PATMA.asm@ 271

Last change on this file since 271 was 181, checked in by vboxsync, 18 years ago
Log all popf replacements
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 58.3 KB

Line
1	; $Id: PATMA.asm 181 2007-01-19 15:19:17Z vboxsync $
2	;; @file
3	; PATM Assembly Routines.
4	;
5
6	; Copyright (C) 2006 InnoTek Systemberatung GmbH
7	;
8	; This file is part of VirtualBox Open Source Edition (OSE), as
9	; available from http://www.virtualbox.org. This file is free software;
10	; you can redistribute it and/or modify it under the terms of the GNU
11	; General Public License as published by the Free Software Foundation,
12	; in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
13	; distribution. VirtualBox OSE is distributed in the hope that it will
14	; be useful, but WITHOUT ANY WARRANTY of any kind.
15	;
16	; If you received this file as part of a commercial VirtualBox
17	; distribution, then only the terms of your commercial VirtualBox
18	; license agreement apply instead of the previous paragraph.
19
20	;
21	; @note This method has problems in theory. If we fault for any reason, then we won't be able to restore
22	; the guest's context properly!!
23	; E.g if one of the push instructions causes a fault or SS isn't wide open and our patch GC state accesses aren't valid.
24	; @assumptions
25	; - Enough stack for a few pushes
26	; - The SS selector has base 0 and limit 0xffffffff
27	;
28	; @todo stack probing is currently hardcoded and not present everywhere (search for 'probe stack')
29
30
31	;*******************************************************************************
32	;* Header Files *
33	;*******************************************************************************
34	%include "VBox/asmdefs.mac"
35	%include "VBox/err.mac"
36	%include "VBox/x86.mac"
37	%include "VBox/vm.mac"
38	%include "PATMA.mac"
39
40
41	BEGINCODE
42
43	%ifdef __AMD64__
44	BITS 32 ; switch to 32-bit mode (x86).
45	%endif
46
47	%ifdef VBOX_WITH_STATISTICS
48	;
49	; Patch call statistics
50	;
51	BEGINPROC PATMStats
52	PATMStats_Start:
53	mov dword [ss:PATM_INTERRUPTFLAG], 0
54	pushf
55	inc dword [ss:PATM_ALLPATCHCALLS]
56	inc dword [ss:PATM_PERPATCHCALLS]
57	popf
58	mov dword [ss:PATM_INTERRUPTFLAG], 1
59	PATMStats_End:
60	ENDPROC PATMStats
61
62
63	; Patch record for statistics
64	GLOBALNAME PATMStatsRecord
65	RTCCPTR_DEF PATMStats_Start
66	DD 0
67	DD 0
68	DD 0
69	DD PATMStats_End - PATMStats_Start
70	DD 4
71	DD PATM_INTERRUPTFLAG
72	DD 0
73	DD PATM_ALLPATCHCALLS
74	DD 0
75	DD PATM_PERPATCHCALLS
76	DD 0
77	DD PATM_INTERRUPTFLAG
78	DD 0
79	DD 0ffffffffh
80	%endif
81
82	;
83	; Set PATM_INTERRUPTFLAG
84	;
85	BEGINPROC PATMSetPIF
86	PATMSetPIF_Start:
87	mov dword [ss:PATM_INTERRUPTFLAG], 1
88	PATMSetPIF_End:
89	ENDPROC PATMSetPIF
90
91
92	; Patch record for setting PATM_INTERRUPTFLAG
93	GLOBALNAME PATMSetPIFRecord
94	RTCCPTR_DEF PATMSetPIF_Start
95	DD 0
96	DD 0
97	DD 0
98	DD PATMSetPIF_End - PATMSetPIF_Start
99	DD 1
100	DD PATM_INTERRUPTFLAG
101	DD 0
102	DD 0ffffffffh
103
104	;
105	; Clear PATM_INTERRUPTFLAG
106	;
107	BEGINPROC PATMClearPIF
108	PATMClearPIF_Start:
109	; probe stack here as we can't recover from page faults later on
110	not dword [esp-64]
111	not dword [esp-64]
112	mov dword [ss:PATM_INTERRUPTFLAG], 0
113	PATMClearPIF_End:
114	ENDPROC PATMClearPIF
115
116
117	; Patch record for clearing PATM_INTERRUPTFLAG
118	GLOBALNAME PATMClearPIFRecord
119	RTCCPTR_DEF PATMClearPIF_Start
120	DD 0
121	DD 0
122	DD 0
123	DD PATMClearPIF_End - PATMClearPIF_Start
124	DD 1
125	DD PATM_INTERRUPTFLAG
126	DD 0
127	DD 0ffffffffh
128
129	;
130	; Clear PATM_INHIBITIRQADDR and fault if IF=0
131	;
132	BEGINPROC PATMClearInhibitIRQFaultIF0
133	PATMClearInhibitIRQFaultIF0_Start:
134	mov dword [ss:PATM_INTERRUPTFLAG], 0
135	mov dword [ss:PATM_INHIBITIRQADDR], 0
136	pushf
137
138	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
139	jz PATMClearInhibitIRQFaultIF0_Fault
140
141	; if interrupts are pending, then we must go back to the host context to handle them!
142	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
143	jz PATMClearInhibitIRQFaultIF0_Continue
144
145	; Go to our hypervisor trap handler to dispatch the pending irq
146	mov dword [ss:PATM_TEMP_EAX], eax
147	mov dword [ss:PATM_TEMP_ECX], ecx
148	mov dword [ss:PATM_TEMP_EDI], edi
149	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
150	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
151	lock or dword [ss:PATM_PENDINGACTION], eax
152	mov ecx, PATM_ACTION_MAGIC
153	mov edi, PATM_NEXTINSTRADDR
154	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
155	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
156	; does not return
157
158	PATMClearInhibitIRQFaultIF0_Fault:
159	popf
160	mov dword [ss:PATM_INTERRUPTFLAG], 1
161	PATM_INT3
162
163	PATMClearInhibitIRQFaultIF0_Continue:
164	popf
165	mov dword [ss:PATM_INTERRUPTFLAG], 1
166	PATMClearInhibitIRQFaultIF0_End:
167	ENDPROC PATMClearInhibitIRQFaultIF0
168
169
170	; Patch record for clearing PATM_INHIBITIRQADDR
171	GLOBALNAME PATMClearInhibitIRQFaultIF0Record
172	RTCCPTR_DEF PATMClearInhibitIRQFaultIF0_Start
173	DD 0
174	DD 0
175	DD 0
176	DD PATMClearInhibitIRQFaultIF0_End - PATMClearInhibitIRQFaultIF0_Start
177	DD 12
178	DD PATM_INTERRUPTFLAG
179	DD 0
180	DD PATM_INHIBITIRQADDR
181	DD 0
182	DD PATM_VMFLAGS
183	DD 0
184	DD PATM_VM_FORCEDACTIONS
185	DD 0
186	DD PATM_TEMP_EAX
187	DD 0
188	DD PATM_TEMP_ECX
189	DD 0
190	DD PATM_TEMP_EDI
191	DD 0
192	DD PATM_TEMP_RESTORE_FLAGS
193	DD 0
194	DD PATM_PENDINGACTION
195	DD 0
196	DD PATM_NEXTINSTRADDR
197	DD 0
198	DD PATM_INTERRUPTFLAG
199	DD 0
200	DD PATM_INTERRUPTFLAG
201	DD 0
202	DD 0ffffffffh
203
204	;
205	; Clear PATM_INHIBITIRQADDR and continue if IF=0 (duplicated function only; never jump back to guest code afterwards!!)
206	;
207	BEGINPROC PATMClearInhibitIRQContIF0
208	PATMClearInhibitIRQContIF0_Start:
209	mov dword [ss:PATM_INTERRUPTFLAG], 0
210	mov dword [ss:PATM_INHIBITIRQADDR], 0
211	pushf
212
213	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
214	jz PATMClearInhibitIRQContIF0_Continue
215
216	; if interrupts are pending, then we must go back to the host context to handle them!
217	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
218	jz PATMClearInhibitIRQContIF0_Continue
219
220	; Go to our hypervisor trap handler to dispatch the pending irq
221	mov dword [ss:PATM_TEMP_EAX], eax
222	mov dword [ss:PATM_TEMP_ECX], ecx
223	mov dword [ss:PATM_TEMP_EDI], edi
224	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
225	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
226	lock or dword [ss:PATM_PENDINGACTION], eax
227	mov ecx, PATM_ACTION_MAGIC
228	mov edi, PATM_NEXTINSTRADDR
229	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
230	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
231	; does not return
232
233	PATMClearInhibitIRQContIF0_Continue:
234	popf
235	mov dword [ss:PATM_INTERRUPTFLAG], 1
236	PATMClearInhibitIRQContIF0_End:
237	ENDPROC PATMClearInhibitIRQContIF0
238
239
240	; Patch record for clearing PATM_INHIBITIRQADDR
241	GLOBALNAME PATMClearInhibitIRQContIF0Record
242	RTCCPTR_DEF PATMClearInhibitIRQContIF0_Start
243	DD 0
244	DD 0
245	DD 0
246	DD PATMClearInhibitIRQContIF0_End - PATMClearInhibitIRQContIF0_Start
247	DD 11
248	DD PATM_INTERRUPTFLAG
249	DD 0
250	DD PATM_INHIBITIRQADDR
251	DD 0
252	DD PATM_VMFLAGS
253	DD 0
254	DD PATM_VM_FORCEDACTIONS
255	DD 0
256	DD PATM_TEMP_EAX
257	DD 0
258	DD PATM_TEMP_ECX
259	DD 0
260	DD PATM_TEMP_EDI
261	DD 0
262	DD PATM_TEMP_RESTORE_FLAGS
263	DD 0
264	DD PATM_PENDINGACTION
265	DD 0
266	DD PATM_NEXTINSTRADDR
267	DD 0
268	DD PATM_INTERRUPTFLAG
269	DD 0
270	DD 0ffffffffh
271
272
273	BEGINPROC PATMCliReplacement
274	PATMCliStart:
275	mov dword [ss:PATM_INTERRUPTFLAG], 0
276	pushf
277	%ifdef PATM_LOG_IF_CHANGES
278	push eax
279	push ecx
280	mov eax, PATM_ACTION_LOG_CLI
281	lock or dword [ss:PATM_PENDINGACTION], eax
282	mov ecx, PATM_ACTION_MAGIC
283	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
284	pop ecx
285	pop eax
286	%endif
287
288	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
289	popf
290
291	mov dword [ss:PATM_INTERRUPTFLAG], 1
292	DB 0xE9
293	PATMCliJump:
294	DD PATM_JUMPDELTA
295	PATMCliEnd:
296	ENDPROC PATMCliReplacement
297
298
299	; Patch record for 'cli'
300	GLOBALNAME PATMCliRecord
301	RTCCPTR_DEF PATMCliStart
302	DD PATMCliJump - PATMCliStart
303	DD 0
304	DD 0
305	DD PATMCliEnd - PATMCliStart
306	%ifdef PATM_LOG_IF_CHANGES
307	DD 4
308	%else
309	DD 3
310	%endif
311	DD PATM_INTERRUPTFLAG
312	DD 0
313	%ifdef PATM_LOG_IF_CHANGES
314	DD PATM_PENDINGACTION
315	DD 0
316	%endif
317	DD PATM_VMFLAGS
318	DD 0
319	DD PATM_INTERRUPTFLAG
320	DD 0
321	DD 0ffffffffh
322
323
324	BEGINPROC PATMStiReplacement
325	PATMStiStart:
326	mov dword [ss:PATM_INTERRUPTFLAG], 0
327	mov dword [ss:PATM_INHIBITIRQADDR], PATM_NEXTINSTRADDR
328	pushf
329	%ifdef PATM_LOG_IF_CHANGES
330	push eax
331	push ecx
332	mov eax, PATM_ACTION_LOG_STI
333	lock or dword [ss:PATM_PENDINGACTION], eax
334	mov ecx, PATM_ACTION_MAGIC
335	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
336	pop ecx
337	pop eax
338	%endif
339	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
340	popf
341	mov dword [ss:PATM_INTERRUPTFLAG], 1
342	PATMStiEnd:
343	ENDPROC PATMStiReplacement
344
345	; Patch record for 'sti'
346	GLOBALNAME PATMStiRecord
347	RTCCPTR_DEF PATMStiStart
348	DD 0
349	DD 0
350	DD 0
351	DD PATMStiEnd - PATMStiStart
352	%ifdef PATM_LOG_IF_CHANGES
353	DD 6
354	%else
355	DD 5
356	%endif
357	DD PATM_INTERRUPTFLAG
358	DD 0
359	DD PATM_INHIBITIRQADDR
360	DD 0
361	DD PATM_NEXTINSTRADDR
362	DD 0
363	%ifdef PATM_LOG_IF_CHANGES
364	DD PATM_PENDINGACTION
365	DD 0
366	%endif
367	DD PATM_VMFLAGS
368	DD 0
369	DD PATM_INTERRUPTFLAG
370	DD 0
371	DD 0ffffffffh
372
373	;
374	; Trampoline code for trap entry (without error code on the stack)
375	;
376	; esp + 16 - SS (if transfer to inner ring)
377	; esp + 12 - ESP (if transfer to inner ring)
378	; esp + 8 - EFLAGS
379	; esp + 4 - CS
380	; esp - EIP
381	;
382	BEGINPROC PATMTrapEntry
383	PATMTrapEntryStart:
384	mov dword [ss:PATM_INTERRUPTFLAG], 0
385	pushf
386
387	; make sure the saved CS selector for ring 1 is made 0
388	test dword [esp+8], 2
389	jnz PATMTrapNoRing1
390	test dword [esp+8], 1
391	jz PATMTrapNoRing1
392	and dword [esp+8], dword ~1 ; yasm / nasm dword
393	PATMTrapNoRing1:
394
395	; correct EFLAGS on the stack to include the current IOPL
396	push eax
397	mov eax, dword [ss:PATM_VMFLAGS]
398	and eax, X86_EFL_IOPL
399	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
400	or dword [esp+16], eax
401	pop eax
402
403	popf
404	mov dword [ss:PATM_INTERRUPTFLAG], 1
405	DB 0xE9
406	PATMTrapEntryJump:
407	DD PATM_JUMPDELTA
408	PATMTrapEntryEnd:
409	ENDPROC PATMTrapEntry
410
411
412	; Patch record for trap gate entrypoint
413	GLOBALNAME PATMTrapEntryRecord
414	RTCCPTR_DEF PATMTrapEntryStart
415	DD PATMTrapEntryJump - PATMTrapEntryStart
416	DD 0
417	DD 0
418	DD PATMTrapEntryEnd - PATMTrapEntryStart
419	DD 3
420	DD PATM_INTERRUPTFLAG
421	DD 0
422	DD PATM_VMFLAGS
423	DD 0
424	DD PATM_INTERRUPTFLAG
425	DD 0
426	DD 0ffffffffh
427
428	;
429	; Trampoline code for trap entry (with error code on the stack)
430	;
431	; esp + 20 - SS (if transfer to inner ring)
432	; esp + 16 - ESP (if transfer to inner ring)
433	; esp + 12 - EFLAGS
434	; esp + 8 - CS
435	; esp + 4 - EIP
436	; esp - error code
437	;
438	BEGINPROC PATMTrapEntryErrorCode
439	PATMTrapErrorCodeEntryStart:
440	mov dword [ss:PATM_INTERRUPTFLAG], 0
441	pushf
442
443	; make sure the saved CS selector for ring 1 is made 0
444	test dword [esp+12], 2
445	jnz PATMTrapErrorCodeNoRing1
446	test dword [esp+12], 1
447	jz PATMTrapErrorCodeNoRing1
448	and dword [esp+12], dword ~1 ; yasm / nasm dword
449	PATMTrapErrorCodeNoRing1:
450
451	; correct EFLAGS on the stack to include the current IOPL
452	push eax
453	mov eax, dword [ss:PATM_VMFLAGS]
454	and eax, X86_EFL_IOPL
455	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(error code)+4(eax)
456	or dword [esp+20], eax
457	pop eax
458
459	popf
460	mov dword [ss:PATM_INTERRUPTFLAG], 1
461	DB 0xE9
462	PATMTrapErrorCodeEntryJump:
463	DD PATM_JUMPDELTA
464	PATMTrapErrorCodeEntryEnd:
465	ENDPROC PATMTrapEntryErrorCode
466
467
468	; Patch record for trap gate entrypoint
469	GLOBALNAME PATMTrapEntryRecordErrorCode
470	RTCCPTR_DEF PATMTrapErrorCodeEntryStart
471	DD PATMTrapErrorCodeEntryJump - PATMTrapErrorCodeEntryStart
472	DD 0
473	DD 0
474	DD PATMTrapErrorCodeEntryEnd - PATMTrapErrorCodeEntryStart
475	DD 3
476	DD PATM_INTERRUPTFLAG
477	DD 0
478	DD PATM_VMFLAGS
479	DD 0
480	DD PATM_INTERRUPTFLAG
481	DD 0
482	DD 0ffffffffh
483
484
485	;
486	; Trampoline code for interrupt gate entry (without error code on the stack)
487	;
488	; esp + 16 - SS (if transfer to inner ring)
489	; esp + 12 - ESP (if transfer to inner ring)
490	; esp + 8 - EFLAGS
491	; esp + 4 - CS
492	; esp - EIP
493	;
494	BEGINPROC PATMIntEntry
495	PATMIntEntryStart:
496	mov dword [ss:PATM_INTERRUPTFLAG], 0
497	pushf
498
499	; make sure the saved CS selector for ring 1 is made 0
500	test dword [esp+8], 2
501	jnz PATMIntNoRing1
502	test dword [esp+8], 1
503	jz PATMIntNoRing1
504	and dword [esp+8], dword ~1 ; yasm / nasm dword
505	PATMIntNoRing1:
506
507	; correct EFLAGS on the stack to include the current IOPL
508	push eax
509	mov eax, dword [ss:PATM_VMFLAGS]
510	and eax, X86_EFL_IOPL
511	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
512	or dword [esp+16], eax
513	pop eax
514
515	popf
516	mov dword [ss:PATM_INTERRUPTFLAG], 1
517	PATMIntEntryEnd:
518	ENDPROC PATMIntEntry
519
520
521	; Patch record for interrupt gate entrypoint
522	GLOBALNAME PATMIntEntryRecord
523	RTCCPTR_DEF PATMIntEntryStart
524	DD 0
525	DD 0
526	DD 0
527	DD PATMIntEntryEnd - PATMIntEntryStart
528	DD 3
529	DD PATM_INTERRUPTFLAG
530	DD 0
531	DD PATM_VMFLAGS
532	DD 0
533	DD PATM_INTERRUPTFLAG
534	DD 0
535	DD 0ffffffffh
536
537	;
538	; Trampoline code for interrupt gate entry (with error code on the stack)
539	;
540	; esp + 20 - SS (if transfer to inner ring)
541	; esp + 16 - ESP (if transfer to inner ring)
542	; esp + 12 - EFLAGS
543	; esp + 8 - CS
544	; esp + 4 - EIP
545	; esp - error code
546	;
547	BEGINPROC PATMIntEntryErrorCode
548	PATMIntEntryErrorCodeStart:
549	mov dword [ss:PATM_INTERRUPTFLAG], 0
550	pushf
551
552	; make sure the saved CS selector for ring 1 is made 0
553	test dword [esp+12], 2
554	jnz PATMIntNoRing1_ErrorCode
555	test dword [esp+12], 1
556	jz PATMIntNoRing1_ErrorCode
557	and dword [esp+12], dword ~1 ; yasm / nasm dword
558	PATMIntNoRing1_ErrorCode:
559
560	; correct EFLAGS on the stack to include the current IOPL
561	push eax
562	mov eax, dword [ss:PATM_VMFLAGS]
563	and eax, X86_EFL_IOPL
564	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(eax)+4(error code)
565	or dword [esp+20], eax
566	pop eax
567
568	popf
569	mov dword [ss:PATM_INTERRUPTFLAG], 1
570	PATMIntEntryErrorCodeEnd:
571	ENDPROC PATMIntEntryErrorCode
572
573
574	; Patch record for interrupt gate entrypoint
575	GLOBALNAME PATMIntEntryRecordErrorCode
576	RTCCPTR_DEF PATMIntEntryErrorCodeStart
577	DD 0
578	DD 0
579	DD 0
580	DD PATMIntEntryErrorCodeEnd - PATMIntEntryErrorCodeStart
581	DD 3
582	DD PATM_INTERRUPTFLAG
583	DD 0
584	DD PATM_VMFLAGS
585	DD 0
586	DD PATM_INTERRUPTFLAG
587	DD 0
588	DD 0ffffffffh
589
590	;
591	; 32 bits Popf replacement that faults when IF remains 0
592	;
593	BEGINPROC PATMPopf32Replacement
594	PATMPopf32Start:
595	mov dword [ss:PATM_INTERRUPTFLAG], 0
596	%ifdef PATM_LOG_IF_CHANGES
597	push eax
598	push ecx
599	mov eax, PATM_ACTION_LOG_POPF_IF1
600	test dword [esp+8], X86_EFL_IF
601	jnz PATMPopf32_Log
602	mov eax, PATM_ACTION_LOG_POPF_IF0
603
604	PATMPopf32_Log:
605	lock or dword [ss:PATM_PENDINGACTION], eax
606	mov ecx, PATM_ACTION_MAGIC
607	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
608	pop ecx
609	pop eax
610	%endif
611
612	test dword [esp], X86_EFL_IF
613	jnz PATMPopf32_Ok
614	mov dword [ss:PATM_INTERRUPTFLAG], 1
615	PATM_INT3
616
617	PATMPopf32_Ok:
618	pop dword [ss:PATM_VMFLAGS]
619	push dword [ss:PATM_VMFLAGS]
620
621	; if interrupts are pending, then we must go back to the host context to handle them!
622	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
623	jz PATMPopf32_Continue
624
625	; Go to our hypervisor trap handler to dispatch the pending irq
626	mov dword [ss:PATM_TEMP_EAX], eax
627	mov dword [ss:PATM_TEMP_ECX], ecx
628	mov dword [ss:PATM_TEMP_EDI], edi
629	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
630	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
631	lock or dword [ss:PATM_PENDINGACTION], eax
632	mov ecx, PATM_ACTION_MAGIC
633	mov edi, PATM_NEXTINSTRADDR
634
635	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
636	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
637	; does not return
638
639	PATMPopf32_Continue:
640	popfd ; restore flags we pushed above
641	mov dword [ss:PATM_INTERRUPTFLAG], 1
642	DB 0xE9
643	PATMPopf32Jump:
644	DD PATM_JUMPDELTA
645	PATMPopf32End:
646	ENDPROC PATMPopf32Replacement
647
648
649	; Patch record for 'popfd'
650	GLOBALNAME PATMPopf32Record
651	RTCCPTR_DEF PATMPopf32Start
652	DD PATMPopf32Jump - PATMPopf32Start
653	DD 0
654	DD 0
655	DD PATMPopf32End - PATMPopf32Start
656	%ifdef PATM_LOG_IF_CHANGES
657	DD 13
658	%else
659	DD 12
660	%endif
661	DD PATM_INTERRUPTFLAG
662	DD 0
663	%ifdef PATM_LOG_IF_CHANGES
664	DD PATM_PENDINGACTION
665	DD 0
666	%endif
667	DD PATM_INTERRUPTFLAG
668	DD 0
669	DD PATM_VMFLAGS
670	DD 0
671	DD PATM_VMFLAGS
672	DD 0
673	DD PATM_VM_FORCEDACTIONS
674	DD 0
675	DD PATM_TEMP_EAX
676	DD 0
677	DD PATM_TEMP_ECX
678	DD 0
679	DD PATM_TEMP_EDI
680	DD 0
681	DD PATM_TEMP_RESTORE_FLAGS
682	DD 0
683	DD PATM_PENDINGACTION
684	DD 0
685	DD PATM_NEXTINSTRADDR
686	DD 0
687	DD PATM_INTERRUPTFLAG
688	DD 0
689	DD 0ffffffffh
690
691	; no need to check the IF flag when popf isn't an exit point of a patch (e.g. function duplication)
692	BEGINPROC PATMPopf32Replacement_NoExit
693	PATMPopf32_NoExitStart:
694	mov dword [ss:PATM_INTERRUPTFLAG], 0
695	%ifdef PATM_LOG_IF_CHANGES
696	push eax
697	push ecx
698	mov eax, PATM_ACTION_LOG_POPF_IF1
699	test dword [esp+8], X86_EFL_IF
700	jnz PATMPopf32_NoExitLog
701	mov eax, PATM_ACTION_LOG_POPF_IF0
702
703	PATMPopf32_NoExitLog:
704	lock or dword [ss:PATM_PENDINGACTION], eax
705	mov ecx, PATM_ACTION_MAGIC
706	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
707	pop ecx
708	pop eax
709	%endif
710	test dword [esp], X86_EFL_IF
711	jz PATMPopf32_NoExit_Continue
712
713	; if interrupts are pending, then we must go back to the host context to handle them!
714	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
715	jz PATMPopf32_NoExit_Continue
716
717	; Go to our hypervisor trap handler to dispatch the pending irq
718	mov dword [ss:PATM_TEMP_EAX], eax
719	mov dword [ss:PATM_TEMP_ECX], ecx
720	mov dword [ss:PATM_TEMP_EDI], edi
721	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
722	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
723	lock or dword [ss:PATM_PENDINGACTION], eax
724	mov ecx, PATM_ACTION_MAGIC
725	mov edi, PATM_NEXTINSTRADDR
726
727	pop dword [ss:PATM_VMFLAGS] ; restore flags now (the or instruction changes the flags as well)
728	push dword [ss:PATM_VMFLAGS]
729	popfd
730
731	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
732	; does not return
733
734	PATMPopf32_NoExit_Continue:
735	pop dword [ss:PATM_VMFLAGS]
736	push dword [ss:PATM_VMFLAGS]
737	popfd
738	mov dword [ss:PATM_INTERRUPTFLAG], 1
739	PATMPopf32_NoExitEnd:
740	ENDPROC PATMPopf32Replacement_NoExit
741
742
743	; Patch record for 'popfd'
744	GLOBALNAME PATMPopf32Record_NoExit
745	RTCCPTR_DEF PATMPopf32_NoExitStart
746	DD 0
747	DD 0
748	DD 0
749	DD PATMPopf32_NoExitEnd - PATMPopf32_NoExitStart
750	%ifdef PATM_LOG_IF_CHANGES
751	DD 14
752	%else
753	DD 13
754	%endif
755	DD PATM_INTERRUPTFLAG
756	DD 0
757	%ifdef PATM_LOG_IF_CHANGES
758	DD PATM_PENDINGACTION
759	DD 0
760	%endif
761	DD PATM_VM_FORCEDACTIONS
762	DD 0
763	DD PATM_TEMP_EAX
764	DD 0
765	DD PATM_TEMP_ECX
766	DD 0
767	DD PATM_TEMP_EDI
768	DD 0
769	DD PATM_TEMP_RESTORE_FLAGS
770	DD 0
771	DD PATM_PENDINGACTION
772	DD 0
773	DD PATM_NEXTINSTRADDR
774	DD 0
775	DD PATM_VMFLAGS
776	DD 0
777	DD PATM_VMFLAGS
778	DD 0
779	DD PATM_VMFLAGS
780	DD 0
781	DD PATM_VMFLAGS
782	DD 0
783	DD PATM_INTERRUPTFLAG
784	DD 0
785	DD 0ffffffffh
786
787
788	;
789	; 16 bits Popf replacement that faults when IF remains 0
790	;
791	BEGINPROC PATMPopf16Replacement
792	PATMPopf16Start:
793	mov dword [ss:PATM_INTERRUPTFLAG], 0
794	test word [esp], X86_EFL_IF
795	jnz PATMPopf16_Ok
796	mov dword [ss:PATM_INTERRUPTFLAG], 1
797	PATM_INT3
798
799	PATMPopf16_Ok:
800	; if interrupts are pending, then we must go back to the host context to handle them!
801	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
802	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
803	jz PATMPopf16_Continue
804	mov dword [ss:PATM_INTERRUPTFLAG], 1
805	PATM_INT3
806
807	PATMPopf16_Continue:
808
809	pop word [ss:PATM_VMFLAGS]
810	push word [ss:PATM_VMFLAGS]
811	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
812	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
813
814	DB 0x66 ; size override
815	popf ;after the and and or operations!! (flags must be preserved)
816	mov dword [ss:PATM_INTERRUPTFLAG], 1
817
818	DB 0xE9
819	PATMPopf16Jump:
820	DD PATM_JUMPDELTA
821	PATMPopf16End:
822	ENDPROC PATMPopf16Replacement
823
824
825	; Patch record for 'popf'
826	GLOBALNAME PATMPopf16Record
827	RTCCPTR_DEF PATMPopf16Start
828	DD PATMPopf16Jump - PATMPopf16Start
829	DD 0
830	DD 0
831	DD PATMPopf16End - PATMPopf16Start
832	DD 9
833	DD PATM_INTERRUPTFLAG
834	DD 0
835	DD PATM_INTERRUPTFLAG
836	DD 0
837	DD PATM_VM_FORCEDACTIONS
838	DD 0
839	DD PATM_INTERRUPTFLAG
840	DD 0
841	DD PATM_VMFLAGS
842	DD 0
843	DD PATM_VMFLAGS
844	DD 0
845	DD PATM_VMFLAGS
846	DD 0
847	DD PATM_VMFLAGS
848	DD 0
849	DD PATM_INTERRUPTFLAG
850	DD 0
851	DD 0ffffffffh
852
853	;
854	; 16 bits Popf replacement that faults when IF remains 0
855	; @todo not necessary to fault in that case (see 32 bits version)
856	BEGINPROC PATMPopf16Replacement_NoExit
857	PATMPopf16Start_NoExit:
858	mov dword [ss:PATM_INTERRUPTFLAG], 0
859	test word [esp], X86_EFL_IF
860	jnz PATMPopf16_Ok_NoExit
861	mov dword [ss:PATM_INTERRUPTFLAG], 1
862	PATM_INT3
863
864	PATMPopf16_Ok_NoExit:
865	; if interrupts are pending, then we must go back to the host context to handle them!
866	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
867	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
868	jz PATMPopf16_Continue_NoExit
869	mov dword [ss:PATM_INTERRUPTFLAG], 1
870	PATM_INT3
871
872	PATMPopf16_Continue_NoExit:
873
874	pop word [ss:PATM_VMFLAGS]
875	push word [ss:PATM_VMFLAGS]
876	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
877	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
878
879	DB 0x66 ; size override
880	popf ;after the and and or operations!! (flags must be preserved)
881	mov dword [ss:PATM_INTERRUPTFLAG], 1
882	PATMPopf16End_NoExit:
883	ENDPROC PATMPopf16Replacement_NoExit
884
885
886	; Patch record for 'popf'
887	GLOBALNAME PATMPopf16Record_NoExit
888	RTCCPTR_DEF PATMPopf16Start_NoExit
889	DD 0
890	DD 0
891	DD 0
892	DD PATMPopf16End_NoExit - PATMPopf16Start_NoExit
893	DD 9
894	DD PATM_INTERRUPTFLAG
895	DD 0
896	DD PATM_INTERRUPTFLAG
897	DD 0
898	DD PATM_VM_FORCEDACTIONS
899	DD 0
900	DD PATM_INTERRUPTFLAG
901	DD 0
902	DD PATM_VMFLAGS
903	DD 0
904	DD PATM_VMFLAGS
905	DD 0
906	DD PATM_VMFLAGS
907	DD 0
908	DD PATM_VMFLAGS
909	DD 0
910	DD PATM_INTERRUPTFLAG
911	DD 0
912	DD 0ffffffffh
913
914
915	BEGINPROC PATMPushf32Replacement
916	PATMPushf32Start:
917	mov dword [ss:PATM_INTERRUPTFLAG], 0
918	pushfd
919	%ifdef PATM_LOG_IF_CHANGES
920	push eax
921	push ecx
922	mov eax, PATM_ACTION_LOG_PUSHF
923	lock or dword [ss:PATM_PENDINGACTION], eax
924	mov ecx, PATM_ACTION_MAGIC
925	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
926	pop ecx
927	pop eax
928	%endif
929
930	pushfd
931	push eax
932	mov eax, dword [esp+8]
933	and eax, PATM_FLAGS_MASK
934	or eax, dword [ss:PATM_VMFLAGS]
935	mov dword [esp+8], eax
936	pop eax
937	popfd
938	mov dword [ss:PATM_INTERRUPTFLAG], 1
939	PATMPushf32End:
940	ENDPROC PATMPushf32Replacement
941
942
943	; Patch record for 'pushfd'
944	GLOBALNAME PATMPushf32Record
945	RTCCPTR_DEF PATMPushf32Start
946	DD 0
947	DD 0
948	DD 0
949	DD PATMPushf32End - PATMPushf32Start
950	%ifdef PATM_LOG_IF_CHANGES
951	DD 4
952	%else
953	DD 3
954	%endif
955	DD PATM_INTERRUPTFLAG
956	DD 0
957	%ifdef PATM_LOG_IF_CHANGES
958	DD PATM_PENDINGACTION
959	DD 0
960	%endif
961	DD PATM_VMFLAGS
962	DD 0
963	DD PATM_INTERRUPTFLAG
964	DD 0
965	DD 0ffffffffh
966
967
968	BEGINPROC PATMPushf16Replacement
969	PATMPushf16Start:
970	mov dword [ss:PATM_INTERRUPTFLAG], 0
971	DB 0x66 ; size override
972	pushf
973	DB 0x66 ; size override
974	pushf
975	push eax
976	xor eax, eax
977	mov ax, word [esp+6]
978	and eax, PATM_FLAGS_MASK
979	or eax, dword [ss:PATM_VMFLAGS]
980	mov word [esp+6], ax
981	pop eax
982
983	DB 0x66 ; size override
984	popf
985	mov dword [ss:PATM_INTERRUPTFLAG], 1
986	PATMPushf16End:
987	ENDPROC PATMPushf16Replacement
988
989
990	; Patch record for 'pushf'
991	GLOBALNAME PATMPushf16Record
992	RTCCPTR_DEF PATMPushf16Start
993	DD 0
994	DD 0
995	DD 0
996	DD PATMPushf16End - PATMPushf16Start
997	DD 3
998	DD PATM_INTERRUPTFLAG
999	DD 0
1000	DD PATM_VMFLAGS
1001	DD 0
1002	DD PATM_INTERRUPTFLAG
1003	DD 0
1004	DD 0ffffffffh
1005
1006
1007	BEGINPROC PATMPushCSReplacement
1008	PATMPushCSStart:
1009	mov dword [ss:PATM_INTERRUPTFLAG], 0
1010	push cs
1011	pushfd
1012
1013	test dword [esp+4], 2
1014	jnz pushcs_notring1
1015
1016	; change dpl from 1 to 0
1017	and dword [esp+4], dword ~1 ; yasm / nasm dword
1018
1019	pushcs_notring1:
1020	popfd
1021
1022	mov dword [ss:PATM_INTERRUPTFLAG], 1
1023	DB 0xE9
1024	PATMPushCSJump:
1025	DD PATM_JUMPDELTA
1026	PATMPushCSEnd:
1027	ENDPROC PATMPushCSReplacement
1028
1029
1030	; Patch record for 'push cs'
1031	GLOBALNAME PATMPushCSRecord
1032	RTCCPTR_DEF PATMPushCSStart
1033	DD PATMPushCSJump - PATMPushCSStart
1034	DD 0
1035	DD 0
1036	DD PATMPushCSEnd - PATMPushCSStart
1037	DD 2
1038	DD PATM_INTERRUPTFLAG
1039	DD 0
1040	DD PATM_INTERRUPTFLAG
1041	DD 0
1042	DD 0ffffffffh
1043
1044	;;****************************************************
1045	;; Abstract:
1046	;;
1047	;; if eflags.NT==0 && iretstack.eflags.VM==0 && iretstack.eflags.IOPL==0
1048	;; then
1049	;; if return to ring 0 (iretstack.new_cs & 3 == 0)
1050	;; then
1051	;; if iretstack.new_eflags.IF == 1 && iretstack.new_eflags.IOPL == 0
1052	;; then
1053	;; iretstack.new_cs \|= 1
1054	;; else
1055	;; int 3
1056	;; endif
1057	;; uVMFlags &= ~X86_EFL_IF
1058	;; iret
1059	;; else
1060	;; int 3
1061	;;****************************************************
1062	;;
1063	BEGINPROC PATMIretReplacement
1064	PATMIretStart:
1065	mov dword [ss:PATM_INTERRUPTFLAG], 0
1066	pushfd
1067
1068	%ifdef PATM_LOG_IF_CHANGES
1069	push eax
1070	push ecx
1071	push edx
1072	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
1073	mov eax, PATM_ACTION_LOG_IRET
1074	lock or dword [ss:PATM_PENDINGACTION], eax
1075	mov ecx, PATM_ACTION_MAGIC
1076	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1077	pop edx
1078	pop ecx
1079	pop eax
1080	%endif
1081
1082	test dword [esp], X86_EFL_NT
1083	jnz near iret_fault1
1084
1085	test dword [esp+12], X86_EFL_VM
1086	jnz iret_fault
1087
1088	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1089	;;@todo: not correct for iret back to ring 2!!!!!
1090	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1091
1092	test dword [esp+8], 2
1093	jnz iret_notring0
1094
1095	test dword [esp+12], X86_EFL_IF
1096	jz iret_fault
1097
1098	; if interrupts are pending, then we must go back to the host context to handle them!
1099	; @@todo fix this properly, so we can dispatch pending interrupts in GC
1100	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
1101	jnz iret_fault
1102
1103	or dword [esp+8], 1
1104	iret_notring0:
1105
1106	; This section must always be executed (!!)
1107	; Extract the IOPL from the return flags, save them to our virtual flags and
1108	; put them back to zero
1109	push eax
1110	mov eax, dword [esp+16]
1111	and eax, X86_EFL_IOPL
1112	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1113	or dword [ss:PATM_VMFLAGS], eax
1114	pop eax
1115	and dword [esp+12], ~X86_EFL_IOPL
1116
1117	; Set IF again; below we make sure this won't cause problems.
1118	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
1119	popfd
1120
1121	; make sure iret is executed fully (including the iret below; cli ... iret can otherwise be interrupted)
1122	mov dword [ss:PATM_INHIBITIRQADDR], PATM_CURINSTRADDR
1123	mov dword [ss:PATM_INTERRUPTFLAG], 1
1124	iretd
1125	PATM_INT3
1126
1127	iret_fault:
1128	popfd
1129	mov dword [ss:PATM_INTERRUPTFLAG], 1
1130	PATM_INT3
1131
1132	iret_fault1:
1133	nop
1134	popfd
1135	mov dword [ss:PATM_INTERRUPTFLAG], 1
1136	PATM_INT3
1137	PATMIretEnd:
1138	ENDPROC PATMIretReplacement
1139
1140	; Patch record for 'iretd'
1141	GLOBALNAME PATMIretRecord
1142	RTCCPTR_DEF PATMIretStart
1143	DD 0
1144	DD 0
1145	DD 0
1146	DD PATMIretEnd- PATMIretStart
1147	%ifdef PATM_LOG_IF_CHANGES
1148	DD 11
1149	%else
1150	DD 10
1151	%endif
1152	DD PATM_INTERRUPTFLAG
1153	DD 0
1154	%ifdef PATM_LOG_IF_CHANGES
1155	DD PATM_PENDINGACTION
1156	DD 0
1157	%endif
1158	DD PATM_VM_FORCEDACTIONS
1159	DD 0
1160	DD PATM_VMFLAGS
1161	DD 0
1162	DD PATM_VMFLAGS
1163	DD 0
1164	DD PATM_VMFLAGS
1165	DD 0
1166	DD PATM_INHIBITIRQADDR
1167	DD 0
1168	DD PATM_CURINSTRADDR
1169	DD 0
1170	DD PATM_INTERRUPTFLAG
1171	DD 0
1172	DD PATM_INTERRUPTFLAG
1173	DD 0
1174	DD PATM_INTERRUPTFLAG
1175	DD 0
1176	DD 0ffffffffh
1177
1178
1179	align 16 ; yasm / nasm diff - remove me!
1180	BEGINPROC PATMCpuidReplacement
1181	PATMCpuidStart:
1182	mov dword [ss:PATM_INTERRUPTFLAG], 0
1183	pushf
1184
1185	cmp eax, PATM_CPUID_STD_MAX
1186	jb short cpuid_std
1187	cmp eax, 0x80000000
1188	jb short cpuid_def
1189	cmp eax, PATM_CPUID_EXT_MAX
1190	jb short cpuid_ext
1191
1192	cpuid_def:
1193	mov eax, PATM_CPUID_DEF_PTR
1194	jmp near cpuid_fetch
1195
1196	cpuid_std:
1197	mov edx, PATM_CPUID_STD_PTR
1198	jmp cpuid_calc
1199	cpuid_ext:
1200	and eax, 0ffh ; strictly speaking not necessary.
1201	mov edx, PATM_CPUID_EXT_PTR
1202	cpuid_calc:
1203	lea eax, [ss:eax * 4] ; 4 entries...
1204	lea eax, [ss:eax * 4] ; 4 bytes each
1205	add eax, edx
1206
1207	cpuid_fetch:
1208	mov edx, [ss:eax + 12] ; CPUMCPUID layout assumptions!
1209	mov ecx, [ss:eax + 8]
1210	mov ebx, [ss:eax + 4]
1211	mov eax, [ss:eax]
1212
1213	popf
1214	mov dword [ss:PATM_INTERRUPTFLAG], 1
1215
1216	PATMCpuidEnd:
1217	ENDPROC PATMCpuidReplacement
1218
1219	; Patch record for 'cpuid'
1220	GLOBALNAME PATMCpuidRecord
1221	RTCCPTR_DEF PATMCpuidStart
1222	DD 0
1223	DD 0
1224	DD 0
1225	DD PATMCpuidEnd- PATMCpuidStart
1226	DD 7
1227	DD PATM_INTERRUPTFLAG
1228	DD 0
1229	DD PATM_CPUID_STD_MAX
1230	DD 0
1231	DD PATM_CPUID_EXT_MAX
1232	DD 0
1233	DD PATM_CPUID_DEF_PTR
1234	DD 0
1235	DD PATM_CPUID_STD_PTR
1236	DD 0
1237	DD PATM_CPUID_EXT_PTR
1238	DD 0
1239	DD PATM_INTERRUPTFLAG
1240	DD 0
1241	DD 0ffffffffh
1242
1243
1244	BEGINPROC PATMJEcxReplacement
1245	PATMJEcxStart:
1246	mov dword [ss:PATM_INTERRUPTFLAG], 0
1247	pushfd
1248	PATMJEcxSizeOverride:
1249	DB 0x90 ; nop
1250	cmp ecx, dword 0 ; yasm / nasm dword
1251	jnz PATMJEcxContinue
1252
1253	popfd
1254	mov dword [ss:PATM_INTERRUPTFLAG], 1
1255	DB 0xE9
1256	PATMJEcxJump:
1257	DD PATM_JUMPDELTA
1258
1259	PATMJEcxContinue:
1260	popfd
1261	mov dword [ss:PATM_INTERRUPTFLAG], 1
1262	PATMJEcxEnd:
1263	ENDPROC PATMJEcxReplacement
1264
1265	; Patch record for 'JEcx'
1266	GLOBALNAME PATMJEcxRecord
1267	RTCCPTR_DEF PATMJEcxStart
1268	DD 0
1269	DD PATMJEcxJump - PATMJEcxStart
1270	DD PATMJEcxSizeOverride - PATMJEcxStart
1271	DD PATMJEcxEnd- PATMJEcxStart
1272	DD 3
1273	DD PATM_INTERRUPTFLAG
1274	DD 0
1275	DD PATM_INTERRUPTFLAG
1276	DD 0
1277	DD PATM_INTERRUPTFLAG
1278	DD 0
1279	DD 0ffffffffh
1280
1281	align 16; yasm / nasm diffing. remove me!
1282	BEGINPROC PATMLoopReplacement
1283	PATMLoopStart:
1284	mov dword [ss:PATM_INTERRUPTFLAG], 0
1285	pushfd
1286	PATMLoopSizeOverride:
1287	DB 0x90 ; nop
1288	dec ecx
1289	jz PATMLoopContinue
1290
1291	popfd
1292	mov dword [ss:PATM_INTERRUPTFLAG], 1
1293	DB 0xE9
1294	PATMLoopJump:
1295	DD PATM_JUMPDELTA
1296
1297	PATMLoopContinue:
1298	popfd
1299	mov dword [ss:PATM_INTERRUPTFLAG], 1
1300	PATMLoopEnd:
1301	ENDPROC PATMLoopReplacement
1302
1303	; Patch record for 'Loop'
1304	GLOBALNAME PATMLoopRecord
1305	RTCCPTR_DEF PATMLoopStart
1306	DD 0
1307	DD PATMLoopJump - PATMLoopStart
1308	DD PATMLoopSizeOverride - PATMLoopStart
1309	DD PATMLoopEnd- PATMLoopStart
1310	DD 3
1311	DD PATM_INTERRUPTFLAG
1312	DD 0
1313	DD PATM_INTERRUPTFLAG
1314	DD 0
1315	DD PATM_INTERRUPTFLAG
1316	DD 0
1317	DD 0ffffffffh
1318
1319	BEGINPROC PATMLoopZReplacement
1320	PATMLoopZStart:
1321	; jump if ZF=1 AND (E)CX != 0
1322
1323	mov dword [ss:PATM_INTERRUPTFLAG], 0
1324	jnz PATMLoopZEnd
1325	pushfd
1326	PATMLoopZSizeOverride:
1327	DB 0x90 ; nop
1328	dec ecx
1329	jz PATMLoopZContinue
1330
1331	popfd
1332	mov dword [ss:PATM_INTERRUPTFLAG], 1
1333	DB 0xE9
1334	PATMLoopZJump:
1335	DD PATM_JUMPDELTA
1336
1337	PATMLoopZContinue:
1338	popfd
1339	mov dword [ss:PATM_INTERRUPTFLAG], 1
1340	PATMLoopZEnd:
1341	ENDPROC PATMLoopZReplacement
1342
1343	; Patch record for 'Loopz'
1344	GLOBALNAME PATMLoopZRecord
1345	RTCCPTR_DEF PATMLoopZStart
1346	DD 0
1347	DD PATMLoopZJump - PATMLoopZStart
1348	DD PATMLoopZSizeOverride - PATMLoopZStart
1349	DD PATMLoopZEnd- PATMLoopZStart
1350	DD 3
1351	DD PATM_INTERRUPTFLAG
1352	DD 0
1353	DD PATM_INTERRUPTFLAG
1354	DD 0
1355	DD PATM_INTERRUPTFLAG
1356	DD 0
1357	DD 0ffffffffh
1358
1359
1360	BEGINPROC PATMLoopNZReplacement
1361	PATMLoopNZStart:
1362	; jump if ZF=0 AND (E)CX != 0
1363
1364	mov dword [ss:PATM_INTERRUPTFLAG], 0
1365	jz PATMLoopNZEnd
1366	pushfd
1367	PATMLoopNZSizeOverride:
1368	DB 0x90 ; nop
1369	dec ecx
1370	jz PATMLoopNZContinue
1371
1372	popfd
1373	mov dword [ss:PATM_INTERRUPTFLAG], 1
1374	DB 0xE9
1375	PATMLoopNZJump:
1376	DD PATM_JUMPDELTA
1377
1378	PATMLoopNZContinue:
1379	popfd
1380	mov dword [ss:PATM_INTERRUPTFLAG], 1
1381	PATMLoopNZEnd:
1382	ENDPROC PATMLoopNZReplacement
1383
1384	; Patch record for 'LoopNZ'
1385	GLOBALNAME PATMLoopNZRecord
1386	RTCCPTR_DEF PATMLoopNZStart
1387	DD 0
1388	DD PATMLoopNZJump - PATMLoopNZStart
1389	DD PATMLoopNZSizeOverride - PATMLoopNZStart
1390	DD PATMLoopNZEnd- PATMLoopNZStart
1391	DD 3
1392	DD PATM_INTERRUPTFLAG
1393	DD 0
1394	DD PATM_INTERRUPTFLAG
1395	DD 0
1396	DD PATM_INTERRUPTFLAG
1397	DD 0
1398	DD 0ffffffffh
1399
1400	align 16
1401	; Global patch function for indirect calls
1402	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1403	; + 20 push [pTargetGC]
1404	; + 16 pushfd
1405	; + 12 push [JumpTableAddress]
1406	; + 8 push [PATMRelReturnAddress]
1407	; + 4 push [GuestReturnAddress]
1408	;( + 0 return address )
1409	;
1410	; @note NEVER change this without bumping the SSM version
1411	BEGINPROC PATMLookupAndCall
1412	PATMLookupAndCallStart:
1413	push eax
1414	push edx
1415	push edi
1416	push ecx
1417
1418	mov edx, dword [esp+16+20] ; pushed target address
1419
1420	xor eax, eax ; default result -> nothing found
1421	mov edi, dword [esp+16+12] ; jump table
1422	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1423	cmp ecx, 0
1424	je near PATMLookupAndCall_QueryPATM
1425
1426	PATMLookupAndCall_SearchStart:
1427	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1428	je near PATMLookupAndCall_SearchHit
1429	inc eax
1430	cmp eax, ecx
1431	jl near PATMLookupAndCall_SearchStart
1432
1433	PATMLookupAndCall_QueryPATM:
1434	; nothing found -> let our trap handler try to find it
1435	; @todo private ugly interface, since we have nothing generic at the moment
1436	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1437	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1438	mov ecx, PATM_ACTION_MAGIC
1439	; edx = GC address to find
1440	; edi = jump table address
1441	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1442
1443	jmp near PATMLookupAndCall_SearchEnd
1444
1445	PATMLookupAndCall_Failure:
1446	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1447	pop ecx
1448	pop edi
1449	pop edx
1450	pop eax
1451	ret
1452
1453	PATMLookupAndCall_SearchHit:
1454	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1455
1456	;@note can be zero, so the next check is required!!
1457
1458	PATMLookupAndCall_SearchEnd:
1459	cmp eax, 0
1460	je near PATMLookupAndCall_Failure
1461
1462	mov ecx, eax ; ECX = target address (relative!)
1463	add ecx, PATM_PATCHBASE ; Make it absolute
1464
1465	mov edx, dword PATM_STACKPTR
1466	cmp dword [ss:edx], PATM_STACK_SIZE
1467	ja near PATMLookupAndCall_Failure ; should never happen actually!!!
1468	cmp dword [ss:edx], 0
1469	je near PATMLookupAndCall_Failure ; no more room
1470
1471	; save the patch return address on our private stack
1472	sub dword [ss:edx], 4 ; sizeof(RTGCPTR)
1473	mov eax, dword PATM_STACKBASE
1474	add eax, dword [ss:edx] ; stack base + stack position
1475	mov edi, dword [esp+16+8] ; PATM return address
1476	mov dword [ss:eax], edi ; relative address of patch return (instruction following this block)
1477
1478	; save the original return address as well (checked by ret to make sure the guest hasn't messed around with the stack)
1479	mov edi, dword PATM_STACKBASE_GUEST
1480	add edi, dword [ss:edx] ; stack base (guest) + stack position
1481	mov eax, dword [esp+16+4] ; guest return address
1482	mov dword [ss:edi], eax
1483
1484	push ecx ; temporarily store the target address on the stack
1485	add esp, 4
1486	pop ecx
1487	pop edi
1488	pop edx
1489	pop eax
1490	add esp, 24 ; parameters + return address pushed by caller (changes the flags, but that shouldn't matter)
1491	push dword [esp - 20] ; push original guest return address
1492
1493	; the called function will set PATM_INTERRUPTFLAG (!!)
1494	jmp dword [esp-40] ; call duplicated patch function
1495
1496	PATMLookupAndCallEnd:
1497	; returning here -> do not add code here or after the jmp!!!!!
1498	ENDPROC PATMLookupAndCall
1499
1500	; Patch record for indirect calls and jumps
1501	GLOBALNAME PATMLookupAndCallRecord
1502	RTCCPTR_DEF PATMLookupAndCallStart
1503	DD 0
1504	DD 0
1505	DD 0
1506	DD PATMLookupAndCallEnd - PATMLookupAndCallStart
1507	DD 5
1508	DD PATM_PENDINGACTION
1509	DD 0
1510	DD PATM_PATCHBASE
1511	DD 0
1512	DD PATM_STACKPTR
1513	DD 0
1514	DD PATM_STACKBASE
1515	DD 0
1516	DD PATM_STACKBASE_GUEST
1517	DD 0
1518	DD 0ffffffffh
1519
1520
1521	align 16
1522	; Global patch function for indirect jumps
1523	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1524	; + 8 push [pTargetGC]
1525	; + 4 push [JumpTableAddress]
1526	;( + 0 return address )
1527	; And saving eflags in PATM_TEMP_EFLAGS
1528	;
1529	; @note NEVER change this without bumping the SSM version
1530	BEGINPROC PATMLookupAndJump
1531	PATMLookupAndJumpStart:
1532	push eax
1533	push edx
1534	push edi
1535	push ecx
1536
1537	mov edx, dword [esp+16+8] ; pushed target address
1538
1539	xor eax, eax ; default result -> nothing found
1540	mov edi, dword [esp+16+4] ; jump table
1541	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1542	cmp ecx, 0
1543	je near PATMLookupAndJump_QueryPATM
1544
1545	PATMLookupAndJump_SearchStart:
1546	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1547	je near PATMLookupAndJump_SearchHit
1548	inc eax
1549	cmp eax, ecx
1550	jl near PATMLookupAndJump_SearchStart
1551
1552	PATMLookupAndJump_QueryPATM:
1553	; nothing found -> let our trap handler try to find it
1554	; @todo private ugly interface, since we have nothing generic at the moment
1555	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1556	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1557	mov ecx, PATM_ACTION_MAGIC
1558	; edx = GC address to find
1559	; edi = jump table address
1560	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1561
1562	jmp near PATMLookupAndJump_SearchEnd
1563
1564	PATMLookupAndJump_Failure:
1565	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1566	pop ecx
1567	pop edi
1568	pop edx
1569	pop eax
1570	ret
1571
1572	PATMLookupAndJump_SearchHit:
1573	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1574
1575	;@note can be zero, so the next check is required!!
1576
1577	PATMLookupAndJump_SearchEnd:
1578	cmp eax, 0
1579	je near PATMLookupAndJump_Failure
1580
1581	mov ecx, eax ; ECX = target address (relative!)
1582	add ecx, PATM_PATCHBASE ; Make it absolute
1583
1584	; save jump patch target
1585	mov dword [ss:PATM_TEMP_EAX], ecx
1586	pop ecx
1587	pop edi
1588	pop edx
1589	pop eax
1590	add esp, 12 ; parameters + return address pushed by caller
1591	; restore flags (just to be sure)
1592	push dword [ss:PATM_TEMP_EFLAGS]
1593	popfd
1594
1595	; the jump destination will set PATM_INTERRUPTFLAG (!!)
1596	jmp dword [ss:PATM_TEMP_EAX] ; call duplicated patch destination address
1597
1598	PATMLookupAndJumpEnd:
1599	ENDPROC PATMLookupAndJump
1600
1601	; Patch record for indirect calls and jumps
1602	GLOBALNAME PATMLookupAndJumpRecord
1603	RTCCPTR_DEF PATMLookupAndJumpStart
1604	DD 0
1605	DD 0
1606	DD 0
1607	DD PATMLookupAndJumpEnd - PATMLookupAndJumpStart
1608	DD 5
1609	DD PATM_PENDINGACTION
1610	DD 0
1611	DD PATM_PATCHBASE
1612	DD 0
1613	DD PATM_TEMP_EAX
1614	DD 0
1615	DD PATM_TEMP_EFLAGS
1616	DD 0
1617	DD PATM_TEMP_EAX
1618	DD 0
1619	DD 0ffffffffh
1620
1621
1622
1623
1624	align 16
1625	; Patch function for static calls
1626	; @note static calls have only one lookup slot!
1627	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1628	; push [pTargetGC]
1629	;
1630	BEGINPROC PATMCall
1631	PATMCallStart:
1632	pushfd
1633	push PATM_FIXUP ; fixup for jump table below
1634	push PATM_PATCHNEXTBLOCK
1635	push PATM_RETURNADDR
1636	DB 0E8h ; call
1637	DD PATM_LOOKUP_AND_CALL_FUNCTION
1638	; we only return in case of a failure
1639	add esp, 12 ; pushed address of jump table
1640	popfd
1641	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
1642	mov dword [ss:PATM_INTERRUPTFLAG], 1
1643	PATM_INT3
1644	%ifdef DEBUG
1645	; for disassembly
1646	jmp PATMCallEnd
1647	%endif
1648
1649	align 4
1650	PATMCallTable:
1651	DW 1 ; nrSlots
1652	DW 0 ; ulInsertPos
1653	DD 0 ; cAddresses
1654	RESB PATCHDIRECTJUMPTABLE_SIZE ; only one lookup slot
1655
1656	PATMCallEnd:
1657	; returning here -> do not add code here or after the jmp!!!!!
1658	ENDPROC PATMCall
1659
1660	; Patch record for direct calls
1661	GLOBALNAME PATMCallRecord
1662	RTCCPTR_DEF PATMCallStart
1663	DD 0
1664	DD 0
1665	DD 0
1666	DD PATMCallEnd - PATMCallStart
1667	DD 5
1668	DD PATM_FIXUP
1669	DD PATMCallTable - PATMCallStart
1670	DD PATM_PATCHNEXTBLOCK
1671	DD 0
1672	DD PATM_RETURNADDR
1673	DD 0
1674	DD PATM_LOOKUP_AND_CALL_FUNCTION
1675	DD 0
1676	DD PATM_INTERRUPTFLAG
1677	DD 0
1678	DD 0ffffffffh
1679
1680
1681	align 16
1682	; Patch function for indirect calls
1683	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1684	; push [pTargetGC]
1685	;
1686	BEGINPROC PATMCallIndirect
1687	PATMCallIndirectStart:
1688	pushfd
1689	push PATM_FIXUP ; fixup for jump table below
1690	push PATM_PATCHNEXTBLOCK
1691	push PATM_RETURNADDR
1692	DB 0E8h ; call
1693	DD PATM_LOOKUP_AND_CALL_FUNCTION
1694	; we only return in case of a failure
1695	add esp, 12 ; pushed address of jump table
1696	popfd
1697	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
1698	mov dword [ss:PATM_INTERRUPTFLAG], 1
1699	PATM_INT3
1700	%ifdef DEBUG
1701	; for disassembly
1702	jmp PATMCallIndirectEnd
1703	%endif
1704
1705	align 4
1706	PATMCallIndirectTable:
1707	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1708	DW 0 ; ulInsertPos
1709	DD 0 ; cAddresses
1710	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1711
1712	PATMCallIndirectEnd:
1713	; returning here -> do not add code here or after the jmp!!!!!
1714	ENDPROC PATMCallIndirect
1715
1716	; Patch record for indirect calls
1717	GLOBALNAME PATMCallIndirectRecord
1718	RTCCPTR_DEF PATMCallIndirectStart
1719	DD 0
1720	DD 0
1721	DD 0
1722	DD PATMCallIndirectEnd - PATMCallIndirectStart
1723	DD 5
1724	DD PATM_FIXUP
1725	DD PATMCallIndirectTable - PATMCallIndirectStart
1726	DD PATM_PATCHNEXTBLOCK
1727	DD 0
1728	DD PATM_RETURNADDR
1729	DD 0
1730	DD PATM_LOOKUP_AND_CALL_FUNCTION
1731	DD 0
1732	DD PATM_INTERRUPTFLAG
1733	DD 0
1734	DD 0ffffffffh
1735
1736
1737	align 16
1738	; Patch function for indirect jumps
1739	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
1740	; push [pTargetGC]
1741	;
1742	BEGINPROC PATMJumpIndirect
1743	PATMJumpIndirectStart:
1744	; save flags (just to be sure)
1745	pushfd
1746	pop dword [ss:PATM_TEMP_EFLAGS]
1747
1748	push PATM_FIXUP ; fixup for jump table below
1749	DB 0E8h ; call
1750	DD PATM_LOOKUP_AND_JUMP_FUNCTION
1751	; we only return in case of a failure
1752	add esp, 8 ; pushed address of jump table + pushed target address
1753
1754	; restore flags (just to be sure)
1755	push dword [ss:PATM_TEMP_EFLAGS]
1756	popfd
1757
1758	mov dword [ss:PATM_INTERRUPTFLAG], 1
1759	PATM_INT3
1760
1761	%ifdef DEBUG
1762	; for disassembly
1763	jmp PATMJumpIndirectEnd
1764	%endif
1765
1766	align 4
1767	PATMJumpIndirectTable:
1768	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1769	DW 0 ; ulInsertPos
1770	DD 0 ; cAddresses
1771	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1772
1773	PATMJumpIndirectEnd:
1774	; returning here -> do not add code here or after the jmp!!!!!
1775	ENDPROC PATMJumpIndirect
1776
1777	; Patch record for indirect jumps
1778	GLOBALNAME PATMJumpIndirectRecord
1779	RTCCPTR_DEF PATMJumpIndirectStart
1780	DD 0
1781	DD 0
1782	DD 0
1783	DD PATMJumpIndirectEnd - PATMJumpIndirectStart
1784	DD 5
1785	DD PATM_TEMP_EFLAGS
1786	DD 0
1787	DD PATM_FIXUP
1788	DD PATMJumpIndirectTable - PATMJumpIndirectStart
1789	DD PATM_LOOKUP_AND_JUMP_FUNCTION
1790	DD 0
1791	DD PATM_TEMP_EFLAGS
1792	DD 0
1793	DD PATM_INTERRUPTFLAG
1794	DD 0
1795	DD 0ffffffffh
1796
1797	;
1798	; return from duplicated function
1799	;
1800	align 16
1801	BEGINPROC PATMRet
1802	PATMRet_Start:
1803	; probe stack here as we can't recover from page faults later on
1804	not dword [esp-32]
1805	not dword [esp-32]
1806	mov dword [ss:PATM_INTERRUPTFLAG], 0
1807	pushfd
1808	push eax
1809	push PATM_FIXUP
1810	DB 0E8h ; call
1811	DD PATM_RETURN_FUNCTION
1812	add esp, 4 ; pushed address of jump table
1813
1814	cmp eax, 0
1815	jne near PATMRet_Success
1816
1817	pop eax
1818	popfd
1819	mov dword [ss:PATM_INTERRUPTFLAG], 1
1820	PATM_INT3
1821
1822	%ifdef DEBUG
1823	; for disassembly
1824	jmp PATMRet_Success
1825	%endif
1826	align 4
1827	PATMRetTable:
1828	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1829	DW 0 ; ulInsertPos
1830	DD 0 ; cAddresses
1831	RESB PATCHJUMPTABLE_SIZE ; lookup slots
1832
1833	PATMRet_Success:
1834	mov dword [esp+8], eax ; overwrite the saved return address
1835	pop eax
1836	popf
1837	; caller will duplicate the ret or ret n instruction
1838	; the patched call will set PATM_INTERRUPTFLAG after the return!
1839	PATMRet_End:
1840	ENDPROC PATMRet
1841
1842	GLOBALNAME PATMRetRecord
1843	RTCCPTR_DEF PATMRet_Start
1844	DD 0
1845	DD 0
1846	DD 0
1847	DD PATMRet_End - PATMRet_Start
1848	DD 4
1849	DD PATM_INTERRUPTFLAG
1850	DD 0
1851	DD PATM_FIXUP
1852	DD PATMRetTable - PATMRet_Start
1853	DD PATM_RETURN_FUNCTION
1854	DD 0
1855	DD PATM_INTERRUPTFLAG
1856	DD 0
1857	DD 0ffffffffh
1858
1859	;
1860	; global function for implementing 'retn'
1861	;
1862	; Caller is responsible for right stack layout
1863	; + 16 original return address
1864	; + 12 eflags
1865	; + 8 eax
1866	; + 4 Jump table address
1867	;( + 0 return address )
1868	;
1869	; @note assumes PATM_INTERRUPTFLAG is zero
1870	; @note assumes it can trash eax and eflags
1871	;
1872	; @returns eax=0 on failure
1873	; otherwise return address in eax
1874	;
1875	; @note NEVER change this without bumping the SSM version
1876	align 16
1877	BEGINPROC PATMRetFunction
1878	PATMRetFunction_Start:
1879	push ecx
1880	push edx
1881	push edi
1882
1883	; Event order:
1884	; (@todo figure out which path is taken most often (1 or 2))
1885	; 1) Check if the return patch address was pushed onto the PATM stack
1886	; 2) Check if the return patch address can be found in the lookup table
1887	; 3) Query return patch address from the hypervisor
1888
1889
1890	; 1) Check if the return patch address was pushed on the PATM stack
1891	cmp dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
1892	jae near PATMRetFunction_FindReturnAddress
1893
1894	mov edx, dword PATM_STACKPTR
1895
1896	; check if the return address is what we expect it to be
1897	mov eax, dword PATM_STACKBASE_GUEST
1898	add eax, dword [ss:edx] ; stack base + stack position
1899	mov eax, dword [ss:eax] ; original return address
1900	cmp eax, dword [esp+12+16] ; pushed return address
1901
1902	; the return address was changed -> let our trap handler try to find it
1903	; (can happen when the guest messes with the stack (seen it) or when we didn't call this function ourselves)
1904	jne near PATMRetFunction_FindReturnAddress
1905
1906	; found it, convert relative to absolute patch address and return the result to the caller
1907	mov eax, dword PATM_STACKBASE
1908	add eax, dword [ss:edx] ; stack base + stack position
1909	mov eax, dword [ss:eax] ; relative patm return address
1910	add eax, PATM_PATCHBASE
1911
1912	%ifdef PATM_LOG_IF_CHANGES
1913	push eax
1914	push ecx
1915	push edx
1916	mov edx, eax ; return address
1917	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
1918	mov eax, PATM_ACTION_LOG_RET
1919	mov ecx, PATM_ACTION_MAGIC
1920	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1921	pop edx
1922	pop ecx
1923	pop eax
1924	%endif
1925
1926	add dword [ss:edx], 4 ; pop return address from the PATM stack (sizeof(RTGCPTR); @note hardcoded assumption!)
1927
1928	pop edi
1929	pop edx
1930	pop ecx
1931	ret
1932
1933	PATMRetFunction_FindReturnAddress:
1934	; 2) Check if the return patch address can be found in the lookup table
1935	mov edx, dword [esp+12+16] ; pushed target address
1936
1937	xor eax, eax ; default result -> nothing found
1938	mov edi, dword [esp+12+4] ; jump table
1939	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1940	cmp ecx, 0
1941	je near PATMRetFunction_AskHypervisor
1942
1943	PATMRetFunction_SearchStart:
1944	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1945	je near PATMRetFunction_SearchHit
1946	inc eax
1947	cmp eax, ecx
1948	jl near PATMRetFunction_SearchStart
1949
1950	PATMRetFunction_AskHypervisor:
1951	; 3) Query return patch address from the hypervisor
1952	; @todo private ugly interface, since we have nothing generic at the moment
1953	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1954	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1955	mov ecx, PATM_ACTION_MAGIC
1956	mov edi, dword [esp+12+4] ; jump table address
1957	mov edx, dword [esp+12+16] ; original return address
1958	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1959	jmp near PATMRetFunction_SearchEnd
1960
1961	PATMRetFunction_SearchHit:
1962	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1963	;@note can be zero, so the next check is required!!
1964
1965	PATMRetFunction_SearchEnd:
1966	cmp eax, 0
1967	jz PATMRetFunction_Failure
1968
1969	add eax, PATM_PATCHBASE
1970
1971	%ifdef PATM_LOG_IF_CHANGES
1972	push eax
1973	push ecx
1974	push edx
1975	mov edx, eax ; return address
1976	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
1977	mov eax, PATM_ACTION_LOG_RET
1978	mov ecx, PATM_ACTION_MAGIC
1979	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1980	pop edx
1981	pop ecx
1982	pop eax
1983	%endif
1984
1985	pop edi
1986	pop edx
1987	pop ecx
1988	ret
1989
1990	PATMRetFunction_Failure:
1991	;signal error
1992	xor eax, eax
1993	pop edi
1994	pop edx
1995	pop ecx
1996	ret
1997
1998	PATMRetFunction_End:
1999	ENDPROC PATMRetFunction
2000
2001	GLOBALNAME PATMRetFunctionRecord
2002	RTCCPTR_DEF PATMRetFunction_Start
2003	DD 0
2004	DD 0
2005	DD 0
2006	DD PATMRetFunction_End - PATMRetFunction_Start
2007	%ifdef PATM_LOG_IF_CHANGES
2008	DD 9
2009	%else
2010	DD 7
2011	%endif
2012	DD PATM_STACKPTR
2013	DD 0
2014	DD PATM_STACKPTR
2015	DD 0
2016	DD PATM_STACKBASE_GUEST
2017	DD 0
2018	DD PATM_STACKBASE
2019	DD 0
2020	DD PATM_PATCHBASE
2021	DD 0
2022	%ifdef PATM_LOG_IF_CHANGES
2023	DD PATM_PENDINGACTION
2024	DD 0
2025	%endif
2026	DD PATM_PENDINGACTION
2027	DD 0
2028	DD PATM_PATCHBASE
2029	DD 0
2030	%ifdef PATM_LOG_IF_CHANGES
2031	DD PATM_PENDINGACTION
2032	DD 0
2033	%endif
2034	DD 0ffffffffh
2035
2036
2037	;
2038	; Jump to original instruction if IF=1
2039	;
2040	BEGINPROC PATMCheckIF
2041	PATMCheckIF_Start:
2042	mov dword [ss:PATM_INTERRUPTFLAG], 0
2043	pushf
2044	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2045	jnz PATMCheckIF_Safe
2046	nop
2047
2048	; IF=0 -> unsafe, so we must call the duplicated function (which we don't do here)
2049	popf
2050	mov dword [ss:PATM_INTERRUPTFLAG], 1
2051	jmp PATMCheckIF_End
2052
2053	PATMCheckIF_Safe:
2054	; invalidate the PATM stack as we'll jump back to guest code
2055	mov dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2056
2057	%ifdef PATM_LOG_IF_CHANGES
2058	push eax
2059	push ecx
2060	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_IF1
2061	mov eax, PATM_ACTION_LOG_IF1
2062	mov ecx, PATM_ACTION_MAGIC
2063	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2064	pop ecx
2065	pop eax
2066	%endif
2067	popf
2068	mov dword [ss:PATM_INTERRUPTFLAG], 1
2069	; IF=1 -> we can safely jump back to the original instruction
2070	DB 0xE9
2071	PATMCheckIF_Jump:
2072	DD PATM_JUMPDELTA
2073	PATMCheckIF_End:
2074	ENDPROC PATMCheckIF
2075
2076	; Patch record for call instructions
2077	GLOBALNAME PATMCheckIFRecord
2078	RTCCPTR_DEF PATMCheckIF_Start
2079	DD PATMCheckIF_Jump - PATMCheckIF_Start
2080	DD 0
2081	DD 0
2082	DD PATMCheckIF_End - PATMCheckIF_Start
2083	%ifdef PATM_LOG_IF_CHANGES
2084	DD 6
2085	%else
2086	DD 5
2087	%endif
2088	DD PATM_INTERRUPTFLAG
2089	DD 0
2090	DD PATM_VMFLAGS
2091	DD 0
2092	DD PATM_INTERRUPTFLAG
2093	DD 0
2094	DD PATM_STACKPTR
2095	DD 0
2096	%ifdef PATM_LOG_IF_CHANGES
2097	DD PATM_PENDINGACTION
2098	DD 0
2099	%endif
2100	DD PATM_INTERRUPTFLAG
2101	DD 0
2102	DD 0ffffffffh
2103
2104	;
2105	; Jump back to guest if IF=1, else fault
2106	;
2107	BEGINPROC PATMJumpToGuest_IF1
2108	PATMJumpToGuest_IF1_Start:
2109	mov dword [ss:PATM_INTERRUPTFLAG], 0
2110	pushf
2111	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2112	jnz PATMJumpToGuest_IF1_Safe
2113	nop
2114
2115	; IF=0 -> unsafe, so fault
2116	popf
2117	mov dword [ss:PATM_INTERRUPTFLAG], 1
2118	PATM_INT3
2119
2120	PATMJumpToGuest_IF1_Safe:
2121	; IF=1 -> we can safely jump back to the original instruction
2122	popf
2123	mov dword [ss:PATM_INTERRUPTFLAG], 1
2124	DB 0xE9
2125	PATMJumpToGuest_IF1_Jump:
2126	DD PATM_JUMPDELTA
2127	PATMJumpToGuest_IF1_End:
2128	ENDPROC PATMJumpToGuest_IF1
2129
2130	; Patch record for call instructions
2131	GLOBALNAME PATMJumpToGuest_IF1Record
2132	RTCCPTR_DEF PATMJumpToGuest_IF1_Start
2133	DD PATMJumpToGuest_IF1_Jump - PATMJumpToGuest_IF1_Start
2134	DD 0
2135	DD 0
2136	DD PATMJumpToGuest_IF1_End - PATMJumpToGuest_IF1_Start
2137	DD 4
2138	DD PATM_INTERRUPTFLAG
2139	DD 0
2140	DD PATM_VMFLAGS
2141	DD 0
2142	DD PATM_INTERRUPTFLAG
2143	DD 0
2144	DD PATM_INTERRUPTFLAG
2145	DD 0
2146	DD 0ffffffffh
2147
2148	; For assertion during init (to make absolutely sure the flags are in sync in vm.mac & vm.h)
2149	GLOBALNAME PATMInterruptFlag
2150	DD VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
2151

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/VMM/PATM/PATMA.asm@ 271

Download in other formats: