VirtualBox

source: vbox/trunk/include/VBox/vmm/patm.h@ 41788

Last change on this file since 41788 was 41768, checked in by vboxsync, 13 years ago

PATM: Added PATMR3ReadOrgInstr.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 19.0 KB
Line 
1/** @file
2 * PATM - Dynamic Guest OS Patching Manager.
3 */
4
5/*
6 * Copyright (C) 2006-2010 Oracle Corporation
7 *
8 * This file is part of VirtualBox Open Source Edition (OSE), as
9 * available from http://www.virtualbox.org. This file is free software;
10 * you can redistribute it and/or modify it under the terms of the GNU
11 * General Public License (GPL) as published by the Free Software
12 * Foundation, in version 2 as it comes in the "COPYING" file of the
13 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15 *
16 * The contents of this file may alternatively be used under the terms
17 * of the Common Development and Distribution License Version 1.0
18 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19 * VirtualBox OSE distribution, in which case the provisions of the
20 * CDDL are applicable instead of those of the GPL.
21 *
22 * You may elect to license modified versions of this file under the
23 * terms and conditions of either the GPL or the CDDL or both.
24 */
25
26#ifndef ___VBox_vmm_patm_h
27#define ___VBox_vmm_patm_h
28
29#include <VBox/types.h>
30#include <VBox/dis.h>
31
32
33RT_C_DECLS_BEGIN
34
35/** @defgroup grp_patm The Patch Manager API
36 * @{
37 */
38#define MAX_PATCHES 512
39
40/**
41 * Flags for specifying the type of patch to install with PATMR3InstallPatch
42 * @{
43 */
44#define PATMFL_CODE32 RT_BIT_64(0)
45#define PATMFL_INTHANDLER RT_BIT_64(1)
46#define PATMFL_SYSENTER RT_BIT_64(2)
47#define PATMFL_GUEST_SPECIFIC RT_BIT_64(3)
48#define PATMFL_USER_MODE RT_BIT_64(4)
49#define PATMFL_IDTHANDLER RT_BIT_64(5)
50#define PATMFL_TRAPHANDLER RT_BIT_64(6)
51#define PATMFL_DUPLICATE_FUNCTION RT_BIT_64(7)
52#define PATMFL_REPLACE_FUNCTION_CALL RT_BIT_64(8)
53#define PATMFL_TRAPHANDLER_WITH_ERRORCODE RT_BIT_64(9)
54#define PATMFL_INTHANDLER_WITH_ERRORCODE (PATMFL_TRAPHANDLER_WITH_ERRORCODE)
55#define PATMFL_MMIO_ACCESS RT_BIT_64(10)
56/* no more room -> change PATMInternal.h if more is needed!! */
57
58/*
59 * Flags above 1024 are reserved for internal use!
60 */
61/** @} */
62
63/** Enable to activate sysenter emulation in GC. */
64/* #define PATM_EMULATE_SYSENTER */
65
66/**
67 * Maximum number of cached VGA writes
68 */
69#define MAX_VGA_WRITE_CACHE 64
70
71typedef struct PATMGCSTATE
72{
73 /* Virtual Flags register (IF + more later on) */
74 uint32_t uVMFlags;
75
76 /* Pending PATM actions (internal use only) */
77 uint32_t uPendingAction;
78
79 /* Records the number of times all patches are called (indicating how many exceptions we managed to avoid) */
80 uint32_t uPatchCalls;
81 /* Scratchpad dword */
82 uint32_t uScratch;
83 /* Debugging info */
84 uint32_t uIretEFlags, uIretCS, uIretEIP;
85
86 /* PATM stack pointer */
87 uint32_t Psp;
88
89 /* PATM interrupt flag */
90 uint32_t fPIF;
91 /* PATM inhibit irq address (used by sti) */
92 RTRCPTR GCPtrInhibitInterrupts;
93
94 /* Scratch room for call patch */
95 RTRCPTR GCCallPatchTargetAddr;
96 RTRCPTR GCCallReturnAddr;
97
98 /* Temporary storage for guest registers. */
99 struct
100 {
101 uint32_t uEAX;
102 uint32_t uECX;
103 uint32_t uEDI;
104 uint32_t eFlags;
105 uint32_t uFlags;
106 } Restore;
107} PATMGCSTATE, *PPATMGCSTATE;
108
109typedef struct PATMTRAPREC
110{
111 /* pointer to original guest code instruction (for emulation) */
112 RTRCPTR pNewEIP;
113 /* pointer to the next guest code instruction */
114 RTRCPTR pNextInstr;
115 /* pointer to the corresponding next instruction in the patch block */
116 RTRCPTR pNextPatchInstr;
117} PATMTRAPREC, *PPATMTRAPREC;
118
119
120/**
121 * Translation state (currently patch to GC ptr)
122 */
123typedef enum
124{
125 PATMTRANS_FAILED,
126 PATMTRANS_SAFE, /* Safe translation */
127 PATMTRANS_PATCHSTART, /* Instruction starts a patch block */
128 PATMTRANS_OVERWRITTEN, /* Instruction overwritten by patchjump */
129 PATMTRANS_INHIBITIRQ /* Instruction must be executed due to instruction fusing */
130} PATMTRANSSTATE;
131
132/**
133 * Load virtualized flags.
134 *
135 * This function is called from CPUMRawEnter(). It doesn't have to update the
136 * IF and IOPL eflags bits, the caller will enforce those to set and 0 respectively.
137 *
138 * @param pVM VM handle.
139 * @param pCtxCore The cpu context core.
140 * @see pg_raw
141 */
142VMMDECL(void) PATMRawEnter(PVM pVM, PCPUMCTXCORE pCtxCore);
143
144/**
145 * Restores virtualized flags.
146 *
147 * This function is called from CPUMRawLeave(). It will update the eflags register.
148 *
149 * @param pVM VM handle.
150 * @param pCtxCore The cpu context core.
151 * @param rawRC Raw mode return code
152 * @see @ref pg_raw
153 */
154VMMDECL(void) PATMRawLeave(PVM pVM, PCPUMCTXCORE pCtxCore, int rawRC);
155
156/**
157 * Get the EFLAGS.
158 * This is a worker for CPUMRawGetEFlags().
159 *
160 * @returns The eflags.
161 * @param pVM The VM handle.
162 * @param pCtxCore The context core.
163 */
164VMMDECL(uint32_t) PATMRawGetEFlags(PVM pVM, PCCPUMCTXCORE pCtxCore);
165
166/**
167 * Updates the EFLAGS.
168 * This is a worker for CPUMRawSetEFlags().
169 *
170 * @param pVM The VM handle.
171 * @param pCtxCore The context core.
172 * @param efl The new EFLAGS value.
173 */
174VMMDECL(void) PATMRawSetEFlags(PVM pVM, PCPUMCTXCORE pCtxCore, uint32_t efl);
175
176/**
177 * Returns the guest context pointer of the GC context structure
178 *
179 * @returns VBox status code.
180 * @param pVM The VM to operate on.
181 */
182VMMDECL(RCPTRTYPE(PPATMGCSTATE)) PATMQueryGCState(PVM pVM);
183
184/**
185 * Checks whether the GC address is part of our patch region
186 *
187 * @returns true -> yes, false -> no
188 * @param pVM The VM to operate on.
189 * @param pAddr Guest context address
190 */
191VMMDECL(bool) PATMIsPatchGCAddr(PVM pVM, RTRCUINTPTR pAddr);
192
193/**
194 * Check if we must use raw mode (patch code being executed or marked safe for IF=0)
195 *
196 * @param pVM VM handle.
197 * @param pAddrGC Guest context address
198 */
199VMMDECL(bool) PATMShouldUseRawMode(PVM pVM, RTRCPTR pAddrGC);
200
201/**
202 * Query PATM state (enabled/disabled)
203 *
204 * @returns 0 - disabled, 1 - enabled
205 * @param pVM The VM to operate on.
206 */
207#define PATMIsEnabled(pVM) (pVM->fPATMEnabled)
208
209/**
210 * Set parameters for pending MMIO patch operation
211 *
212 * @returns VBox status code.
213 * @param pDevIns Device instance.
214 * @param GCPhys MMIO physical address
215 * @param pCachedData GC pointer to cached data
216 */
217VMMDECL(int) PATMSetMMIOPatchInfo(PVM pVM, RTGCPHYS GCPhys, RTRCPTR pCachedData);
218
219
220/**
221 * Adds branch pair to the lookup cache of the particular branch instruction
222 *
223 * @returns VBox status
224 * @param pVM The VM to operate on.
225 * @param pJumpTableGC Pointer to branch instruction lookup cache
226 * @param pBranchTarget Original branch target
227 * @param pRelBranchPatch Relative duplicated function address
228 */
229VMMDECL(int) PATMAddBranchToLookupCache(PVM pVM, RTRCPTR pJumpTableGC, RTRCPTR pBranchTarget, RTRCUINTPTR pRelBranchPatch);
230
231
232/**
233 * Checks if the int 3 was caused by a patched instruction
234 *
235 * @returns VBox status
236 *
237 * @param pVM The VM handle.
238 * @param pCtxCore The relevant core context.
239 */
240VMMRCDECL(int) PATMRCHandleInt3PatchTrap(PVM pVM, PCPUMCTXCORE pRegFrame);
241
242/**
243 * Checks if the int 3 was caused by a patched instruction
244 *
245 * @returns VBox status
246 *
247 * @param pVM The VM handle.
248 * @param pInstrGC Instruction pointer
249 * @param pOpcode Original instruction opcode (out, optional)
250 * @param pSize Original instruction size (out, optional)
251 */
252VMMDECL(bool) PATMIsInt3Patch(PVM pVM, RTRCPTR pInstrGC, uint32_t *pOpcode, uint32_t *pSize);
253
254
255/**
256 * Checks if the interrupt flag is enabled or not.
257 *
258 * @returns true if it's enabled.
259 * @returns false if it's disabled.
260 *
261 * @param pVM The VM handle.
262 */
263VMMDECL(bool) PATMAreInterruptsEnabled(PVM pVM);
264
265/**
266 * Checks if the interrupt flag is enabled or not.
267 *
268 * @returns true if it's enabled.
269 * @returns false if it's disabled.
270 *
271 * @param pVM The VM handle.
272 * @param pCtxCore CPU context
273 */
274VMMDECL(bool) PATMAreInterruptsEnabledByCtxCore(PVM pVM, PCPUMCTXCORE pCtxCore);
275
276#ifdef PATM_EMULATE_SYSENTER
277/**
278 * Emulate sysenter, sysexit and syscall instructions
279 *
280 * @returns VBox status
281 *
282 * @param pVM The VM handle.
283 * @param pCtxCore The relevant core context.
284 * @param pCpu Disassembly context
285 */
286VMMDECL(int) PATMSysCall(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu);
287#endif
288
289#ifdef IN_RC
290/** @defgroup grp_patm_gc The Patch Manager API
291 * @ingroup grp_patm
292 * @{
293 */
294
295/**
296 * Checks if the write is located on a page with was patched before.
297 * (if so, then we are not allowed to turn on r/w)
298 *
299 * @returns VBox status
300 * @param pVM The VM to operate on.
301 * @param pRegFrame CPU context
302 * @param GCPtr GC pointer to write address
303 * @param cbWrite Nr of bytes to write
304 *
305 */
306VMMRCDECL(int) PATMGCHandleWriteToPatchPage(PVM pVM, PCPUMCTXCORE pRegFrame, RTRCPTR GCPtr, uint32_t cbWrite);
307
308/**
309 * Checks if the illegal instruction was caused by a patched instruction
310 *
311 * @returns VBox status
312 *
313 * @param pVM The VM handle.
314 * @param pCtxCore The relevant core context.
315 */
316VMMDECL(int) PATMRCHandleIllegalInstrTrap(PVM pVM, PCPUMCTXCORE pRegFrame);
317
318/** @} */
319
320#endif
321
322#ifdef IN_RING3
323/** @defgroup grp_patm_r3 The Patch Manager API
324 * @ingroup grp_patm
325 * @{
326 */
327
328/**
329 * Query PATM state (enabled/disabled)
330 *
331 * @returns 0 - disabled, 1 - enabled
332 * @param pVM The VM to operate on.
333 */
334VMMR3DECL(int) PATMR3IsEnabled(PVM pVM);
335
336/**
337 * Initializes the PATM.
338 *
339 * @returns VBox status code.
340 * @param pVM The VM to operate on.
341 */
342VMMR3DECL(int) PATMR3Init(PVM pVM);
343
344/**
345 * Finalizes HMA page attributes.
346 *
347 * @returns VBox status code.
348 * @param pVM The VM handle.
349 */
350VMMR3DECL(int) PATMR3InitFinalize(PVM pVM);
351
352/**
353 * Applies relocations to data and code managed by this
354 * component. This function will be called at init and
355 * whenever the VMM need to relocate it self inside the GC.
356 *
357 * The PATM will update the addresses used by the switcher.
358 *
359 * @param pVM The VM.
360 */
361VMMR3DECL(void) PATMR3Relocate(PVM pVM);
362
363/**
364 * Terminates the PATM.
365 *
366 * Termination means cleaning up and freeing all resources,
367 * the VM it self is at this point powered off or suspended.
368 *
369 * @returns VBox status code.
370 * @param pVM The VM to operate on.
371 */
372VMMR3DECL(int) PATMR3Term(PVM pVM);
373
374/**
375 * PATM reset callback.
376 *
377 * @returns VBox status code.
378 * @param pVM The VM which is reset.
379 */
380VMMR3DECL(int) PATMR3Reset(PVM pVM);
381
382/**
383 * Returns the host context pointer and size of the patch memory block
384 *
385 * @returns VBox status code.
386 * @param pVM The VM to operate on.
387 * @param pcb Size of the patch memory block
388 */
389VMMR3DECL(void *) PATMR3QueryPatchMemHC(PVM pVM, uint32_t *pcb);
390
391/**
392 * Returns the guest context pointer and size of the patch memory block
393 *
394 * @returns VBox status code.
395 * @param pVM The VM to operate on.
396 * @param pcb Size of the patch memory block
397 */
398VMMR3DECL(RTRCPTR) PATMR3QueryPatchMemGC(PVM pVM, uint32_t *pcb);
399
400/**
401 * Checks whether the GC address is inside a generated patch jump
402 *
403 * @returns true -> yes, false -> no
404 * @param pVM The VM to operate on.
405 * @param pAddr Guest context address
406 * @param pPatchAddr Guest context patch address (if true)
407 */
408VMMR3DECL(bool) PATMR3IsInsidePatchJump(PVM pVM, RTRCPTR pAddr, PRTGCPTR32 pPatchAddr);
409
410
411/**
412 * Returns the GC pointer of the patch for the specified GC address
413 *
414 * @returns VBox status code.
415 * @param pVM The VM to operate on.
416 * @param pAddrGC Guest context address
417 */
418VMMR3DECL(RTRCPTR) PATMR3QueryPatchGCPtr(PVM pVM, RTRCPTR pAddrGC);
419
420/**
421 * Checks whether the HC address is part of our patch region
422 *
423 * @returns VBox status code.
424 * @param pVM The VM to operate on.
425 * @param pAddrGC Guest context address
426 */
427VMMR3DECL(bool) PATMR3IsPatchHCAddr(PVM pVM, R3PTRTYPE(uint8_t *) pAddrHC);
428
429/**
430 * Convert a GC patch block pointer to a HC patch pointer
431 *
432 * @returns HC pointer or NULL if it's not a GC patch pointer
433 * @param pVM The VM to operate on.
434 * @param pAddrGC GC pointer
435 */
436VMMR3DECL(R3PTRTYPE(void *)) PATMR3GCPtrToHCPtr(PVM pVM, RTRCPTR pAddrGC);
437
438
439/**
440 * Returns the host context pointer and size of the GC context structure
441 *
442 * @returns VBox status code.
443 * @param pVM The VM to operate on.
444 */
445VMMR3DECL(PPATMGCSTATE) PATMR3QueryGCStateHC(PVM pVM);
446
447/**
448 * Handle trap inside patch code
449 *
450 * @returns VBox status code.
451 * @param pVM The VM to operate on.
452 * @param pCtx CPU context
453 * @param pEip GC pointer of trapping instruction
454 * @param pNewEip GC pointer to new instruction
455 */
456VMMR3DECL(int) PATMR3HandleTrap(PVM pVM, PCPUMCTX pCtx, RTRCPTR pEip, RTGCPTR *ppNewEip);
457
458/**
459 * Handle page-fault in monitored page
460 *
461 * @returns VBox status code.
462 * @param pVM The VM to operate on.
463 */
464VMMR3DECL(int) PATMR3HandleMonitoredPage(PVM pVM);
465
466/**
467 * Notifies PATM about a (potential) write to code that has been patched.
468 *
469 * @returns VBox status code.
470 * @param pVM The VM to operate on.
471 * @param GCPtr GC pointer to write address
472 * @param cbWrite Nr of bytes to write
473 *
474 */
475VMMR3DECL(int) PATMR3PatchWrite(PVM pVM, RTRCPTR GCPtr, uint32_t cbWrite);
476
477/**
478 * Notify PATM of a page flush
479 *
480 * @returns VBox status code
481 * @param pVM The VM to operate on.
482 * @param addr GC address of the page to flush
483 */
484VMMR3DECL(int) PATMR3FlushPage(PVM pVM, RTRCPTR addr);
485
486/**
487 * Allows or disallow patching of privileged instructions executed by the guest OS
488 *
489 * @returns VBox status code.
490 * @param pVM The VM to operate on.
491 * @param fAllowPatching Allow/disallow patching
492 */
493VMMR3DECL(int) PATMR3AllowPatching(PVM pVM, uint32_t fAllowPatching);
494
495/**
496 * Patch privileged instruction at specified location
497 *
498 * @returns VBox status code.
499 * @param pVM The VM to operate on.
500 * @param pInstr Guest context point to privileged instruction (0:32 flat address)
501 * @param flags Patch flags
502 *
503 * @note returns failure if patching is not allowed or possible
504 */
505VMMR3DECL(int) PATMR3InstallPatch(PVM pVM, RTRCPTR pInstrGC, uint64_t flags);
506
507/**
508 * Gives hint to PATM about supervisor guest instructions
509 *
510 * @returns VBox status code.
511 * @param pVM The VM to operate on.
512 * @param pInstr Guest context point to privileged instruction
513 * @param flags Patch flags
514 */
515VMMR3DECL(int) PATMR3AddHint(PVM pVM, RTRCPTR pInstrGC, uint32_t flags);
516
517/**
518 * Patch branch target function for call/jump at specified location.
519 * (in responds to a VINF_PATM_DUPLICATE_FUNCTION GC exit reason)
520 *
521 * @returns VBox status code.
522 * @param pVM The VM to operate on.
523 * @param pCtx Guest context
524 *
525 */
526VMMR3DECL(int) PATMR3DuplicateFunctionRequest(PVM pVM, PCPUMCTX pCtx);
527
528/**
529 * Query the corresponding GC instruction pointer from a pointer inside the patch block itself
530 *
531 * @returns original GC instruction pointer or 0 if not found
532 * @param pVM The VM to operate on.
533 * @param pPatchGC GC address in patch block
534 * @param pEnmState State of the translated address (out)
535 *
536 */
537VMMR3DECL(RTRCPTR) PATMR3PatchToGCPtr(PVM pVM, RTRCPTR pPatchGC, PATMTRANSSTATE *pEnmState);
538
539/**
540 * Converts Guest code GC ptr to Patch code GC ptr (if found)
541 *
542 * @returns corresponding GC pointer in patch block
543 * @param pVM The VM to operate on.
544 * @param pInstrGC Guest context pointer to privileged instruction
545 *
546 */
547VMMR3DECL(RTRCPTR) PATMR3GuestGCPtrToPatchGCPtr(PVM pVM, RCPTRTYPE(uint8_t*) pInstrGC);
548
549/**
550 * Query the opcode of the original code that was overwritten by the 5 bytes patch jump
551 *
552 * @returns VBox status code.
553 * @param pVM The VM to operate on.
554 * @param pInstrGC GC address of instr
555 * @param pByte opcode byte pointer (OUT)
556 * @returns VBOX error code
557 *
558 */
559VMMR3DECL(int) PATMR3QueryOpcode(PVM pVM, RTRCPTR pInstrGC, uint8_t *pByte);
560VMMR3DECL(int) PATMR3ReadOrgInstr(PVM pVM, RTGCPTR32 GCPtrInstr, uint8_t *pbDst, size_t cbToRead, size_t *pcbRead);
561
562/**
563 * Disable patch for privileged instruction at specified location
564 *
565 * @returns VBox status code.
566 * @param pVM The VM to operate on.
567 * @param pInstr Guest context point to privileged instruction
568 *
569 * @note returns failure if patching is not allowed or possible
570 *
571 */
572VMMR3DECL(int) PATMR3DisablePatch(PVM pVM, RTRCPTR pInstrGC);
573
574
575/**
576 * Enable patch for privileged instruction at specified location
577 *
578 * @returns VBox status code.
579 * @param pVM The VM to operate on.
580 * @param pInstr Guest context point to privileged instruction
581 *
582 * @note returns failure if patching is not allowed or possible
583 *
584 */
585VMMR3DECL(int) PATMR3EnablePatch(PVM pVM, RTRCPTR pInstrGC);
586
587
588/**
589 * Remove patch for privileged instruction at specified location
590 *
591 * @returns VBox status code.
592 * @param pVM The VM to operate on.
593 * @param pInstr Guest context point to privileged instruction
594 *
595 * @note returns failure if patching is not allowed or possible
596 *
597 */
598VMMR3DECL(int) PATMR3RemovePatch(PVM pVM, RTRCPTR pInstrGC);
599
600
601/**
602 * Detects it the specified address falls within a 5 byte jump generated for an active patch.
603 * If so, this patch is permanently disabled.
604 *
605 * @param pVM The VM to operate on.
606 * @param pInstrGC Guest context pointer to instruction
607 * @param pConflictGC Guest context pointer to check
608 */
609VMMR3DECL(int) PATMR3DetectConflict(PVM pVM, RTRCPTR pInstrGC, RTRCPTR pConflictGC);
610
611
612/**
613 * Checks if the instructions at the specified address has been patched already.
614 *
615 * @returns boolean, patched or not
616 * @param pVM The VM to operate on.
617 * @param pInstrGC Guest context pointer to instruction
618 */
619VMMR3DECL(bool) PATMR3HasBeenPatched(PVM pVM, RTRCPTR pInstrGC);
620
621
622/**
623 * Install Linux 2.6 spinlock patch
624 *
625 * @returns VBox status code.
626 * @param pVM The VM to operate on
627 * @param pCallAcquireSpinlockGC GC pointer of call instruction
628 * @param cbAcquireSpinlockCall Instruction size
629 *
630 */
631VMMR3DECL(int) PATMInstallSpinlockPatch(PVM pVM, RTRCPTR pCallAcquireSpinlockGC, uint32_t cbAcquireSpinlockCall);
632
633
634/**
635 * Check if supplied call target is the Linux 2.6 spinlock acquire function
636 *
637 * @returns boolean
638 * @param pVM The VM to operate on
639 * @param pCallAcquireSpinlockGC Call target GC address
640 *
641 */
642VMMR3DECL(bool) PATMIsSpinlockAcquire(PVM pVM, RTRCPTR pCallTargetGC);
643
644/**
645 * Check if supplied call target is the Linux 2.6 spinlock release function
646 *
647 * @returns boolean
648 * @param pVM The VM to operate on
649 * @param pCallTargetGC Call target GC address
650 *
651 */
652VMMR3DECL(bool) PATMIsSpinlockRelease(PVM pVM, RTRCPTR pCallTargetGC);
653
654/**
655 * Check if supplied call target is the Linux 2.6 spinlock release function (patched equivalent)
656 *
657 * @returns boolean
658 * @param pVM The VM to operate on
659 * @param pCallTargetGC Call target GC address
660 *
661 */
662VMMR3DECL(bool) PATMIsSpinlockReleasePatch(PVM pVM, RTRCPTR pCallTargetGC);
663
664/** @} */
665#endif
666
667
668/** @} */
669RT_C_DECLS_END
670
671
672#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette