bit::is_disabled())
1971  return;
1972 
1973  if (interruption_type::get() != interruption_type::non_maskable_interrupt)
1974  return;
1975 
1976  if (vmcs::guest_interruptibility_state::blocking_by_mov_ss::get() != 0U)
1977  throw std::logic_error("vali interrupt type must not be nmi if "
1978  "interruptibility state is mov-ss");
1979 }
1980 
1981 void
1982 check::guest_interruptibility_not_in_smm()
1983 {
1984 }
1985 
1986 void
1987 check::guest_interruptibility_entry_to_smm()
1988 {
1989  if (vm_entry_controls::entry_to_smm::is_disabled())
1990  return;
1991 
1992  if (vmcs::guest_interruptibility_state::blocking_by_smi::get() == 0U)
1993  throw std::logic_error("interruptibility state smi must be enabled "
1994  "if entry to smm is enabled");
1995 }
1996 
1997 void
1998 check::guest_interruptibility_state_sti_and_nmi()
1999 {
2000  using namespace vm_entry_interruption_information_field;
2001 
2002  if (valid_bit::is_disabled())
2003  return;
2004 
2005  if (interruption_type::get() != interruption_type::non_maskable_interrupt)
2006  return;
2007 
2008  if (vmcs::guest_interruptibility_state::blocking_by_sti::get() != 0U)
2009  throw std::logic_error("some processors require sti to be 0 if "
2010  "the interruption type is nmi");
2011 }
2012 
2013 void
2014 check::guest_interruptibility_state_virtual_nmi()
2015 {
2016  using namespace vm_entry_interruption_information_field;
2017 
2018  if (pin_based_vm_execution_controls::virtual_nmis::is_disabled())
2019  return;
2020 
2021  if (valid_bit::is_disabled())
2022  return;
2023 
2024  if (interruption_type::get() != interruption_type::non_maskable_interrupt)
2025  return;
2026 
2027  if (vmcs::guest_interruptibility_state::blocking_by_nmi::get() != 0)
2028  throw std::logic_error("if virtual nmi is enabled, and the interruption "
2029  "type is NMI, blocking by nmi must be disabled");
2030 }
2031 
2032 void
2033 check::guest_interruptibility_state_enclave_interrupt()
2034 {
2035  if (guest_interruptibility_state::enclave_interruption::get() == 0)
2036  return;
2037 
2038  if (guest_interruptibility_state::blocking_by_mov_ss::get() != 0)
2039  throw std::logic_error("blocking by mov ss is enabled but enclave interrupt is "
2040  "also enabled in interruptibility state");
2041 
2042  if (!x64::cpuid::extended_feature_flags::subleaf0::ebx::sgx::get())
2043  throw std::logic_error("enclave interrupt is 1 in interruptibility state "
2044  "but the processor does not support sgx");
2045 }
2046 
2047 void
2048 check::guest_pending_debug_exceptions_reserved()
2049 {
2050  if (vmcs::guest_pending_debug_exceptions::reserved::get() != 0)
2051  throw std::logic_error("pending debug exception reserved bits must be 0");
2052 }
2053 
2054 void
2055 check::guest_pending_debug_exceptions_dbg_ctl()
2056 {
2057  auto sti = vmcs::guest_interruptibility_state::blocking_by_sti::get();
2058  auto mov_ss = vmcs::guest_interruptibility_state::blocking_by_mov_ss::get();
2059  auto activity_state = vmcs::guest_activity_state::get();
2060 
2061  if (sti == 0 && mov_ss == 0 && activity_state != vmcs::guest_activity_state::hlt)
2062  return;
2063 
2064  auto bs = vmcs::guest_pending_debug_exceptions::bs::is_enabled();
2065  auto tf = vmcs::guest_rflags::trap_flag::is_enabled();
2066  auto btf = vmcs::guest_ia32_debugctl::btf::is_enabled();
2067 
2068  if (!bs && tf && !btf)
2069  throw std::logic_error("pending debug exception bs must be 1 if "
2070  "rflags tf is 1 and debugctl btf is 0");
2071 
2072  if (bs && !tf && btf)
2073  throw std::logic_error("pending debug exception bs must be 0 if "
2074  "rflags tf is 0 and debugctl btf is 1");
2075 }
2076 
2077 void
2078 check::guest_pending_debug_exceptions_rtm()
2079 {
2080  if (guest_pending_debug_exceptions::rtm::is_disabled())
2081  return;
2082 
2083  if ((guest_pending_debug_exceptions::get() & 0xFFFFFFFFFFFEAFFF) != 0)
2084  throw std::logic_error("pending debug exception reserved bits and bits 3:0 "
2085  "must be 0 if rtm is 1");
2086 
2087  if (guest_pending_debug_exceptions::enabled_breakpoint::is_disabled())
2088  throw std::logic_error("pending debug exception bit 12 must be 1 if rtm is 1");
2089 
2090  if (!x64::cpuid::extended_feature_flags::subleaf0::ebx::rtm::get())
2091  throw std::logic_error("rtm is set in pending debug exception but "
2092  "rtm is unsupported by the processor");
2093 
2094  if (guest_interruptibility_state::blocking_by_mov_ss::get() == 1)
2095  throw std::logic_error("interruptibility-state field indicates blocking by mov ss"
2096  " but rtm is set in pending debug exceptions field");
2097 }
2098 
2099 void
2100 check::guest_vmcs_link_pointer_bits_11_0()
2101 {
2102  auto vmcs_link_pointer = vmcs::vmcs_link_pointer::get();
2103 
2104  if (vmcs_link_pointer == 0xFFFFFFFFFFFFFFFF)
2105  return;
2106 
2107  if ((vmcs_link_pointer & 0x0000000000000FFF) != 0)
2108  throw std::logic_error("vmcs link pointer bits 11:0 must be 0");
2109 }
2110 
2111 void
2112 check::guest_vmcs_link_pointer_valid_addr()
2113 {
2114  auto vmcs_link_pointer = vmcs::vmcs_link_pointer::get();
2115 
2116  if (vmcs_link_pointer == 0xFFFFFFFFFFFFFFFF)
2117  return;
2118 
2119  if (!x64::is_physical_address_valid(vmcs_link_pointer))
2120  throw std::logic_error("vmcs link pointer invalid physical address");
2121 }
2122 
2123 void
2124 check::guest_vmcs_link_pointer_first_word()
2125 {
2126  auto vmcs_link_pointer = vmcs::vmcs_link_pointer::get();
2127 
2128  if (vmcs_link_pointer == 0xFFFFFFFFFFFFFFFF)
2129  return;
2130 
2131  auto vmcs = g_mm->physint_to_virtptr(vmcs_link_pointer);
2132 
2133  if (vmcs == nullptr)
2134  throw std::logic_error("invalid vmcs physical address");
2135 
2136  auto revision_id = *static_cast<uint32_t *>(vmcs) & 0x7FFFFFFF;
2137  auto vmcs_shadow = *static_cast<uint32_t *>(vmcs) & 0x80000000;
2138 
2139  if (revision_id != msrs::ia32_vmx_basic::revision_id::get())
2140  throw std::logic_error("shadow vmcs must contain CPU's revision id");
2141 
2142  if (primary_processor_based_vm_execution_controls::activate_secondary_controls::is_disabled())
2143  return;
2144 
2145  if (secondary_processor_based_vm_execution_controls::vmcs_shadowing::is_disabled_if_exists())
2146  return;
2147 
2148  if (vmcs_shadow == 0)
2149  throw std::logic_error("shadow vmcs bit must be enabled if vmcs shadowing is enabled");
2150 }
2151 
2152 void
2153 check::guest_vmcs_link_pointer_not_in_smm()
2154 {
2155 }
2156 
2157 void
2158 check::guest_vmcs_link_pointer_in_smm()
2159 {
2160 }
2161 
2162 void
2163 check::guest_pdptes_all()
2164 {
2165  check::guest_valid_pdpte_with_ept_disabled();
2166  check::guest_valid_pdpte_with_ept_enabled();
2167 }
2168 
2169 void
2170 check::guest_valid_pdpte_with_ept_disabled()
2171 {
2172  if (guest_cr0::paging::is_disabled())
2173  return;
2174 
2175  if (guest_cr4::physical_address_extensions::is_disabled())
2176  return;
2177 
2178  if (vm_entry_controls::ia_32e_mode_guest::is_enabled())
2179  return;
2180 
2181  if (secondary_processor_based_vm_execution_controls::enable_ept::is_enabled_if_exists())
2182  return;
2183 
2184  auto cr3 = vmcs::guest_cr3::get();
2185  auto virt_pdpt = static_cast<uint64_t *>(g_mm->physint_to_virtptr(cr3 & 0xFFFFFFE0UL));
2186 
2187  if (virt_pdpt == nullptr)
2188  throw std::logic_error("pdpt address is null");
2189 
2190  if ((virt_pdpt[0] & x64::pdpte::reserved::mask()) != 0U)
2191  throw std::logic_error("pdpte0 reserved bits set with ept disabled and pae paging enabled");
2192 
2193  if ((virt_pdpt[1] & x64::pdpte::reserved::mask()) != 0U)
2194  throw std::logic_error("pdpte1 reserved bits set with ept disabled and pae paging enabled");
2195 
2196  if ((virt_pdpt[2] & x64::pdpte::reserved::mask()) != 0U)
2197  throw std::logic_error("pdpte2 reserved bits set with ept disabled and pae paging enabled");
2198 
2199  if ((virt_pdpt[3] & x64::pdpte::reserved::mask()) != 0U)
2200  throw std::logic_error("pdpte3 reserved bits set with ept disabled and pae paging enabled");
2201 }
2202 
2203 void
2204 check::guest_valid_pdpte_with_ept_enabled()
2205 {
2206  if (guest_cr0::paging::is_disabled())
2207  return;
2208 
2209  if (guest_cr4::physical_address_extensions::is_disabled())
2210  return;
2211 
2212  if (vm_entry_controls::ia_32e_mode_guest::is_enabled())
2213  return;
2214 
2215  if (primary_processor_based_vm_execution_controls::activate_secondary_controls::is_disabled())
2216  return;
2217 
2218  if (secondary_processor_based_vm_execution_controls::enable_ept::is_disabled_if_exists())
2219  return;
2220 
2221  if (vmcs::guest_pdpte0::reserved::get() != 0U)
2222  throw std::logic_error("pdpte0 reserved bits set with ept and pae paging enabled");
2223 
2224  if (vmcs::guest_pdpte1::reserved::get() != 0U)
2225  throw std::logic_error("pdpte1 reserved bits set with ept and pae paging enabled");
2226 
2227  if (vmcs::guest_pdpte2::reserved::get() != 0U)
2228  throw std::logic_error("pdpte2 reserved bits set with ept and pae paging enabled");
2229 
2230  if (vmcs::guest_pdpte3::reserved::get() != 0U)
2231  throw std::logic_error("ppdpte3 reserved bits set with ept and pae paging enabled");
2232 }
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::ds
constexpr const auto ds
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:923
intel_x64::vmcs::check::guest_valid_activity_state
void guest_valid_activity_state()
Definition: vmcs_intel_x64_check_guest.cpp:1788
intel_x64::vmcs::check::guest_fs_must_be_present_if_usable
void guest_fs_must_be_present_if_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1199
intel_x64::vmcs::check::guest_gs_granularity
void guest_gs_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1408
intel_x64::vmcs::check::guest_ss_access_rights_type
void guest_ss_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:706
intel_x64::vmcs::check::guest_es_is_not_a_system_descriptor
void guest_es_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:868
pdpte_x64.h
intel_x64::vmcs::check::guest_ds_dpl
void guest_ds_dpl()
Definition: vmcs_intel_x64_check_guest.cpp:1002
bfn::cr3
void uintptr_t uintptr_t cr3
Definition: map_ptr_x64.cpp:33
intel_x64::vmcs::check::guest_ss_granularity
void guest_ss_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1332
intel_x64::vmcs::check::guest_vmcs_link_pointer_bits_11_0
void guest_vmcs_link_pointer_bits_11_0()
Definition: vmcs_intel_x64_check_guest.cpp:2100
intel_x64::vmcs::check::guest_interruptibility_state_sti_mov_ss
void guest_interruptibility_state_sti_mov_ss()
Definition: vmcs_intel_x64_check_guest.cpp:1925
intel_x64::vmcs::check::guest_cs_limit
void guest_cs_limit()
Definition: vmcs_intel_x64_check_guest.cpp:542
x64::cpuid::extended_feature_flags::subleaf0::ebx::rtm::get
auto get() noexcept
Definition: cpuid_x64.h:732
intel_x64::vmcs::check::guest_rflags_vm_bit
void guest_rflags_vm_bit()
Definition: vmcs_intel_x64_check_guest.cpp:1733
intel_x64::vmcs::check::guest_interruptibility_not_in_smm
void guest_interruptibility_not_in_smm()
Definition: vmcs_intel_x64_check_guest.cpp:1982
intel_x64::vmcs::check::guest_ds_base_upper_dword_0
void guest_ds_base_upper_dword_0()
Definition: vmcs_intel_x64_check_guest.cpp:522
intel_x64::vmcs::check::guest_ds_base_is_shifted
void guest_ds_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:426
intel_x64::vmcs::check::guest_cs_access_rights_type
void guest_cs_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:674
intel_x64::vmcs::check::guest_fs_granularity
void guest_fs_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1389
intel_x64::vmcs::check::guest_cr4_for_unsupported_bits
void guest_cr4_for_unsupported_bits()
Definition: vmcs_intel_x64_check_guest.cpp:104
intel_x64::vmcs::check::guest_pending_debug_exceptions_rtm
void guest_pending_debug_exceptions_rtm()
Definition: vmcs_intel_x64_check_guest.cpp:2078
intel_x64::vmcs::check::guest_load_debug_controls_verify_reserved
void guest_load_debug_controls_verify_reserved()
Definition: vmcs_intel_x64_check_guest.cpp:122
x64::pdpte::reserved::mask
auto mask() noexcept
Definition: pdpte_x64.h:48
intel_x64::vmcs::guest_activity_state::shutdown
constexpr const auto shutdown
Definition: vmcs_intel_x64_32bit_guest_state_fields.h:2797
intel_x64
Definition: crs_intel_x64.h:42
intel_x64::vmcs::pin_based_vm_execution_controls::external_interrupt_exiting::is_disabled_if_exists
auto is_disabled_if_exists(bool verbose=false) noexcept
Definition: vmcs_intel_x64_32bit_control_fields.h:80
intel_x64::vmcs::check::guest_ia32_sysenter_esp_canonical_address
void guest_ia32_sysenter_esp_canonical_address()
Definition: vmcs_intel_x64_check_guest.cpp:174
intel_x64::vmcs::check::guest_ss_must_be_present_if_usable
void guest_ss_must_be_present_if_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1160
intel_x64::vmcs::check::guest_cr0_for_unsupported_bits
void guest_cr0_for_unsupported_bits()
Definition: vmcs_intel_x64_check_guest.cpp:73
intel_x64::vmcs::check::guest_cs_type_not_equal_3
void guest_cs_type_not_equal_3()
Definition: vmcs_intel_x64_check_guest.cpp:907
memory_manager_x64.h
intel_x64::vmcs::check::guest_ds_granularity
void guest_ds_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1351
x64::access_rights::type::execute_only_conforming
constexpr const auto execute_only_conforming
Definition: x64.h:70
intel_x64::vmcs::check::guest_es_access_rights_reserved_must_be_0
void guest_es_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1261
intel_x64::vmcs::check::guest_tr_must_be_usable
void guest_tr_must_be_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1555
intel_x64::vmcs::check::guest_tr_access_rights_remaining_reserved_bit_0
void guest_tr_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1562
intel_x64::vmcs::check::guest_cs_access_rights_remaining_reserved_bit_0
void guest_cs_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1427
intel_x64::vmcs::pin_based_vm_execution_controls::external_interrupt_exiting::is_enabled
auto is_enabled()
Definition: vmcs_intel_x64_32bit_control_fields.h:71
intel_x64::vmcs::check::guest_gdtr_limit_reserved_bits
void guest_gdtr_limit_reserved_bits()
Definition: vmcs_intel_x64_check_guest.cpp:1668
intel_x64::vmcs::vm_entry_interruption_information_field::interruption_type::external_interrupt
constexpr const auto external_interrupt
Definition: vmcs_intel_x64_32bit_control_fields.h:1707
intel_x64::vmcs::check::guest_pdptes_all
void guest_pdptes_all()
Definition: vmcs_intel_x64_check_guest.cpp:2163
intel_x64::vmcs::check::guest_verify_load_ia32_efer
void guest_verify_load_ia32_efer()
Definition: vmcs_intel_x64_check_guest.cpp:229
intel_x64::vmcs::check::guest_fs_is_not_a_system_descriptor
void guest_fs_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:881
intel_x64::vmcs::check::guest_must_be_active_if_injecting_blocking_state
void guest_must_be_active_if_injecting_blocking_state()
Definition: vmcs_intel_x64_check_guest.cpp:1805
intel_x64::vmcs::check::guest_interruptibility_state_nmi
void guest_interruptibility_state_nmi()
Definition: vmcs_intel_x64_check_guest.cpp:1966
x64::is_physical_address_valid
auto is_physical_address_valid(T addr)
Definition: x64.h:126
intel_x64::vmcs::check::guest_gs_access_rights_remaining_reserved_bit_0
void guest_gs_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1489
intel_x64::vmcs::check::guest_ds_access_rights_reserved_must_be_0
void guest_ds_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1248
intel_x64::vmcs::check::guest_v8086_gs_access_rights
void guest_v8086_gs_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:664
intel_x64::vmcs::check::guest_cs_base_is_shifted
void guest_cs_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:402
intel_x64::vmcs::check::guest_cs_db_must_be_0_if_l_equals_1
void guest_cs_db_must_be_0_if_l_equals_1()
Definition: vmcs_intel_x64_check_guest.cpp:1300
x64::access_rights::type::read_execute_accessed
constexpr const auto read_execute_accessed
Definition: x64.h:69
intel_x64::vmcs::check::guest_ss_base_upper_dword_0
void guest_ss_base_upper_dword_0()
Definition: vmcs_intel_x64_check_guest.cpp:512
intel_x64::vmcs::check::guest_ss_base_is_shifted
void guest_ss_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:414
x64::access_rights::type::read_write_expand_down_accessed
constexpr const auto read_write_expand_down_accessed
Definition: x64.h:64
x64::access_rights::type::read_only_expand_down_accessed
constexpr const auto read_only_expand_down_accessed
Definition: x64.h:62
intel_x64::vmcs::check::guest_es_base_is_shifted
void guest_es_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:438
intel_x64::vmcs::check::guest_gs_access_rights_type
void guest_gs_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:806
cpuid_x64.h
intel_x64::vmcs::check::guest_es_must_be_present_if_usable
void guest_es_must_be_present_if_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1186
intel_x64::vmcs::check::guest_shutdown_valid_interrupts
void guest_shutdown_valid_interrupts()
Definition: vmcs_intel_x64_check_guest.cpp:1862
intel_x64::vmcs::check::guest_descriptor_table_registers_all
void guest_descriptor_table_registers_all()
Definition: vmcs_intel_x64_check_guest.cpp:1645
x64::is_linear_address_valid
auto is_linear_address_valid(T addr)
Definition: x64.h:122
intel_x64::vmcs::check::memory_type_reserved
auto memory_type_reserved(T memory_type)
Definition: vmcs_intel_x64_check.h:305
intel_x64::vmcs::check::guest_interruptibility_state_enclave_interrupt
void guest_interruptibility_state_enclave_interrupt()
Definition: vmcs_intel_x64_check_guest.cpp:2033
intel_x64::vmcs::check::guest_v8086_fs_access_rights
void guest_v8086_fs_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:654
intel_x64::vmcs::vm_entry_interruption_information_field::interruption_type::other_event
constexpr const auto other_event
Definition: vmcs_intel_x64_32bit_control_fields.h:1714
intel_x64::vmcs::check::guest_activity_state_not_hlt_when_dpl_not_0
void guest_activity_state_not_hlt_when_dpl_not_0()
Definition: vmcs_intel_x64_check_guest.cpp:1795
intel_x64::vmcs::check::guest_gs_is_not_a_system_descriptor
void guest_gs_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:894
intel_x64::vmcs::check::guest_tr_must_be_a_system_descriptor
void guest_tr_must_be_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:1521
intel_x64::vmcs::check::guest_es_dpl
void guest_es_dpl()
Definition: vmcs_intel_x64_check_guest.cpp:1039
vmcs_intel_x64_32bit_guest_state_fields.h
intel_x64::vmcs::check::guest_gs_access_rights_reserved_must_be_0
void guest_gs_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1287
intel_x64::vmcs::check::guest_ss_is_not_a_system_descriptor
void guest_ss_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:842
x64::access_rights::type::read_write
constexpr const auto read_write
Definition: x64.h:59
intel_x64::vmcs::vm_entry_interruption_information_field::interruption_type::hardware_exception
constexpr const auto hardware_exception
Definition: vmcs_intel_x64_32bit_control_fields.h:1710
x64::access_rights::type::read_only_accessed
constexpr const auto read_only_accessed
Definition: x64.h:58
intel_x64::vmcs::check::guest_ss_and_cs_rpl_are_the_same
void guest_ss_and_cs_rpl_are_the_same()
Definition: vmcs_intel_x64_check_guest.cpp:386
x64::access_rights::type::read_write_accessed
constexpr const auto read_write_accessed
Definition: x64.h:60
intel_x64::vmcs::check::guest_gs_base_is_canonical
void guest_gs_base_is_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:488
x64::access_rights::type::execute_only_accessed
constexpr const auto execute_only_accessed
Definition: x64.h:67
intel_x64::vmcs::check::guest_cs_access_rights_reserved_must_be_0
void guest_cs_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1225
intel_x64::vmcs::check::guest_es_access_rights_type
void guest_es_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:754
intel_x64::vmcs::check::guest_cs_granularity
void guest_cs_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1316
intel_x64::vmcs::check::guest_pending_debug_exceptions_dbg_ctl
void guest_pending_debug_exceptions_dbg_ctl()
Definition: vmcs_intel_x64_check_guest.cpp:2055
intel_x64::vmcs::check::guest_tr_type_must_be_11
void guest_tr_type_must_be_11()
Definition: vmcs_intel_x64_check_guest.cpp:1502
intel_x64::vmcs::check::guest_verify_ia_32e_mode_enabled
void guest_verify_ia_32e_mode_enabled()
Definition: vmcs_intel_x64_check_guest.cpp:132
x64::interrupt::debug_exception
constexpr const auto debug_exception
Definition: x64.h:96
intel_x64::vmcs::check::guest_tr_granularity
void guest_tr_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1542
intel_x64::vmcs::check::guest_load_debug_controls_verify_dr7
void guest_load_debug_controls_verify_dr7()
Definition: vmcs_intel_x64_check_guest.cpp:162
intel_x64::vmcs::check::guest_rflag_interrupt_enable
void guest_rflag_interrupt_enable()
Definition: vmcs_intel_x64_check_guest.cpp:1743
intel_x64::vmcs::check::guest_verify_load_ia32_bndcfgs
void guest_verify_load_ia32_bndcfgs()
Definition: vmcs_intel_x64_check_guest.cpp:258
intel_x64::vmcs::check::guest_ldtr_ti_bit_equals_0
void guest_ldtr_ti_bit_equals_0()
Definition: vmcs_intel_x64_check_guest.cpp:376
intel_x64::vmcs::check::guest_fs_access_rights_remaining_reserved_bit_0
void guest_fs_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1476
intel_x64::vmcs::check::guest_ldtr_access_rights_remaining_reserved_bit_0
void guest_ldtr_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1633
intel_x64::vmcs::check::guest_interruptibility_entry_to_smm
void guest_interruptibility_entry_to_smm()
Definition: vmcs_intel_x64_check_guest.cpp:1987
intel_x64::vmcs::check::guest_es_limit
void guest_es_limit()
Definition: vmcs_intel_x64_check_guest.cpp:578
intel_x64::vmcs::check::guest_v8086_ds_access_rights
void guest_v8086_ds_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:634
intel_x64::vmcs::check::guest_cs_base_upper_dword_0
void guest_cs_base_upper_dword_0()
Definition: vmcs_intel_x64_check_guest.cpp:505
intel_x64::vmcs::check::guest_interruptibility_state_sti
void guest_interruptibility_state_sti()
Definition: vmcs_intel_x64_check_guest.cpp:1936
intel_x64::vmcs::check::guest_pending_debug_exceptions_reserved
void guest_pending_debug_exceptions_reserved()
Definition: vmcs_intel_x64_check_guest.cpp:2048
intel_x64::vmcs::vm_entry_interruption_information_field::interruption_type::non_maskable_interrupt
constexpr const auto non_maskable_interrupt
Definition: vmcs_intel_x64_32bit_control_fields.h:1709
vmcs_intel_x64_natural_width_guest_state_fields.h
intel_x64::vmcs::check::guest_ss_dpl_must_equal_zero
void guest_ss_dpl_must_equal_zero()
Definition: vmcs_intel_x64_check_guest.cpp:982
intel_x64::vmcs::check::guest_v8086_ss_access_rights
void guest_v8086_ss_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:624
intel_x64::vmcs::check::guest_verify_load_ia32_pat
void guest_verify_load_ia32_pat()
Definition: vmcs_intel_x64_check_guest.cpp:198
vmcs_intel_x64_32bit_control_fields.h
intel_x64::vmcs::pin_based_vm_execution_controls::external_interrupt_exiting::is_enabled_if_exists
auto is_enabled_if_exists(bool verbose=false) noexcept
Definition: vmcs_intel_x64_32bit_control_fields.h:74
intel_x64::vmcs::check::guest_gs_base_is_shifted
void guest_gs_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:462
intel_x64::vmcs::check::guest_fs_access_rights_reserved_must_be_0
void guest_fs_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1274
intel_x64::cr0::paging::mask
constexpr const auto mask
Definition: crs_intel_x64.h:186
intel_x64::vmcs::check::guest_valid_pdpte_with_ept_disabled
void guest_valid_pdpte_with_ept_disabled()
Definition: vmcs_intel_x64_check_guest.cpp:2170
intel_x64::vmcs::check::guest_sipi_valid_interrupts
void guest_sipi_valid_interrupts()
Definition: vmcs_intel_x64_check_guest.cpp:1894
intel_x64::vmcs::check::guest_ldtr_base_is_canonical
void guest_ldtr_base_is_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:495
intel_x64::vmcs::check::guest_fs_access_rights_type
void guest_fs_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:780
intel_x64::vmcs::check::guest_verify_ia_32e_mode_disabled
void guest_verify_ia_32e_mode_disabled()
Definition: vmcs_intel_x64_check_guest.cpp:145
x64::interrupt::machine_check
constexpr const auto machine_check
Definition: x64.h:112
intel_x64::vmcs::check::guest_ss_access_rights_remaining_reserved_bit_0
void guest_ss_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1437
intel_x64::vmcs::check::guest_tr_ti_bit_equals_0
void guest_tr_ti_bit_equals_0()
Definition: vmcs_intel_x64_check_guest.cpp:369
vmcs_intel_x64_16bit_guest_state_fields.h
view_as_pointer
const void * view_as_pointer(const T val)
Definition: view_as_pointer.h:47
x64::access_rights::type::read_execute_conforming_accessed
constexpr const auto read_execute_conforming_accessed
Definition: x64.h:73
intel_x64::vmcs::check::guest_ss_dpl_must_equal_rpl
void guest_ss_dpl_must_equal_rpl()
Definition: vmcs_intel_x64_check_guest.cpp:963
g_mm
#define g_mm
Definition: memory_manager_x64.h:377
intel_x64::vmcs::check::guest_rip_and_rflags_all
void guest_rip_and_rflags_all()
Definition: vmcs_intel_x64_check_guest.cpp:1686
intel_x64::vmcs::check::guest_interruptibility_state_reserved
void guest_interruptibility_state_reserved()
Definition: vmcs_intel_x64_check_guest.cpp:1918
intel_x64::vmcs::check::guest_rip_upper_bits
void guest_rip_upper_bits()
Definition: vmcs_intel_x64_check_guest.cpp:1696
intel_x64::vmcs::check::guest_verify_load_ia32_perf_global_ctrl
void guest_verify_load_ia32_perf_global_ctrl()
Definition: vmcs_intel_x64_check_guest.cpp:188
intel_x64::vmcs::check::guest_rflags_reserved_bits
void guest_rflags_reserved_bits()
Definition: vmcs_intel_x64_check_guest.cpp:1723
intel_x64::vmcs::check::guest_vmcs_link_pointer_valid_addr
void guest_vmcs_link_pointer_valid_addr()
Definition: vmcs_intel_x64_check_guest.cpp:2112
intel_x64::vmcs::check::guest_ldtr_must_be_present
void guest_ldtr_must_be_present()
Definition: vmcs_intel_x64_check_guest.cpp:1597
intel_x64::vmcs::check::guest_idtr_limit_reserved_bits
void guest_idtr_limit_reserved_bits()
Definition: vmcs_intel_x64_check_guest.cpp:1677
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::fs
constexpr const auto fs
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:924
intel_x64::vmcs::check::guest_vmcs_link_pointer_in_smm
void guest_vmcs_link_pointer_in_smm()
Definition: vmcs_intel_x64_check_guest.cpp:2158
intel_x64::vmcs::check::guest_tr_access_rights_reserved_must_be_0
void guest_tr_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1535
intel_x64::vmcs::check::guest_cs_dpl_adheres_to_ss_dpl
void guest_cs_dpl_adheres_to_ss_dpl()
Definition: vmcs_intel_x64_check_guest.cpp:926
intel_x64::vmcs::check::guest_control_registers_debug_registers_and_msrs_all
void guest_control_registers_debug_registers_and_msrs_all()
Definition: vmcs_intel_x64_check_guest.cpp:54
intel_x64::vmcs::check::guest_idtr_base_must_be_canonical
void guest_idtr_base_must_be_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:1661
intel_x64::vmcs::pin_based_vm_execution_controls::external_interrupt_exiting::is_disabled
auto is_disabled()
Definition: vmcs_intel_x64_32bit_control_fields.h:77
intel_x64::vmcs::check::guest_vmcs_link_pointer_not_in_smm
void guest_vmcs_link_pointer_not_in_smm()
Definition: vmcs_intel_x64_check_guest.cpp:2153
intel_x64::vmcs::check::guest_gs_dpl
void guest_gs_dpl()
Definition: vmcs_intel_x64_check_guest.cpp:1113
intel_x64::vmcs::check::guest_es_access_rights_remaining_reserved_bit_0
void guest_es_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1463
intel_x64::vmcs::check::guest_non_register_state_all
void guest_non_register_state_all()
Definition: vmcs_intel_x64_check_guest.cpp:1758
intel_x64::vmcs::check::guest_interruptibility_state_sti_and_nmi
void guest_interruptibility_state_sti_and_nmi()
Definition: vmcs_intel_x64_check_guest.cpp:1998
intel_x64::vmcs::check::guest_interruptibility_state_virtual_nmi
void guest_interruptibility_state_virtual_nmi()
Definition: vmcs_intel_x64_check_guest.cpp:2014
crs_intel_x64.h
intel_x64::vmcs::check::guest_ds_limit
void guest_ds_limit()
Definition: vmcs_intel_x64_check_guest.cpp:566
intel_x64::vmcs::check::guest_cr0_verify_paging_enabled
void guest_cr0_verify_paging_enabled()
Definition: vmcs_intel_x64_check_guest.cpp:94
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::es
constexpr const auto es
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:920
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::cs
constexpr const auto cs
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:921
intel_x64::vmcs::check::guest_ds_must_be_present_if_usable
void guest_ds_must_be_present_if_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1173
intel_x64::vmcs::check::guest_tr_must_be_present
void guest_tr_must_be_present()
Definition: vmcs_intel_x64_check_guest.cpp:1528
x64::access_rights::type::execute_only_conforming_accessed
constexpr const auto execute_only_conforming_accessed
Definition: x64.h:71
x64::interrupt::divide_error
constexpr const auto divide_error
Definition: x64.h:95
intel_x64::vmcs::check::guest_fs_base_is_canonical
void guest_fs_base_is_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:481
intel_x64::vmcs::check::guest_cs_must_be_present
void guest_cs_must_be_present()
Definition: vmcs_intel_x64_check_guest.cpp:1150
intel_x64::vmcs::check::guest_ds_access_rights_type
void guest_ds_access_rights_type()
Definition: vmcs_intel_x64_check_guest.cpp:728
intel_x64::vmcs::check::guest_state_all
void guest_state_all()
Definition: vmcs_intel_x64_check_guest.cpp:43
intel_x64::vmcs::guest_activity_state::hlt
constexpr const auto hlt
Definition: vmcs_intel_x64_32bit_guest_state_fields.h:2796
x64::is_address_canonical
auto is_address_canonical(T addr)
Definition: x64.h:118
intel_x64::vmcs::check::guest_vmcs_link_pointer_first_word
void guest_vmcs_link_pointer_first_word()
Definition: vmcs_intel_x64_check_guest.cpp:2124
intel_x64::vmcs::check::guest_ss_limit
void guest_ss_limit()
Definition: vmcs_intel_x64_check_guest.cpp:554
intel_x64::cr0::protection_enable::mask
constexpr const auto mask
Definition: crs_intel_x64.h:56
intel_x64::vmcs::check::guest_ldtr_must_be_a_system_descriptor
void guest_ldtr_must_be_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:1587
intel_x64::vmcs::check::guest_cs_is_not_a_system_descriptor
void guest_cs_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:832
intel_x64::vmcs::check::guest_fs_dpl
void guest_fs_dpl()
Definition: vmcs_intel_x64_check_guest.cpp:1076
command_line_parser_command::type
type
Definition: command_line_parser.h:33
vmcs_intel_x64_check.h
intel_x64::vmcs::check::guest_fs_limit
void guest_fs_limit()
Definition: vmcs_intel_x64_check_guest.cpp:602
intel_x64::vmcs::check::guest_tr_base_is_canonical
void guest_tr_base_is_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:474
vmcs_intel_x64_64bit_guest_state_fields.h
x64
Definition: cache_x64.h:31
intel_x64::vmcs::check::guest_ds_is_not_a_system_descriptor
void guest_ds_is_not_a_system_descriptor()
Definition: vmcs_intel_x64_check_guest.cpp:855
intel_x64::vmcs::check::guest_gs_must_be_present_if_usable
void guest_gs_must_be_present_if_usable()
Definition: vmcs_intel_x64_check_guest.cpp:1212
vmcs_intel_x64.h
intel_x64::vmcs::check::guest_interruptibility_state_external_interrupt
void guest_interruptibility_state_external_interrupt()
Definition: vmcs_intel_x64_check_guest.cpp:1946
intel_x64::vmcs::guest_activity_state::wait_for_sipi
constexpr const auto wait_for_sipi
Definition: vmcs_intel_x64_32bit_guest_state_fields.h:2798
intel_x64::vmcs::check::guest_cr3_for_unsupported_bits
void guest_cr3_for_unsupported_bits()
Definition: vmcs_intel_x64_check_guest.cpp:155
intel_x64::vmcs::check::guest_ds_access_rights_remaining_reserved_bit_0
void guest_ds_access_rights_remaining_reserved_bit_0()
Definition: vmcs_intel_x64_check_guest.cpp:1450
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::ss
constexpr const auto ss
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:922
x64::cpuid::extended_feature_flags::subleaf0::ebx::sgx::get
auto get() noexcept
Definition: cpuid_x64.h:561
intel_x64::vmcs::check::guest_gs_limit
void guest_gs_limit()
Definition: vmcs_intel_x64_check_guest.cpp:590
intel_x64::vmcs::check::guest_ss_access_rights_reserved_must_be_0
void guest_ss_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1235
intel_x64::vmcs::check::guest_rip_valid_addr
void guest_rip_valid_addr()
Definition: vmcs_intel_x64_check_guest.cpp:1708
intel_x64::vmcs::check::guest_v8086_es_access_rights
void guest_v8086_es_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:644
x64::access_rights::type::read_execute_conforming
constexpr const auto read_execute_conforming
Definition: x64.h:72
intel_x64::vmcs::vm_exit_instruction_information::outs::segment_register::gs
constexpr const auto gs
Definition: vmcs_intel_x64_32bit_read_only_data_fields.h:925
intel_x64::vmcs::guest_activity_state::active
constexpr const auto active
Definition: vmcs_intel_x64_32bit_guest_state_fields.h:2795
intel_x64::vmcs::check::guest_gdtr_base_must_be_canonical
void guest_gdtr_base_must_be_canonical()
Definition: vmcs_intel_x64_check_guest.cpp:1654
intel_x64::vmcs::check::guest_v8086_cs_access_rights
void guest_v8086_cs_access_rights()
Definition: vmcs_intel_x64_check_guest.cpp:614
intel_x64::vmcs::check::guest_ldtr_type_must_be_2
void guest_ldtr_type_must_be_2()
Definition: vmcs_intel_x64_check_guest.cpp:1571
intel_x64::vmcs::check::guest_segment_registers_all
void guest_segment_registers_all()
Definition: vmcs_intel_x64_check_guest.cpp:277
intel_x64::vmcs::check::guest_valid_activity_state_and_smm
void guest_valid_activity_state_and_smm()
Definition: vmcs_intel_x64_check_guest.cpp:1906
intel_x64::vmcs::check::guest_ldtr_granularity
void guest_ldtr_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1617
intel_x64::vmcs::check::guest_ia32_sysenter_eip_canonical_address
void guest_ia32_sysenter_eip_canonical_address()
Definition: vmcs_intel_x64_check_guest.cpp:181
intel_x64::vmcs::check::guest_valid_pdpte_with_ept_enabled
void guest_valid_pdpte_with_ept_enabled()
Definition: vmcs_intel_x64_check_guest.cpp:2204
intel_x64::vmcs::check::guest_es_base_upper_dword_0
void guest_es_base_upper_dword_0()
Definition: vmcs_intel_x64_check_guest.cpp:532
intel_x64::vmcs::check::guest_hlt_valid_interrupts
void guest_hlt_valid_interrupts()
Definition: vmcs_intel_x64_check_guest.cpp:1820
intel_x64::vmcs::check::guest_fs_base_is_shifted
void guest_fs_base_is_shifted()
Definition: vmcs_intel_x64_check_guest.cpp:450
intel_x64::vmcs::check::guest_ldtr_access_rights_reserved_must_be_0
void guest_ldtr_access_rights_reserved_must_be_0()
Definition: vmcs_intel_x64_check_guest.cpp:1607
intel_x64::vmcs::check::guest_es_granularity
void guest_es_granularity()
Definition: vmcs_intel_x64_check_guest.cpp:1370
Generated on Fri Apr 28 2017 22:11:42 by   doxygen 1.8.14