PATMA.asm@ 160

Last change on this file since 160 was 160, checked in by vboxsync, 18 years ago
Argh
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 57.8 KB

Line
1	; $Id: PATMA.asm 160 2007-01-18 18:11:17Z vboxsync $
2	;; @file
3	; PATM Assembly Routines.
4	;
5
6	; Copyright (C) 2006 InnoTek Systemberatung GmbH
7	;
8	; This file is part of VirtualBox Open Source Edition (OSE), as
9	; available from http://www.virtualbox.org. This file is free software;
10	; you can redistribute it and/or modify it under the terms of the GNU
11	; General Public License as published by the Free Software Foundation,
12	; in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
13	; distribution. VirtualBox OSE is distributed in the hope that it will
14	; be useful, but WITHOUT ANY WARRANTY of any kind.
15	;
16	; If you received this file as part of a commercial VirtualBox
17	; distribution, then only the terms of your commercial VirtualBox
18	; license agreement apply instead of the previous paragraph.
19
20	;
21	; @note This method has problems in theory. If we fault for any reason, then we won't be able to restore
22	; the guest's context properly!!
23	; E.g if one of the push instructions causes a fault or SS isn't wide open and our patch GC state accesses aren't valid.
24	; @assumptions
25	; - Enough stack for a few pushes
26	; - The SS selector has base 0 and limit 0xffffffff
27	;
28	; @todo stack probing is currently hardcoded and not present everywhere (search for 'probe stack')
29
30
31	;*******************************************************************************
32	;* Header Files *
33	;*******************************************************************************
34	%include "VBox/asmdefs.mac"
35	%include "VBox/err.mac"
36	%include "VBox/x86.mac"
37	%include "VBox/vm.mac"
38	%include "PATMA.mac"
39
40
41	BEGINCODE
42
43	%ifdef __AMD64__
44	BITS 32 ; switch to 32-bit mode (x86).
45	%endif
46
47	%ifdef VBOX_WITH_STATISTICS
48	;
49	; Patch call statistics
50	;
51	BEGINPROC PATMStats
52	PATMStats_Start:
53	mov dword [ss:PATM_INTERRUPTFLAG], 0
54	pushf
55	inc dword [ss:PATM_ALLPATCHCALLS]
56	inc dword [ss:PATM_PERPATCHCALLS]
57	popf
58	mov dword [ss:PATM_INTERRUPTFLAG], 1
59	PATMStats_End:
60	ENDPROC PATMStats
61
62
63	; Patch record for statistics
64	GLOBALNAME PATMStatsRecord
65	RTCCPTR_DEF PATMStats_Start
66	DD 0
67	DD 0
68	DD 0
69	DD PATMStats_End - PATMStats_Start
70	DD 4
71	DD PATM_INTERRUPTFLAG
72	DD 0
73	DD PATM_ALLPATCHCALLS
74	DD 0
75	DD PATM_PERPATCHCALLS
76	DD 0
77	DD PATM_INTERRUPTFLAG
78	DD 0
79	DD 0ffffffffh
80	%endif
81
82	;
83	; Set PATM_INTERRUPTFLAG
84	;
85	BEGINPROC PATMSetPIF
86	PATMSetPIF_Start:
87	mov dword [ss:PATM_INTERRUPTFLAG], 1
88	PATMSetPIF_End:
89	ENDPROC PATMSetPIF
90
91
92	; Patch record for setting PATM_INTERRUPTFLAG
93	GLOBALNAME PATMSetPIFRecord
94	RTCCPTR_DEF PATMSetPIF_Start
95	DD 0
96	DD 0
97	DD 0
98	DD PATMSetPIF_End - PATMSetPIF_Start
99	DD 1
100	DD PATM_INTERRUPTFLAG
101	DD 0
102	DD 0ffffffffh
103
104	;
105	; Clear PATM_INTERRUPTFLAG
106	;
107	BEGINPROC PATMClearPIF
108	PATMClearPIF_Start:
109	; probe stack here as we can't recover from page faults later on
110	not dword [esp-64]
111	not dword [esp-64]
112	mov dword [ss:PATM_INTERRUPTFLAG], 0
113	PATMClearPIF_End:
114	ENDPROC PATMClearPIF
115
116
117	; Patch record for clearing PATM_INTERRUPTFLAG
118	GLOBALNAME PATMClearPIFRecord
119	RTCCPTR_DEF PATMClearPIF_Start
120	DD 0
121	DD 0
122	DD 0
123	DD PATMClearPIF_End - PATMClearPIF_Start
124	DD 1
125	DD PATM_INTERRUPTFLAG
126	DD 0
127	DD 0ffffffffh
128
129	;
130	; Clear PATM_INHIBITIRQADDR and fault if IF=0
131	;
132	BEGINPROC PATMClearInhibitIRQFaultIF0
133	PATMClearInhibitIRQFaultIF0_Start:
134	mov dword [ss:PATM_INTERRUPTFLAG], 0
135	mov dword [ss:PATM_INHIBITIRQADDR], 0
136	pushf
137
138	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
139	jz PATMClearInhibitIRQFaultIF0_Fault
140
141	; if interrupts are pending, then we must go back to the host context to handle them!
142	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
143	jz PATMClearInhibitIRQFaultIF0_Continue
144
145	; Go to our hypervisor trap handler to dispatch the pending irq
146	mov dword [ss:PATM_TEMP_EAX], eax
147	mov dword [ss:PATM_TEMP_ECX], ecx
148	mov dword [ss:PATM_TEMP_EDI], edi
149	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
150	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
151	lock or dword [ss:PATM_PENDINGACTION], eax
152	mov ecx, PATM_ACTION_MAGIC
153	mov edi, PATM_NEXTINSTRADDR
154	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
155	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
156	; does not return
157
158	PATMClearInhibitIRQFaultIF0_Fault:
159	popf
160	mov dword [ss:PATM_INTERRUPTFLAG], 1
161	PATM_INT3
162
163	PATMClearInhibitIRQFaultIF0_Continue:
164	popf
165	mov dword [ss:PATM_INTERRUPTFLAG], 1
166	PATMClearInhibitIRQFaultIF0_End:
167	ENDPROC PATMClearInhibitIRQFaultIF0
168
169
170	; Patch record for clearing PATM_INHIBITIRQADDR
171	GLOBALNAME PATMClearInhibitIRQFaultIF0Record
172	RTCCPTR_DEF PATMClearInhibitIRQFaultIF0_Start
173	DD 0
174	DD 0
175	DD 0
176	DD PATMClearInhibitIRQFaultIF0_End - PATMClearInhibitIRQFaultIF0_Start
177	DD 12
178	DD PATM_INTERRUPTFLAG
179	DD 0
180	DD PATM_INHIBITIRQADDR
181	DD 0
182	DD PATM_VMFLAGS
183	DD 0
184	DD PATM_VM_FORCEDACTIONS
185	DD 0
186	DD PATM_TEMP_EAX
187	DD 0
188	DD PATM_TEMP_ECX
189	DD 0
190	DD PATM_TEMP_EDI
191	DD 0
192	DD PATM_TEMP_RESTORE_FLAGS
193	DD 0
194	DD PATM_PENDINGACTION
195	DD 0
196	DD PATM_NEXTINSTRADDR
197	DD 0
198	DD PATM_INTERRUPTFLAG
199	DD 0
200	DD PATM_INTERRUPTFLAG
201	DD 0
202	DD 0ffffffffh
203
204	;
205	; Clear PATM_INHIBITIRQADDR and continue if IF=0 (duplicated function only; never jump back to guest code afterwards!!)
206	;
207	BEGINPROC PATMClearInhibitIRQContIF0
208	PATMClearInhibitIRQContIF0_Start:
209	mov dword [ss:PATM_INTERRUPTFLAG], 0
210	mov dword [ss:PATM_INHIBITIRQADDR], 0
211	pushf
212
213	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
214	jz PATMClearInhibitIRQContIF0_Continue
215
216	; if interrupts are pending, then we must go back to the host context to handle them!
217	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
218	jz PATMClearInhibitIRQContIF0_Continue
219
220	; Go to our hypervisor trap handler to dispatch the pending irq
221	mov dword [ss:PATM_TEMP_EAX], eax
222	mov dword [ss:PATM_TEMP_ECX], ecx
223	mov dword [ss:PATM_TEMP_EDI], edi
224	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
225	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
226	lock or dword [ss:PATM_PENDINGACTION], eax
227	mov ecx, PATM_ACTION_MAGIC
228	mov edi, PATM_NEXTINSTRADDR
229	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
230	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
231	; does not return
232
233	PATMClearInhibitIRQContIF0_Continue:
234	popf
235	mov dword [ss:PATM_INTERRUPTFLAG], 1
236	PATMClearInhibitIRQContIF0_End:
237	ENDPROC PATMClearInhibitIRQContIF0
238
239
240	; Patch record for clearing PATM_INHIBITIRQADDR
241	GLOBALNAME PATMClearInhibitIRQContIF0Record
242	RTCCPTR_DEF PATMClearInhibitIRQContIF0_Start
243	DD 0
244	DD 0
245	DD 0
246	DD PATMClearInhibitIRQContIF0_End - PATMClearInhibitIRQContIF0_Start
247	DD 11
248	DD PATM_INTERRUPTFLAG
249	DD 0
250	DD PATM_INHIBITIRQADDR
251	DD 0
252	DD PATM_VMFLAGS
253	DD 0
254	DD PATM_VM_FORCEDACTIONS
255	DD 0
256	DD PATM_TEMP_EAX
257	DD 0
258	DD PATM_TEMP_ECX
259	DD 0
260	DD PATM_TEMP_EDI
261	DD 0
262	DD PATM_TEMP_RESTORE_FLAGS
263	DD 0
264	DD PATM_PENDINGACTION
265	DD 0
266	DD PATM_NEXTINSTRADDR
267	DD 0
268	DD PATM_INTERRUPTFLAG
269	DD 0
270	DD 0ffffffffh
271
272
273	BEGINPROC PATMCliReplacement
274	PATMCliStart:
275	mov dword [ss:PATM_INTERRUPTFLAG], 0
276	pushf
277	%ifdef PATM_LOG_IF_CHANGES
278	push eax
279	push ecx
280	mov eax, PATM_ACTION_LOG_CLI
281	lock or dword [ss:PATM_PENDINGACTION], eax
282	mov ecx, PATM_ACTION_MAGIC
283	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
284	pop ecx
285	pop eax
286	%endif
287
288	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
289	popf
290
291	mov dword [ss:PATM_INTERRUPTFLAG], 1
292	DB 0xE9
293	PATMCliJump:
294	DD PATM_JUMPDELTA
295	PATMCliEnd:
296	ENDPROC PATMCliReplacement
297
298
299	; Patch record for 'cli'
300	GLOBALNAME PATMCliRecord
301	RTCCPTR_DEF PATMCliStart
302	DD PATMCliJump - PATMCliStart
303	DD 0
304	DD 0
305	DD PATMCliEnd - PATMCliStart
306	%ifdef PATM_LOG_IF_CHANGES
307	DD 4
308	%else
309	DD 3
310	%endif
311	DD PATM_INTERRUPTFLAG
312	DD 0
313	%ifdef PATM_LOG_IF_CHANGES
314	DD PATM_PENDINGACTION
315	DD 0
316	%endif
317	DD PATM_VMFLAGS
318	DD 0
319	DD PATM_INTERRUPTFLAG
320	DD 0
321	DD 0ffffffffh
322
323
324	BEGINPROC PATMStiReplacement
325	PATMStiStart:
326	mov dword [ss:PATM_INTERRUPTFLAG], 0
327	mov dword [ss:PATM_INHIBITIRQADDR], PATM_NEXTINSTRADDR
328	pushf
329	%ifdef PATM_LOG_IF_CHANGES
330	push eax
331	push ecx
332	mov eax, PATM_ACTION_LOG_STI
333	lock or dword [ss:PATM_PENDINGACTION], eax
334	mov ecx, PATM_ACTION_MAGIC
335	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
336	pop ecx
337	pop eax
338	%endif
339	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
340	popf
341	mov dword [ss:PATM_INTERRUPTFLAG], 1
342	PATMStiEnd:
343	ENDPROC PATMStiReplacement
344
345	; Patch record for 'sti'
346	GLOBALNAME PATMStiRecord
347	RTCCPTR_DEF PATMStiStart
348	DD 0
349	DD 0
350	DD 0
351	DD PATMStiEnd - PATMStiStart
352	%ifdef PATM_LOG_IF_CHANGES
353	DD 6
354	%else
355	DD 5
356	%endif
357	DD PATM_INTERRUPTFLAG
358	DD 0
359	DD PATM_INHIBITIRQADDR
360	DD 0
361	DD PATM_NEXTINSTRADDR
362	DD 0
363	%ifdef PATM_LOG_IF_CHANGES
364	DD PATM_PENDINGACTION
365	DD 0
366	%endif
367	DD PATM_VMFLAGS
368	DD 0
369	DD PATM_INTERRUPTFLAG
370	DD 0
371	DD 0ffffffffh
372
373	;
374	; Trampoline code for trap entry (without error code on the stack)
375	;
376	; esp + 16 - SS (if transfer to inner ring)
377	; esp + 12 - ESP (if transfer to inner ring)
378	; esp + 8 - EFLAGS
379	; esp + 4 - CS
380	; esp - EIP
381	;
382	BEGINPROC PATMTrapEntry
383	PATMTrapEntryStart:
384	mov dword [ss:PATM_INTERRUPTFLAG], 0
385	pushf
386
387	; make sure the saved CS selector for ring 1 is made 0
388	test dword [esp+8], 2
389	jnz PATMTrapNoRing1
390	test dword [esp+8], 1
391	jz PATMTrapNoRing1
392	and dword [esp+8], dword ~1 ; yasm / nasm dword
393	PATMTrapNoRing1:
394
395	; correct EFLAGS on the stack to include the current IOPL
396	push eax
397	mov eax, dword [ss:PATM_VMFLAGS]
398	and eax, X86_EFL_IOPL
399	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
400	or dword [esp+16], eax
401	pop eax
402
403	popf
404	mov dword [ss:PATM_INTERRUPTFLAG], 1
405	DB 0xE9
406	PATMTrapEntryJump:
407	DD PATM_JUMPDELTA
408	PATMTrapEntryEnd:
409	ENDPROC PATMTrapEntry
410
411
412	; Patch record for trap gate entrypoint
413	GLOBALNAME PATMTrapEntryRecord
414	RTCCPTR_DEF PATMTrapEntryStart
415	DD PATMTrapEntryJump - PATMTrapEntryStart
416	DD 0
417	DD 0
418	DD PATMTrapEntryEnd - PATMTrapEntryStart
419	DD 3
420	DD PATM_INTERRUPTFLAG
421	DD 0
422	DD PATM_VMFLAGS
423	DD 0
424	DD PATM_INTERRUPTFLAG
425	DD 0
426	DD 0ffffffffh
427
428	;
429	; Trampoline code for trap entry (with error code on the stack)
430	;
431	; esp + 20 - SS (if transfer to inner ring)
432	; esp + 16 - ESP (if transfer to inner ring)
433	; esp + 12 - EFLAGS
434	; esp + 8 - CS
435	; esp + 4 - EIP
436	; esp - error code
437	;
438	BEGINPROC PATMTrapEntryErrorCode
439	PATMTrapErrorCodeEntryStart:
440	mov dword [ss:PATM_INTERRUPTFLAG], 0
441	pushf
442
443	; make sure the saved CS selector for ring 1 is made 0
444	test dword [esp+12], 2
445	jnz PATMTrapErrorCodeNoRing1
446	test dword [esp+12], 1
447	jz PATMTrapErrorCodeNoRing1
448	and dword [esp+12], dword ~1 ; yasm / nasm dword
449	PATMTrapErrorCodeNoRing1:
450
451	; correct EFLAGS on the stack to include the current IOPL
452	push eax
453	mov eax, dword [ss:PATM_VMFLAGS]
454	and eax, X86_EFL_IOPL
455	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(error code)+4(eax)
456	or dword [esp+20], eax
457	pop eax
458
459	popf
460	mov dword [ss:PATM_INTERRUPTFLAG], 1
461	DB 0xE9
462	PATMTrapErrorCodeEntryJump:
463	DD PATM_JUMPDELTA
464	PATMTrapErrorCodeEntryEnd:
465	ENDPROC PATMTrapEntryErrorCode
466
467
468	; Patch record for trap gate entrypoint
469	GLOBALNAME PATMTrapEntryRecordErrorCode
470	RTCCPTR_DEF PATMTrapErrorCodeEntryStart
471	DD PATMTrapErrorCodeEntryJump - PATMTrapErrorCodeEntryStart
472	DD 0
473	DD 0
474	DD PATMTrapErrorCodeEntryEnd - PATMTrapErrorCodeEntryStart
475	DD 3
476	DD PATM_INTERRUPTFLAG
477	DD 0
478	DD PATM_VMFLAGS
479	DD 0
480	DD PATM_INTERRUPTFLAG
481	DD 0
482	DD 0ffffffffh
483
484
485	;
486	; Trampoline code for interrupt gate entry (without error code on the stack)
487	;
488	; esp + 16 - SS (if transfer to inner ring)
489	; esp + 12 - ESP (if transfer to inner ring)
490	; esp + 8 - EFLAGS
491	; esp + 4 - CS
492	; esp - EIP
493	;
494	BEGINPROC PATMIntEntry
495	PATMIntEntryStart:
496	mov dword [ss:PATM_INTERRUPTFLAG], 0
497	pushf
498
499	; make sure the saved CS selector for ring 1 is made 0
500	test dword [esp+8], 2
501	jnz PATMIntNoRing1
502	test dword [esp+8], 1
503	jz PATMIntNoRing1
504	and dword [esp+8], dword ~1 ; yasm / nasm dword
505	PATMIntNoRing1:
506
507	; correct EFLAGS on the stack to include the current IOPL
508	push eax
509	mov eax, dword [ss:PATM_VMFLAGS]
510	and eax, X86_EFL_IOPL
511	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
512	or dword [esp+16], eax
513	pop eax
514
515	popf
516	mov dword [ss:PATM_INTERRUPTFLAG], 1
517	PATMIntEntryEnd:
518	ENDPROC PATMIntEntry
519
520
521	; Patch record for interrupt gate entrypoint
522	GLOBALNAME PATMIntEntryRecord
523	RTCCPTR_DEF PATMIntEntryStart
524	DD 0
525	DD 0
526	DD 0
527	DD PATMIntEntryEnd - PATMIntEntryStart
528	DD 3
529	DD PATM_INTERRUPTFLAG
530	DD 0
531	DD PATM_VMFLAGS
532	DD 0
533	DD PATM_INTERRUPTFLAG
534	DD 0
535	DD 0ffffffffh
536
537	;
538	; Trampoline code for interrupt gate entry (with error code on the stack)
539	;
540	; esp + 20 - SS (if transfer to inner ring)
541	; esp + 16 - ESP (if transfer to inner ring)
542	; esp + 12 - EFLAGS
543	; esp + 8 - CS
544	; esp + 4 - EIP
545	; esp - error code
546	;
547	BEGINPROC PATMIntEntryErrorCode
548	PATMIntEntryErrorCodeStart:
549	mov dword [ss:PATM_INTERRUPTFLAG], 0
550	pushf
551
552	; make sure the saved CS selector for ring 1 is made 0
553	test dword [esp+12], 2
554	jnz PATMIntNoRing1_ErrorCode
555	test dword [esp+12], 1
556	jz PATMIntNoRing1_ErrorCode
557	and dword [esp+12], dword ~1 ; yasm / nasm dword
558	PATMIntNoRing1_ErrorCode:
559
560	; correct EFLAGS on the stack to include the current IOPL
561	push eax
562	mov eax, dword [ss:PATM_VMFLAGS]
563	and eax, X86_EFL_IOPL
564	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(eax)+4(error code)
565	or dword [esp+20], eax
566	pop eax
567
568	popf
569	mov dword [ss:PATM_INTERRUPTFLAG], 1
570	PATMIntEntryErrorCodeEnd:
571	ENDPROC PATMIntEntryErrorCode
572
573
574	; Patch record for interrupt gate entrypoint
575	GLOBALNAME PATMIntEntryRecordErrorCode
576	RTCCPTR_DEF PATMIntEntryErrorCodeStart
577	DD 0
578	DD 0
579	DD 0
580	DD PATMIntEntryErrorCodeEnd - PATMIntEntryErrorCodeStart
581	DD 3
582	DD PATM_INTERRUPTFLAG
583	DD 0
584	DD PATM_VMFLAGS
585	DD 0
586	DD PATM_INTERRUPTFLAG
587	DD 0
588	DD 0ffffffffh
589
590	;
591	; 32 bits Popf replacement that faults when IF remains 0
592	;
593	BEGINPROC PATMPopf32Replacement
594	PATMPopf32Start:
595	mov dword [ss:PATM_INTERRUPTFLAG], 0
596	test dword [esp], X86_EFL_IF
597	jnz PATMPopf32_Ok
598	mov dword [ss:PATM_INTERRUPTFLAG], 1
599	PATM_INT3
600
601	PATMPopf32_Ok:
602	pop dword [ss:PATM_VMFLAGS]
603	push dword [ss:PATM_VMFLAGS]
604
605	; if interrupts are pending, then we must go back to the host context to handle them!
606	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
607	jz PATMPopf32_Continue
608
609	; Go to our hypervisor trap handler to dispatch the pending irq
610	mov dword [ss:PATM_TEMP_EAX], eax
611	mov dword [ss:PATM_TEMP_ECX], ecx
612	mov dword [ss:PATM_TEMP_EDI], edi
613	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
614	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
615	lock or dword [ss:PATM_PENDINGACTION], eax
616	mov ecx, PATM_ACTION_MAGIC
617	mov edi, PATM_NEXTINSTRADDR
618
619	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
620	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
621	; does not return
622
623	PATMPopf32_Continue:
624	popfd ; restore flags we pushed above
625	mov dword [ss:PATM_INTERRUPTFLAG], 1
626	DB 0xE9
627	PATMPopf32Jump:
628	DD PATM_JUMPDELTA
629	PATMPopf32End:
630	ENDPROC PATMPopf32Replacement
631
632
633	; Patch record for 'popfd'
634	GLOBALNAME PATMPopf32Record
635	RTCCPTR_DEF PATMPopf32Start
636	DD PATMPopf32Jump - PATMPopf32Start
637	DD 0
638	DD 0
639	DD PATMPopf32End - PATMPopf32Start
640	DD 12
641	DD PATM_INTERRUPTFLAG
642	DD 0
643	DD PATM_INTERRUPTFLAG
644	DD 0
645	DD PATM_VMFLAGS
646	DD 0
647	DD PATM_VMFLAGS
648	DD 0
649	DD PATM_VM_FORCEDACTIONS
650	DD 0
651	DD PATM_TEMP_EAX
652	DD 0
653	DD PATM_TEMP_ECX
654	DD 0
655	DD PATM_TEMP_EDI
656	DD 0
657	DD PATM_TEMP_RESTORE_FLAGS
658	DD 0
659	DD PATM_PENDINGACTION
660	DD 0
661	DD PATM_NEXTINSTRADDR
662	DD 0
663	DD PATM_INTERRUPTFLAG
664	DD 0
665	DD 0ffffffffh
666
667	; no need to check the IF flag when popf isn't an exit point of a patch (e.g. function duplication)
668	BEGINPROC PATMPopf32Replacement_NoExit
669	PATMPopf32_NoExitStart:
670	mov dword [ss:PATM_INTERRUPTFLAG], 0
671	%ifdef PATM_LOG_IF_CHANGES
672	push eax
673	push ecx
674	mov eax, PATM_ACTION_LOG_POPF_IF1
675	test dword [esp+8], X86_EFL_IF
676	jnz PATMPopf32_Log
677	mov eax, PATM_ACTION_LOG_POPF_IF0
678
679	PATMPopf32_Log:
680	lock or dword [ss:PATM_PENDINGACTION], eax
681	mov ecx, PATM_ACTION_MAGIC
682	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
683	pop ecx
684	pop eax
685	%endif
686	test dword [esp], X86_EFL_IF
687	jz PATMPopf32_NoExit_Continue
688
689	; if interrupts are pending, then we must go back to the host context to handle them!
690	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
691	jz PATMPopf32_NoExit_Continue
692
693	; Go to our hypervisor trap handler to dispatch the pending irq
694	mov dword [ss:PATM_TEMP_EAX], eax
695	mov dword [ss:PATM_TEMP_ECX], ecx
696	mov dword [ss:PATM_TEMP_EDI], edi
697	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
698	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
699	lock or dword [ss:PATM_PENDINGACTION], eax
700	mov ecx, PATM_ACTION_MAGIC
701	mov edi, PATM_NEXTINSTRADDR
702
703	pop dword [ss:PATM_VMFLAGS] ; restore flags now (the or instruction changes the flags as well)
704	push dword [ss:PATM_VMFLAGS]
705	popfd
706
707	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
708	; does not return
709
710	PATMPopf32_NoExit_Continue:
711	pop dword [ss:PATM_VMFLAGS]
712	push dword [ss:PATM_VMFLAGS]
713	popfd
714	mov dword [ss:PATM_INTERRUPTFLAG], 1
715	PATMPopf32_NoExitEnd:
716	ENDPROC PATMPopf32Replacement_NoExit
717
718
719	; Patch record for 'popfd'
720	GLOBALNAME PATMPopf32Record_NoExit
721	RTCCPTR_DEF PATMPopf32_NoExitStart
722	DD 0
723	DD 0
724	DD 0
725	DD PATMPopf32_NoExitEnd - PATMPopf32_NoExitStart
726	%ifdef PATM_LOG_IF_CHANGES
727	DD 14
728	%else
729	DD 13
730	%endif
731	DD PATM_INTERRUPTFLAG
732	DD 0
733	%ifdef PATM_LOG_IF_CHANGES
734	DD PATM_PENDINGACTION
735	DD 0
736	%endif
737	DD PATM_VM_FORCEDACTIONS
738	DD 0
739	DD PATM_TEMP_EAX
740	DD 0
741	DD PATM_TEMP_ECX
742	DD 0
743	DD PATM_TEMP_EDI
744	DD 0
745	DD PATM_TEMP_RESTORE_FLAGS
746	DD 0
747	DD PATM_PENDINGACTION
748	DD 0
749	DD PATM_NEXTINSTRADDR
750	DD 0
751	DD PATM_VMFLAGS
752	DD 0
753	DD PATM_VMFLAGS
754	DD 0
755	DD PATM_VMFLAGS
756	DD 0
757	DD PATM_VMFLAGS
758	DD 0
759	DD PATM_INTERRUPTFLAG
760	DD 0
761	DD 0ffffffffh
762
763
764	;
765	; 16 bits Popf replacement that faults when IF remains 0
766	;
767	BEGINPROC PATMPopf16Replacement
768	PATMPopf16Start:
769	mov dword [ss:PATM_INTERRUPTFLAG], 0
770	test word [esp], X86_EFL_IF
771	jnz PATMPopf16_Ok
772	mov dword [ss:PATM_INTERRUPTFLAG], 1
773	PATM_INT3
774
775	PATMPopf16_Ok:
776	; if interrupts are pending, then we must go back to the host context to handle them!
777	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
778	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
779	jz PATMPopf16_Continue
780	mov dword [ss:PATM_INTERRUPTFLAG], 1
781	PATM_INT3
782
783	PATMPopf16_Continue:
784
785	pop word [ss:PATM_VMFLAGS]
786	push word [ss:PATM_VMFLAGS]
787	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
788	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
789
790	DB 0x66 ; size override
791	popf ;after the and and or operations!! (flags must be preserved)
792	mov dword [ss:PATM_INTERRUPTFLAG], 1
793
794	DB 0xE9
795	PATMPopf16Jump:
796	DD PATM_JUMPDELTA
797	PATMPopf16End:
798	ENDPROC PATMPopf16Replacement
799
800
801	; Patch record for 'popf'
802	GLOBALNAME PATMPopf16Record
803	RTCCPTR_DEF PATMPopf16Start
804	DD PATMPopf16Jump - PATMPopf16Start
805	DD 0
806	DD 0
807	DD PATMPopf16End - PATMPopf16Start
808	DD 9
809	DD PATM_INTERRUPTFLAG
810	DD 0
811	DD PATM_INTERRUPTFLAG
812	DD 0
813	DD PATM_VM_FORCEDACTIONS
814	DD 0
815	DD PATM_INTERRUPTFLAG
816	DD 0
817	DD PATM_VMFLAGS
818	DD 0
819	DD PATM_VMFLAGS
820	DD 0
821	DD PATM_VMFLAGS
822	DD 0
823	DD PATM_VMFLAGS
824	DD 0
825	DD PATM_INTERRUPTFLAG
826	DD 0
827	DD 0ffffffffh
828
829	;
830	; 16 bits Popf replacement that faults when IF remains 0
831	; @todo not necessary to fault in that case (see 32 bits version)
832	BEGINPROC PATMPopf16Replacement_NoExit
833	PATMPopf16Start_NoExit:
834	mov dword [ss:PATM_INTERRUPTFLAG], 0
835	test word [esp], X86_EFL_IF
836	jnz PATMPopf16_Ok_NoExit
837	mov dword [ss:PATM_INTERRUPTFLAG], 1
838	PATM_INT3
839
840	PATMPopf16_Ok_NoExit:
841	; if interrupts are pending, then we must go back to the host context to handle them!
842	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
843	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
844	jz PATMPopf16_Continue_NoExit
845	mov dword [ss:PATM_INTERRUPTFLAG], 1
846	PATM_INT3
847
848	PATMPopf16_Continue_NoExit:
849
850	pop word [ss:PATM_VMFLAGS]
851	push word [ss:PATM_VMFLAGS]
852	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
853	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
854
855	DB 0x66 ; size override
856	popf ;after the and and or operations!! (flags must be preserved)
857	mov dword [ss:PATM_INTERRUPTFLAG], 1
858	PATMPopf16End_NoExit:
859	ENDPROC PATMPopf16Replacement_NoExit
860
861
862	; Patch record for 'popf'
863	GLOBALNAME PATMPopf16Record_NoExit
864	RTCCPTR_DEF PATMPopf16Start_NoExit
865	DD 0
866	DD 0
867	DD 0
868	DD PATMPopf16End_NoExit - PATMPopf16Start_NoExit
869	DD 9
870	DD PATM_INTERRUPTFLAG
871	DD 0
872	DD PATM_INTERRUPTFLAG
873	DD 0
874	DD PATM_VM_FORCEDACTIONS
875	DD 0
876	DD PATM_INTERRUPTFLAG
877	DD 0
878	DD PATM_VMFLAGS
879	DD 0
880	DD PATM_VMFLAGS
881	DD 0
882	DD PATM_VMFLAGS
883	DD 0
884	DD PATM_VMFLAGS
885	DD 0
886	DD PATM_INTERRUPTFLAG
887	DD 0
888	DD 0ffffffffh
889
890
891	BEGINPROC PATMPushf32Replacement
892	PATMPushf32Start:
893	mov dword [ss:PATM_INTERRUPTFLAG], 0
894	pushfd
895	%ifdef PATM_LOG_IF_CHANGES
896	push eax
897	push ecx
898	mov eax, PATM_ACTION_LOG_PUSHF
899	lock or dword [ss:PATM_PENDINGACTION], eax
900	mov ecx, PATM_ACTION_MAGIC
901	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
902	pop ecx
903	pop eax
904	%endif
905
906	pushfd
907	push eax
908	mov eax, dword [esp+8]
909	and eax, PATM_FLAGS_MASK
910	or eax, dword [ss:PATM_VMFLAGS]
911	mov dword [esp+8], eax
912	pop eax
913	popfd
914	mov dword [ss:PATM_INTERRUPTFLAG], 1
915	PATMPushf32End:
916	ENDPROC PATMPushf32Replacement
917
918
919	; Patch record for 'pushfd'
920	GLOBALNAME PATMPushf32Record
921	RTCCPTR_DEF PATMPushf32Start
922	DD 0
923	DD 0
924	DD 0
925	DD PATMPushf32End - PATMPushf32Start
926	%ifdef PATM_LOG_IF_CHANGES
927	DD 4
928	%else
929	DD 3
930	%endif
931	DD PATM_INTERRUPTFLAG
932	DD 0
933	%ifdef PATM_LOG_IF_CHANGES
934	DD PATM_PENDINGACTION
935	DD 0
936	%endif
937	DD PATM_VMFLAGS
938	DD 0
939	DD PATM_INTERRUPTFLAG
940	DD 0
941	DD 0ffffffffh
942
943
944	BEGINPROC PATMPushf16Replacement
945	PATMPushf16Start:
946	mov dword [ss:PATM_INTERRUPTFLAG], 0
947	DB 0x66 ; size override
948	pushf
949	DB 0x66 ; size override
950	pushf
951	push eax
952	xor eax, eax
953	mov ax, word [esp+6]
954	and eax, PATM_FLAGS_MASK
955	or eax, dword [ss:PATM_VMFLAGS]
956	mov word [esp+6], ax
957	pop eax
958
959	DB 0x66 ; size override
960	popf
961	mov dword [ss:PATM_INTERRUPTFLAG], 1
962	PATMPushf16End:
963	ENDPROC PATMPushf16Replacement
964
965
966	; Patch record for 'pushf'
967	GLOBALNAME PATMPushf16Record
968	RTCCPTR_DEF PATMPushf16Start
969	DD 0
970	DD 0
971	DD 0
972	DD PATMPushf16End - PATMPushf16Start
973	DD 3
974	DD PATM_INTERRUPTFLAG
975	DD 0
976	DD PATM_VMFLAGS
977	DD 0
978	DD PATM_INTERRUPTFLAG
979	DD 0
980	DD 0ffffffffh
981
982
983	BEGINPROC PATMPushCSReplacement
984	PATMPushCSStart:
985	mov dword [ss:PATM_INTERRUPTFLAG], 0
986	push cs
987	pushfd
988
989	test dword [esp+4], 2
990	jnz pushcs_notring1
991
992	; change dpl from 1 to 0
993	and dword [esp+4], dword ~1 ; yasm / nasm dword
994
995	pushcs_notring1:
996	popfd
997
998	mov dword [ss:PATM_INTERRUPTFLAG], 1
999	DB 0xE9
1000	PATMPushCSJump:
1001	DD PATM_JUMPDELTA
1002	PATMPushCSEnd:
1003	ENDPROC PATMPushCSReplacement
1004
1005
1006	; Patch record for 'push cs'
1007	GLOBALNAME PATMPushCSRecord
1008	RTCCPTR_DEF PATMPushCSStart
1009	DD PATMPushCSJump - PATMPushCSStart
1010	DD 0
1011	DD 0
1012	DD PATMPushCSEnd - PATMPushCSStart
1013	DD 2
1014	DD PATM_INTERRUPTFLAG
1015	DD 0
1016	DD PATM_INTERRUPTFLAG
1017	DD 0
1018	DD 0ffffffffh
1019
1020	;;****************************************************
1021	;; Abstract:
1022	;;
1023	;; if eflags.NT==0 && iretstack.eflags.VM==0 && iretstack.eflags.IOPL==0
1024	;; then
1025	;; if return to ring 0 (iretstack.new_cs & 3 == 0)
1026	;; then
1027	;; if iretstack.new_eflags.IF == 1 && iretstack.new_eflags.IOPL == 0
1028	;; then
1029	;; iretstack.new_cs \|= 1
1030	;; else
1031	;; int 3
1032	;; endif
1033	;; uVMFlags &= ~X86_EFL_IF
1034	;; iret
1035	;; else
1036	;; int 3
1037	;;****************************************************
1038	;;
1039	BEGINPROC PATMIretReplacement
1040	PATMIretStart:
1041	mov dword [ss:PATM_INTERRUPTFLAG], 0
1042	pushfd
1043
1044	%ifdef PATM_LOG_IF_CHANGES
1045	push eax
1046	push ecx
1047	push edx
1048	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
1049	mov eax, PATM_ACTION_LOG_IRET
1050	lock or dword [ss:PATM_PENDINGACTION], eax
1051	mov ecx, PATM_ACTION_MAGIC
1052	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1053	pop edx
1054	pop ecx
1055	pop eax
1056	%endif
1057
1058	test dword [esp], X86_EFL_NT
1059	jnz near iret_fault1
1060
1061	test dword [esp+12], X86_EFL_VM
1062	jnz iret_fault
1063
1064	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1065	;;@todo: not correct for iret back to ring 2!!!!!
1066	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1067
1068	test dword [esp+8], 2
1069	jnz iret_notring0
1070
1071	test dword [esp+12], X86_EFL_IF
1072	jz iret_fault
1073
1074	; if interrupts are pending, then we must go back to the host context to handle them!
1075	; @@todo fix this properly, so we can dispatch pending interrupts in GC
1076	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
1077	jnz iret_fault
1078
1079	or dword [esp+8], 1
1080	iret_notring0:
1081
1082	; This section must always be executed (!!)
1083	; Extract the IOPL from the return flags, save them to our virtual flags and
1084	; put them back to zero
1085	push eax
1086	mov eax, dword [esp+16]
1087	and eax, X86_EFL_IOPL
1088	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1089	or dword [ss:PATM_VMFLAGS], eax
1090	pop eax
1091	and dword [esp+12], ~X86_EFL_IOPL
1092
1093	; Set IF again; below we make sure this won't cause problems.
1094	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
1095	popfd
1096
1097	; make sure iret is executed fully (including the iret below; cli ... iret can otherwise be interrupted)
1098	mov dword [ss:PATM_INHIBITIRQADDR], PATM_CURINSTRADDR
1099	mov dword [ss:PATM_INTERRUPTFLAG], 1
1100	iretd
1101	PATM_INT3
1102
1103	iret_fault:
1104	popfd
1105	mov dword [ss:PATM_INTERRUPTFLAG], 1
1106	PATM_INT3
1107
1108	iret_fault1:
1109	nop
1110	popfd
1111	mov dword [ss:PATM_INTERRUPTFLAG], 1
1112	PATM_INT3
1113	PATMIretEnd:
1114	ENDPROC PATMIretReplacement
1115
1116	; Patch record for 'iretd'
1117	GLOBALNAME PATMIretRecord
1118	RTCCPTR_DEF PATMIretStart
1119	DD 0
1120	DD 0
1121	DD 0
1122	DD PATMIretEnd- PATMIretStart
1123	%ifdef PATM_LOG_IF_CHANGES
1124	DD 11
1125	%else
1126	DD 10
1127	%endif
1128	DD PATM_INTERRUPTFLAG
1129	DD 0
1130	%ifdef PATM_LOG_IF_CHANGES
1131	DD PATM_PENDINGACTION
1132	DD 0
1133	%endif
1134	DD PATM_VM_FORCEDACTIONS
1135	DD 0
1136	DD PATM_VMFLAGS
1137	DD 0
1138	DD PATM_VMFLAGS
1139	DD 0
1140	DD PATM_VMFLAGS
1141	DD 0
1142	DD PATM_INHIBITIRQADDR
1143	DD 0
1144	DD PATM_CURINSTRADDR
1145	DD 0
1146	DD PATM_INTERRUPTFLAG
1147	DD 0
1148	DD PATM_INTERRUPTFLAG
1149	DD 0
1150	DD PATM_INTERRUPTFLAG
1151	DD 0
1152	DD 0ffffffffh
1153
1154
1155	align 16 ; yasm / nasm diff - remove me!
1156	BEGINPROC PATMCpuidReplacement
1157	PATMCpuidStart:
1158	mov dword [ss:PATM_INTERRUPTFLAG], 0
1159	pushf
1160
1161	cmp eax, PATM_CPUID_STD_MAX
1162	jb short cpuid_std
1163	cmp eax, 0x80000000
1164	jb short cpuid_def
1165	cmp eax, PATM_CPUID_EXT_MAX
1166	jb short cpuid_ext
1167
1168	cpuid_def:
1169	mov eax, PATM_CPUID_DEF_PTR
1170	jmp near cpuid_fetch
1171
1172	cpuid_std:
1173	mov edx, PATM_CPUID_STD_PTR
1174	jmp cpuid_calc
1175	cpuid_ext:
1176	and eax, 0ffh ; strictly speaking not necessary.
1177	mov edx, PATM_CPUID_EXT_PTR
1178	cpuid_calc:
1179	lea eax, [ss:eax * 4] ; 4 entries...
1180	lea eax, [ss:eax * 4] ; 4 bytes each
1181	add eax, edx
1182
1183	cpuid_fetch:
1184	mov edx, [ss:eax + 12] ; CPUMCPUID layout assumptions!
1185	mov ecx, [ss:eax + 8]
1186	mov ebx, [ss:eax + 4]
1187	mov eax, [ss:eax]
1188
1189	popf
1190	mov dword [ss:PATM_INTERRUPTFLAG], 1
1191
1192	PATMCpuidEnd:
1193	ENDPROC PATMCpuidReplacement
1194
1195	; Patch record for 'cpuid'
1196	GLOBALNAME PATMCpuidRecord
1197	RTCCPTR_DEF PATMCpuidStart
1198	DD 0
1199	DD 0
1200	DD 0
1201	DD PATMCpuidEnd- PATMCpuidStart
1202	DD 7
1203	DD PATM_INTERRUPTFLAG
1204	DD 0
1205	DD PATM_CPUID_STD_MAX
1206	DD 0
1207	DD PATM_CPUID_EXT_MAX
1208	DD 0
1209	DD PATM_CPUID_DEF_PTR
1210	DD 0
1211	DD PATM_CPUID_STD_PTR
1212	DD 0
1213	DD PATM_CPUID_EXT_PTR
1214	DD 0
1215	DD PATM_INTERRUPTFLAG
1216	DD 0
1217	DD 0ffffffffh
1218
1219
1220	BEGINPROC PATMJEcxReplacement
1221	PATMJEcxStart:
1222	mov dword [ss:PATM_INTERRUPTFLAG], 0
1223	pushfd
1224	PATMJEcxSizeOverride:
1225	DB 0x90 ; nop
1226	cmp ecx, dword 0 ; yasm / nasm dword
1227	jnz PATMJEcxContinue
1228
1229	popfd
1230	mov dword [ss:PATM_INTERRUPTFLAG], 1
1231	DB 0xE9
1232	PATMJEcxJump:
1233	DD PATM_JUMPDELTA
1234
1235	PATMJEcxContinue:
1236	popfd
1237	mov dword [ss:PATM_INTERRUPTFLAG], 1
1238	PATMJEcxEnd:
1239	ENDPROC PATMJEcxReplacement
1240
1241	; Patch record for 'JEcx'
1242	GLOBALNAME PATMJEcxRecord
1243	RTCCPTR_DEF PATMJEcxStart
1244	DD 0
1245	DD PATMJEcxJump - PATMJEcxStart
1246	DD PATMJEcxSizeOverride - PATMJEcxStart
1247	DD PATMJEcxEnd- PATMJEcxStart
1248	DD 3
1249	DD PATM_INTERRUPTFLAG
1250	DD 0
1251	DD PATM_INTERRUPTFLAG
1252	DD 0
1253	DD PATM_INTERRUPTFLAG
1254	DD 0
1255	DD 0ffffffffh
1256
1257	align 16; yasm / nasm diffing. remove me!
1258	BEGINPROC PATMLoopReplacement
1259	PATMLoopStart:
1260	mov dword [ss:PATM_INTERRUPTFLAG], 0
1261	pushfd
1262	PATMLoopSizeOverride:
1263	DB 0x90 ; nop
1264	dec ecx
1265	jz PATMLoopContinue
1266
1267	popfd
1268	mov dword [ss:PATM_INTERRUPTFLAG], 1
1269	DB 0xE9
1270	PATMLoopJump:
1271	DD PATM_JUMPDELTA
1272
1273	PATMLoopContinue:
1274	popfd
1275	mov dword [ss:PATM_INTERRUPTFLAG], 1
1276	PATMLoopEnd:
1277	ENDPROC PATMLoopReplacement
1278
1279	; Patch record for 'Loop'
1280	GLOBALNAME PATMLoopRecord
1281	RTCCPTR_DEF PATMLoopStart
1282	DD 0
1283	DD PATMLoopJump - PATMLoopStart
1284	DD PATMLoopSizeOverride - PATMLoopStart
1285	DD PATMLoopEnd- PATMLoopStart
1286	DD 3
1287	DD PATM_INTERRUPTFLAG
1288	DD 0
1289	DD PATM_INTERRUPTFLAG
1290	DD 0
1291	DD PATM_INTERRUPTFLAG
1292	DD 0
1293	DD 0ffffffffh
1294
1295	BEGINPROC PATMLoopZReplacement
1296	PATMLoopZStart:
1297	; jump if ZF=1 AND (E)CX != 0
1298
1299	mov dword [ss:PATM_INTERRUPTFLAG], 0
1300	jnz PATMLoopZEnd
1301	pushfd
1302	PATMLoopZSizeOverride:
1303	DB 0x90 ; nop
1304	dec ecx
1305	jz PATMLoopZContinue
1306
1307	popfd
1308	mov dword [ss:PATM_INTERRUPTFLAG], 1
1309	DB 0xE9
1310	PATMLoopZJump:
1311	DD PATM_JUMPDELTA
1312
1313	PATMLoopZContinue:
1314	popfd
1315	mov dword [ss:PATM_INTERRUPTFLAG], 1
1316	PATMLoopZEnd:
1317	ENDPROC PATMLoopZReplacement
1318
1319	; Patch record for 'Loopz'
1320	GLOBALNAME PATMLoopZRecord
1321	RTCCPTR_DEF PATMLoopZStart
1322	DD 0
1323	DD PATMLoopZJump - PATMLoopZStart
1324	DD PATMLoopZSizeOverride - PATMLoopZStart
1325	DD PATMLoopZEnd- PATMLoopZStart
1326	DD 3
1327	DD PATM_INTERRUPTFLAG
1328	DD 0
1329	DD PATM_INTERRUPTFLAG
1330	DD 0
1331	DD PATM_INTERRUPTFLAG
1332	DD 0
1333	DD 0ffffffffh
1334
1335
1336	BEGINPROC PATMLoopNZReplacement
1337	PATMLoopNZStart:
1338	; jump if ZF=0 AND (E)CX != 0
1339
1340	mov dword [ss:PATM_INTERRUPTFLAG], 0
1341	jz PATMLoopNZEnd
1342	pushfd
1343	PATMLoopNZSizeOverride:
1344	DB 0x90 ; nop
1345	dec ecx
1346	jz PATMLoopNZContinue
1347
1348	popfd
1349	mov dword [ss:PATM_INTERRUPTFLAG], 1
1350	DB 0xE9
1351	PATMLoopNZJump:
1352	DD PATM_JUMPDELTA
1353
1354	PATMLoopNZContinue:
1355	popfd
1356	mov dword [ss:PATM_INTERRUPTFLAG], 1
1357	PATMLoopNZEnd:
1358	ENDPROC PATMLoopNZReplacement
1359
1360	; Patch record for 'LoopNZ'
1361	GLOBALNAME PATMLoopNZRecord
1362	RTCCPTR_DEF PATMLoopNZStart
1363	DD 0
1364	DD PATMLoopNZJump - PATMLoopNZStart
1365	DD PATMLoopNZSizeOverride - PATMLoopNZStart
1366	DD PATMLoopNZEnd- PATMLoopNZStart
1367	DD 3
1368	DD PATM_INTERRUPTFLAG
1369	DD 0
1370	DD PATM_INTERRUPTFLAG
1371	DD 0
1372	DD PATM_INTERRUPTFLAG
1373	DD 0
1374	DD 0ffffffffh
1375
1376	align 16
1377	; Global patch function for indirect calls
1378	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1379	; + 20 push [pTargetGC]
1380	; + 16 pushfd
1381	; + 12 push [JumpTableAddress]
1382	; + 8 push [PATMRelReturnAddress]
1383	; + 4 push [GuestReturnAddress]
1384	;( + 0 return address )
1385	;
1386	; @note NEVER change this without bumping the SSM version
1387	BEGINPROC PATMLookupAndCall
1388	PATMLookupAndCallStart:
1389	push eax
1390	push edx
1391	push edi
1392	push ecx
1393
1394	mov edx, dword [esp+16+20] ; pushed target address
1395
1396	xor eax, eax ; default result -> nothing found
1397	mov edi, dword [esp+16+12] ; jump table
1398	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1399	cmp ecx, 0
1400	je near PATMLookupAndCall_QueryPATM
1401
1402	PATMLookupAndCall_SearchStart:
1403	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1404	je near PATMLookupAndCall_SearchHit
1405	inc eax
1406	cmp eax, ecx
1407	jl near PATMLookupAndCall_SearchStart
1408
1409	PATMLookupAndCall_QueryPATM:
1410	; nothing found -> let our trap handler try to find it
1411	; @todo private ugly interface, since we have nothing generic at the moment
1412	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1413	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1414	mov ecx, PATM_ACTION_MAGIC
1415	; edx = GC address to find
1416	; edi = jump table address
1417	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1418
1419	jmp near PATMLookupAndCall_SearchEnd
1420
1421	PATMLookupAndCall_Failure:
1422	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1423	pop ecx
1424	pop edi
1425	pop edx
1426	pop eax
1427	ret
1428
1429	PATMLookupAndCall_SearchHit:
1430	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1431
1432	;@note can be zero, so the next check is required!!
1433
1434	PATMLookupAndCall_SearchEnd:
1435	cmp eax, 0
1436	je near PATMLookupAndCall_Failure
1437
1438	mov ecx, eax ; ECX = target address (relative!)
1439	add ecx, PATM_PATCHBASE ; Make it absolute
1440
1441	mov edx, dword PATM_STACKPTR
1442	cmp dword [ss:edx], PATM_STACK_SIZE
1443	ja near PATMLookupAndCall_Failure ; should never happen actually!!!
1444	cmp dword [ss:edx], 0
1445	je near PATMLookupAndCall_Failure ; no more room
1446
1447	; save the patch return address on our private stack
1448	sub dword [ss:edx], 4 ; sizeof(RTGCPTR)
1449	mov eax, dword PATM_STACKBASE
1450	add eax, dword [ss:edx] ; stack base + stack position
1451	mov edi, dword [esp+16+8] ; PATM return address
1452	mov dword [ss:eax], edi ; relative address of patch return (instruction following this block)
1453
1454	; save the original return address as well (checked by ret to make sure the guest hasn't messed around with the stack)
1455	mov edi, dword PATM_STACKBASE_GUEST
1456	add edi, dword [ss:edx] ; stack base (guest) + stack position
1457	mov eax, dword [esp+16+4] ; guest return address
1458	mov dword [ss:edi], eax
1459
1460	push ecx ; temporarily store the target address on the stack
1461	add esp, 4
1462	pop ecx
1463	pop edi
1464	pop edx
1465	pop eax
1466	add esp, 24 ; parameters + return address pushed by caller (changes the flags, but that shouldn't matter)
1467	push dword [esp - 20] ; push original guest return address
1468
1469	; the called function will set PATM_INTERRUPTFLAG (!!)
1470	jmp dword [esp-40] ; call duplicated patch function
1471
1472	PATMLookupAndCallEnd:
1473	; returning here -> do not add code here or after the jmp!!!!!
1474	ENDPROC PATMLookupAndCall
1475
1476	; Patch record for indirect calls and jumps
1477	GLOBALNAME PATMLookupAndCallRecord
1478	RTCCPTR_DEF PATMLookupAndCallStart
1479	DD 0
1480	DD 0
1481	DD 0
1482	DD PATMLookupAndCallEnd - PATMLookupAndCallStart
1483	DD 5
1484	DD PATM_PENDINGACTION
1485	DD 0
1486	DD PATM_PATCHBASE
1487	DD 0
1488	DD PATM_STACKPTR
1489	DD 0
1490	DD PATM_STACKBASE
1491	DD 0
1492	DD PATM_STACKBASE_GUEST
1493	DD 0
1494	DD 0ffffffffh
1495
1496
1497	align 16
1498	; Global patch function for indirect jumps
1499	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1500	; + 8 push [pTargetGC]
1501	; + 4 push [JumpTableAddress]
1502	;( + 0 return address )
1503	; And saving eflags in PATM_TEMP_EFLAGS
1504	;
1505	; @note NEVER change this without bumping the SSM version
1506	BEGINPROC PATMLookupAndJump
1507	PATMLookupAndJumpStart:
1508	push eax
1509	push edx
1510	push edi
1511	push ecx
1512
1513	mov edx, dword [esp+16+8] ; pushed target address
1514
1515	xor eax, eax ; default result -> nothing found
1516	mov edi, dword [esp+16+4] ; jump table
1517	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1518	cmp ecx, 0
1519	je near PATMLookupAndJump_QueryPATM
1520
1521	PATMLookupAndJump_SearchStart:
1522	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1523	je near PATMLookupAndJump_SearchHit
1524	inc eax
1525	cmp eax, ecx
1526	jl near PATMLookupAndJump_SearchStart
1527
1528	PATMLookupAndJump_QueryPATM:
1529	; nothing found -> let our trap handler try to find it
1530	; @todo private ugly interface, since we have nothing generic at the moment
1531	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1532	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1533	mov ecx, PATM_ACTION_MAGIC
1534	; edx = GC address to find
1535	; edi = jump table address
1536	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1537
1538	jmp near PATMLookupAndJump_SearchEnd
1539
1540	PATMLookupAndJump_Failure:
1541	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1542	pop ecx
1543	pop edi
1544	pop edx
1545	pop eax
1546	ret
1547
1548	PATMLookupAndJump_SearchHit:
1549	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1550
1551	;@note can be zero, so the next check is required!!
1552
1553	PATMLookupAndJump_SearchEnd:
1554	cmp eax, 0
1555	je near PATMLookupAndJump_Failure
1556
1557	mov ecx, eax ; ECX = target address (relative!)
1558	add ecx, PATM_PATCHBASE ; Make it absolute
1559
1560	; save jump patch target
1561	mov dword [ss:PATM_TEMP_EAX], ecx
1562	pop ecx
1563	pop edi
1564	pop edx
1565	pop eax
1566	add esp, 12 ; parameters + return address pushed by caller
1567	; restore flags (just to be sure)
1568	push dword [ss:PATM_TEMP_EFLAGS]
1569	popfd
1570
1571	; the jump destination will set PATM_INTERRUPTFLAG (!!)
1572	jmp dword [ss:PATM_TEMP_EAX] ; call duplicated patch destination address
1573
1574	PATMLookupAndJumpEnd:
1575	ENDPROC PATMLookupAndJump
1576
1577	; Patch record for indirect calls and jumps
1578	GLOBALNAME PATMLookupAndJumpRecord
1579	RTCCPTR_DEF PATMLookupAndJumpStart
1580	DD 0
1581	DD 0
1582	DD 0
1583	DD PATMLookupAndJumpEnd - PATMLookupAndJumpStart
1584	DD 5
1585	DD PATM_PENDINGACTION
1586	DD 0
1587	DD PATM_PATCHBASE
1588	DD 0
1589	DD PATM_TEMP_EAX
1590	DD 0
1591	DD PATM_TEMP_EFLAGS
1592	DD 0
1593	DD PATM_TEMP_EAX
1594	DD 0
1595	DD 0ffffffffh
1596
1597
1598
1599
1600	align 16
1601	; Patch function for static calls
1602	; @note static calls have only one lookup slot!
1603	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1604	; push [pTargetGC]
1605	;
1606	BEGINPROC PATMCall
1607	PATMCallStart:
1608	pushfd
1609	push PATM_FIXUP ; fixup for jump table below
1610	push PATM_PATCHNEXTBLOCK
1611	push PATM_RETURNADDR
1612	DB 0E8h ; call
1613	DD PATM_LOOKUP_AND_CALL_FUNCTION
1614	; we only return in case of a failure
1615	add esp, 12 ; pushed address of jump table
1616	popfd
1617	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
1618	mov dword [ss:PATM_INTERRUPTFLAG], 1
1619	PATM_INT3
1620	%ifdef DEBUG
1621	; for disassembly
1622	jmp PATMCallEnd
1623	%endif
1624
1625	align 4
1626	PATMCallTable:
1627	DW 1 ; nrSlots
1628	DW 0 ; ulInsertPos
1629	DD 0 ; cAddresses
1630	RESB PATCHDIRECTJUMPTABLE_SIZE ; only one lookup slot
1631
1632	PATMCallEnd:
1633	; returning here -> do not add code here or after the jmp!!!!!
1634	ENDPROC PATMCall
1635
1636	; Patch record for direct calls
1637	GLOBALNAME PATMCallRecord
1638	RTCCPTR_DEF PATMCallStart
1639	DD 0
1640	DD 0
1641	DD 0
1642	DD PATMCallEnd - PATMCallStart
1643	DD 5
1644	DD PATM_FIXUP
1645	DD PATMCallTable - PATMCallStart
1646	DD PATM_PATCHNEXTBLOCK
1647	DD 0
1648	DD PATM_RETURNADDR
1649	DD 0
1650	DD PATM_LOOKUP_AND_CALL_FUNCTION
1651	DD 0
1652	DD PATM_INTERRUPTFLAG
1653	DD 0
1654	DD 0ffffffffh
1655
1656
1657	align 16
1658	; Patch function for indirect calls
1659	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1660	; push [pTargetGC]
1661	;
1662	BEGINPROC PATMCallIndirect
1663	PATMCallIndirectStart:
1664	pushfd
1665	push PATM_FIXUP ; fixup for jump table below
1666	push PATM_PATCHNEXTBLOCK
1667	push PATM_RETURNADDR
1668	DB 0E8h ; call
1669	DD PATM_LOOKUP_AND_CALL_FUNCTION
1670	; we only return in case of a failure
1671	add esp, 12 ; pushed address of jump table
1672	popfd
1673	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
1674	mov dword [ss:PATM_INTERRUPTFLAG], 1
1675	PATM_INT3
1676	%ifdef DEBUG
1677	; for disassembly
1678	jmp PATMCallIndirectEnd
1679	%endif
1680
1681	align 4
1682	PATMCallIndirectTable:
1683	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1684	DW 0 ; ulInsertPos
1685	DD 0 ; cAddresses
1686	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1687
1688	PATMCallIndirectEnd:
1689	; returning here -> do not add code here or after the jmp!!!!!
1690	ENDPROC PATMCallIndirect
1691
1692	; Patch record for indirect calls
1693	GLOBALNAME PATMCallIndirectRecord
1694	RTCCPTR_DEF PATMCallIndirectStart
1695	DD 0
1696	DD 0
1697	DD 0
1698	DD PATMCallIndirectEnd - PATMCallIndirectStart
1699	DD 5
1700	DD PATM_FIXUP
1701	DD PATMCallIndirectTable - PATMCallIndirectStart
1702	DD PATM_PATCHNEXTBLOCK
1703	DD 0
1704	DD PATM_RETURNADDR
1705	DD 0
1706	DD PATM_LOOKUP_AND_CALL_FUNCTION
1707	DD 0
1708	DD PATM_INTERRUPTFLAG
1709	DD 0
1710	DD 0ffffffffh
1711
1712
1713	align 16
1714	; Patch function for indirect jumps
1715	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1716	; push [pTargetGC]
1717	;
1718	BEGINPROC PATMJumpIndirect
1719	PATMJumpIndirectStart:
1720	; save flags (just to be sure)
1721	pushfd
1722	pop dword [ss:PATM_TEMP_EFLAGS]
1723
1724	push PATM_FIXUP ; fixup for jump table below
1725	DB 0E8h ; call
1726	DD PATM_LOOKUP_AND_JUMP_FUNCTION
1727	; we only return in case of a failure
1728	add esp, 8 ; pushed address of jump table + pushed target address
1729
1730	; restore flags (just to be sure)
1731	push dword [ss:PATM_TEMP_EFLAGS]
1732	popfd
1733
1734	mov dword [ss:PATM_INTERRUPTFLAG], 1
1735	PATM_INT3
1736
1737	%ifdef DEBUG
1738	; for disassembly
1739	jmp PATMJumpIndirectEnd
1740	%endif
1741
1742	align 4
1743	PATMJumpIndirectTable:
1744	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1745	DW 0 ; ulInsertPos
1746	DD 0 ; cAddresses
1747	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1748
1749	PATMJumpIndirectEnd:
1750	; returning here -> do not add code here or after the jmp!!!!!
1751	ENDPROC PATMJumpIndirect
1752
1753	; Patch record for indirect jumps
1754	GLOBALNAME PATMJumpIndirectRecord
1755	RTCCPTR_DEF PATMJumpIndirectStart
1756	DD 0
1757	DD 0
1758	DD 0
1759	DD PATMJumpIndirectEnd - PATMJumpIndirectStart
1760	DD 5
1761	DD PATM_TEMP_EFLAGS
1762	DD 0
1763	DD PATM_FIXUP
1764	DD PATMJumpIndirectTable - PATMJumpIndirectStart
1765	DD PATM_LOOKUP_AND_JUMP_FUNCTION
1766	DD 0
1767	DD PATM_TEMP_EFLAGS
1768	DD 0
1769	DD PATM_INTERRUPTFLAG
1770	DD 0
1771	DD 0ffffffffh
1772
1773	;
1774	; return from duplicated function
1775	;
1776	align 16
1777	BEGINPROC PATMRet
1778	PATMRet_Start:
1779	; probe stack here as we can't recover from page faults later on
1780	not dword [esp-32]
1781	not dword [esp-32]
1782	mov dword [ss:PATM_INTERRUPTFLAG], 0
1783	pushfd
1784	push eax
1785	push PATM_FIXUP
1786	DB 0E8h ; call
1787	DD PATM_RETURN_FUNCTION
1788	add esp, 4 ; pushed address of jump table
1789
1790	cmp eax, 0
1791	jne near PATMRet_Success
1792
1793	pop eax
1794	popfd
1795	mov dword [ss:PATM_INTERRUPTFLAG], 1
1796	PATM_INT3
1797
1798	%ifdef DEBUG
1799	; for disassembly
1800	jmp PATMRet_Success
1801	%endif
1802	align 4
1803	PATMRetTable:
1804	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1805	DW 0 ; ulInsertPos
1806	DD 0 ; cAddresses
1807	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1808
1809	PATMRet_Success:
1810	mov dword [esp+8], eax ; overwrite the saved return address
1811	pop eax
1812	popf
1813	; caller will duplicate the ret or ret n instruction
1814	; the patched call will set PATM_INTERRUPTFLAG after the return!
1815	PATMRet_End:
1816	ENDPROC PATMRet
1817
1818	GLOBALNAME PATMRetRecord
1819	RTCCPTR_DEF PATMRet_Start
1820	DD 0
1821	DD 0
1822	DD 0
1823	DD PATMRet_End - PATMRet_Start
1824	DD 4
1825	DD PATM_INTERRUPTFLAG
1826	DD 0
1827	DD PATM_FIXUP
1828	DD PATMRetTable - PATMRet_Start
1829	DD PATM_RETURN_FUNCTION
1830	DD 0
1831	DD PATM_INTERRUPTFLAG
1832	DD 0
1833	DD 0ffffffffh
1834
1835	;
1836	; global function for implementing 'retn'
1837	;
1838	; Caller is responsible for right stack layout
1839	; + 16 original return address
1840	; + 12 eflags
1841	; + 8 eax
1842	; + 4 Jump table address
1843	;( + 0 return address )
1844	;
1845	; @note assumes PATM_INTERRUPTFLAG is zero
1846	; @note assumes it can trash eax and eflags
1847	;
1848	; @returns eax=0 on failure
1849	; otherwise return address in eax
1850	;
1851	; @note NEVER change this without bumping the SSM version
1852	align 16
1853	BEGINPROC PATMRetFunction
1854	PATMRetFunction_Start:
1855	push ecx
1856	push edx
1857	push edi
1858
1859	; Event order:
1860	; (@todo figure out which path is taken most often (1 or 2))
1861	; 1) Check if the return patch address was pushed onto the PATM stack
1862	; 2) Check if the return patch address can be found in the lookup table
1863	; 3) Query return patch address from the hypervisor
1864
1865
1866	; 1) Check if the return patch address was pushed on the PATM stack
1867	cmp dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
1868	jae near PATMRetFunction_FindReturnAddress
1869
1870	mov edx, dword PATM_STACKPTR
1871
1872	; check if the return address is what we expect it to be
1873	mov eax, dword PATM_STACKBASE_GUEST
1874	add eax, dword [ss:edx] ; stack base + stack position
1875	mov eax, dword [ss:eax] ; original return address
1876	cmp eax, dword [esp+12+16] ; pushed return address
1877
1878	; the return address was changed -> let our trap handler try to find it
1879	; (can happen when the guest messes with the stack (seen it) or when we didn't call this function ourselves)
1880	jne near PATMRetFunction_FindReturnAddress
1881
1882	; found it, convert relative to absolute patch address and return the result to the caller
1883	mov eax, dword PATM_STACKBASE
1884	add eax, dword [ss:edx] ; stack base + stack position
1885	mov eax, dword [ss:eax] ; relative patm return address
1886	add eax, PATM_PATCHBASE
1887
1888	%ifdef PATM_LOG_IF_CHANGES
1889	push eax
1890	push ecx
1891	push edx
1892	mov edx, eax ; return address
1893	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
1894	mov eax, PATM_ACTION_LOG_RET
1895	mov ecx, PATM_ACTION_MAGIC
1896	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1897	pop edx
1898	pop ecx
1899	pop eax
1900	%endif
1901
1902	add dword [ss:edx], 4 ; pop return address from the PATM stack (sizeof(RTGCPTR); @note hardcoded assumption!)
1903
1904	pop edi
1905	pop edx
1906	pop ecx
1907	ret
1908
1909	PATMRetFunction_FindReturnAddress:
1910	; 2) Check if the return patch address can be found in the lookup table
1911	mov edx, dword [esp+12+16] ; pushed target address
1912
1913	xor eax, eax ; default result -> nothing found
1914	mov edi, dword [esp+12+4] ; jump table
1915	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1916	cmp ecx, 0
1917	je near PATMRetFunction_AskHypervisor
1918
1919	PATMRetFunction_SearchStart:
1920	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1921	je near PATMRetFunction_SearchHit
1922	inc eax
1923	cmp eax, ecx
1924	jl near PATMRetFunction_SearchStart
1925
1926	PATMRetFunction_AskHypervisor:
1927	; 3) Query return patch address from the hypervisor
1928	; @todo private ugly interface, since we have nothing generic at the moment
1929	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1930	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1931	mov ecx, PATM_ACTION_MAGIC
1932	mov edi, dword [esp+12+4] ; jump table address
1933	mov edx, dword [esp+12+16] ; original return address
1934	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1935	jmp near PATMRetFunction_SearchEnd
1936
1937	PATMRetFunction_SearchHit:
1938	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1939	;@note can be zero, so the next check is required!!
1940
1941	PATMRetFunction_SearchEnd:
1942	cmp eax, 0
1943	jz PATMRetFunction_Failure
1944
1945	add eax, PATM_PATCHBASE
1946
1947	%ifdef PATM_LOG_IF_CHANGES
1948	push eax
1949	push ecx
1950	push edx
1951	mov edx, eax ; return address
1952	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
1953	mov eax, PATM_ACTION_LOG_RET
1954	mov ecx, PATM_ACTION_MAGIC
1955	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1956	pop edx
1957	pop ecx
1958	pop eax
1959	%endif
1960
1961	pop edi
1962	pop edx
1963	pop ecx
1964	ret
1965
1966	PATMRetFunction_Failure:
1967	;signal error
1968	xor eax, eax
1969	pop edi
1970	pop edx
1971	pop ecx
1972	ret
1973
1974	PATMRetFunction_End:
1975	ENDPROC PATMRetFunction
1976
1977	GLOBALNAME PATMRetFunctionRecord
1978	RTCCPTR_DEF PATMRetFunction_Start
1979	DD 0
1980	DD 0
1981	DD 0
1982	DD PATMRetFunction_End - PATMRetFunction_Start
1983	%ifdef PATM_LOG_IF_CHANGES
1984	DD 9
1985	%else
1986	DD 7
1987	%endif
1988	DD PATM_STACKPTR
1989	DD 0
1990	DD PATM_STACKPTR
1991	DD 0
1992	DD PATM_STACKBASE_GUEST
1993	DD 0
1994	DD PATM_STACKBASE
1995	DD 0
1996	DD PATM_PATCHBASE
1997	DD 0
1998	%ifdef PATM_LOG_IF_CHANGES
1999	DD PATM_PENDINGACTION
2000	DD 0
2001	%endif
2002	DD PATM_PENDINGACTION
2003	DD 0
2004	DD PATM_PATCHBASE
2005	DD 0
2006	%ifdef PATM_LOG_IF_CHANGES
2007	DD PATM_PENDINGACTION
2008	DD 0
2009	%endif
2010	DD 0ffffffffh
2011
2012
2013	;
2014	; Jump to original instruction if IF=1
2015	;
2016	BEGINPROC PATMCheckIF
2017	PATMCheckIF_Start:
2018	mov dword [ss:PATM_INTERRUPTFLAG], 0
2019	pushf
2020	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2021	jnz PATMCheckIF_Safe
2022	nop
2023
2024	; IF=0 -> unsafe, so we must call the duplicated function (which we don't do here)
2025	popf
2026	mov dword [ss:PATM_INTERRUPTFLAG], 1
2027	jmp PATMCheckIF_End
2028
2029	PATMCheckIF_Safe:
2030	; invalidate the PATM stack as we'll jump back to guest code
2031	mov dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2032
2033	%ifdef PATM_LOG_IF_CHANGES
2034	push eax
2035	push ecx
2036	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_IF1
2037	mov eax, PATM_ACTION_LOG_IF1
2038	mov ecx, PATM_ACTION_MAGIC
2039	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2040	pop ecx
2041	pop eax
2042	%endif
2043	popf
2044	mov dword [ss:PATM_INTERRUPTFLAG], 1
2045	; IF=1 -> we can safely jump back to the original instruction
2046	DB 0xE9
2047	PATMCheckIF_Jump:
2048	DD PATM_JUMPDELTA
2049	PATMCheckIF_End:
2050	ENDPROC PATMCheckIF
2051
2052	; Patch record for call instructions
2053	GLOBALNAME PATMCheckIFRecord
2054	RTCCPTR_DEF PATMCheckIF_Start
2055	DD PATMCheckIF_Jump - PATMCheckIF_Start
2056	DD 0
2057	DD 0
2058	DD PATMCheckIF_End - PATMCheckIF_Start
2059	%ifdef PATM_LOG_IF_CHANGES
2060	DD 6
2061	%else
2062	DD 5
2063	%endif
2064	DD PATM_INTERRUPTFLAG
2065	DD 0
2066	DD PATM_VMFLAGS
2067	DD 0
2068	DD PATM_INTERRUPTFLAG
2069	DD 0
2070	DD PATM_STACKPTR
2071	DD 0
2072	%ifdef PATM_LOG_IF_CHANGES
2073	DD PATM_PENDINGACTION
2074	DD 0
2075	%endif
2076	DD PATM_INTERRUPTFLAG
2077	DD 0
2078	DD 0ffffffffh
2079
2080	;
2081	; Jump back to guest if IF=1, else fault
2082	;
2083	BEGINPROC PATMJumpToGuest_IF1
2084	PATMJumpToGuest_IF1_Start:
2085	mov dword [ss:PATM_INTERRUPTFLAG], 0
2086	pushf
2087	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2088	jnz PATMJumpToGuest_IF1_Safe
2089	nop
2090
2091	; IF=0 -> unsafe, so fault
2092	popf
2093	mov dword [ss:PATM_INTERRUPTFLAG], 1
2094	PATM_INT3
2095
2096	PATMJumpToGuest_IF1_Safe:
2097	; IF=1 -> we can safely jump back to the original instruction
2098	popf
2099	mov dword [ss:PATM_INTERRUPTFLAG], 1
2100	DB 0xE9
2101	PATMJumpToGuest_IF1_Jump:
2102	DD PATM_JUMPDELTA
2103	PATMJumpToGuest_IF1_End:
2104	ENDPROC PATMJumpToGuest_IF1
2105
2106	; Patch record for call instructions
2107	GLOBALNAME PATMJumpToGuest_IF1Record
2108	RTCCPTR_DEF PATMJumpToGuest_IF1_Start
2109	DD PATMJumpToGuest_IF1_Jump - PATMJumpToGuest_IF1_Start
2110	DD 0
2111	DD 0
2112	DD PATMJumpToGuest_IF1_End - PATMJumpToGuest_IF1_Start
2113	DD 4
2114	DD PATM_INTERRUPTFLAG
2115	DD 0
2116	DD PATM_VMFLAGS
2117	DD 0
2118	DD PATM_INTERRUPTFLAG
2119	DD 0
2120	DD PATM_INTERRUPTFLAG
2121	DD 0
2122	DD 0ffffffffh
2123
2124	; For assertion during init (to make absolutely sure the flags are in sync in vm.mac & vm.h)
2125	GLOBALNAME PATMInterruptFlag
2126	DD VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
2127

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/VMM/PATM/PATMA.asm@ 160

Download in other formats: