VirtualBox

source: vbox/trunk/src/VBox/VMM/PATM/PATMInternal.h@ 7932

Last change on this file since 7932 was 7620, checked in by vboxsync, 17 years ago

RTGCPHYS is now 64 bits

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 28.2 KB
Line 
1/* $Id: PATMInternal.h 7620 2008-03-28 10:12:44Z vboxsync $ */
2/** @file
3 * PATM - Internal header file.
4 */
5
6/*
7 * Copyright (C) 2006-2007 innotek GmbH
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18#ifndef ___PATMInternal_h
19#define ___PATMInternal_h
20
21#include <VBox/cdefs.h>
22#include <VBox/types.h>
23#include <VBox/patm.h>
24#include <VBox/stam.h>
25#include <VBox/dis.h>
26#include <iprt/avl.h>
27#include <iprt/param.h>
28#include <VBox/log.h>
29
30#if !defined(IN_PATM_R3) && !defined(IN_PATM_R0) && !defined(IN_PATM_GC)
31# error "Not in PATM! This is an internal header!"
32#endif
33
34
35#define PATM_SSM_VERSION 53
36
37/* Enable for call patching. */
38#define PATM_ENABLE_CALL
39#define PATCH_MEMORY_SIZE (2*1024*1024)
40#define MAX_PATCH_SIZE (1024*4)
41
42/*
43 * Internal patch type flags (starts at RT_BIT(11))
44 */
45
46#define PATMFL_CHECK_SIZE RT_BIT_64(11)
47#define PATMFL_FOUND_PATCHEND RT_BIT_64(12)
48#define PATMFL_SINGLE_INSTRUCTION RT_BIT_64(13)
49#define PATMFL_SYSENTER_XP RT_BIT_64(14)
50#define PATMFL_JUMP_CONFLICT RT_BIT_64(15)
51#define PATMFL_READ_ORIGINAL_BYTES RT_BIT_64(16) /** opcode might have already been patched */
52#define PATMFL_INT3_REPLACEMENT RT_BIT_64(17)
53#define PATMFL_SUPPORT_CALLS RT_BIT_64(18)
54#define PATMFL_SUPPORT_INDIRECT_CALLS RT_BIT_64(19)
55#define PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT RT_BIT_64(20) /** internal flag to avoid duplicate entrypoints */
56#define PATMFL_INHIBIT_IRQS RT_BIT_64(21) /** temporary internal flag */
57#define PATMFL_GENERATE_JUMPTOGUEST RT_BIT_64(22) /** temporary internal flag */
58#define PATMFL_RECOMPILE_NEXT RT_BIT_64(23) /** for recompilation of the next instruction */
59#define PATMFL_CODE_MONITORED RT_BIT_64(24) /** code pages of guest monitored for self-modifying code. */
60#define PATMFL_CALLABLE_AS_FUNCTION RT_BIT_64(25) /** cli and pushf blocks can be used as callable functions. */
61#define PATMFL_GLOBAL_FUNCTIONS RT_BIT_64(26) /** fake patch for global patm functions. */
62#define PATMFL_TRAMPOLINE RT_BIT_64(27) /** trampoline patch that clears PATM_INTERRUPTFLAG and jumps to patch destination */
63#define PATMFL_GENERATE_SETPIF RT_BIT_64(28) /** generate set PIF for the next instruction */
64#define PATMFL_INSTR_HINT RT_BIT_64(29) /** Generate patch, but don't activate it. */
65#define PATMFL_PATCHED_GUEST_CODE RT_BIT_64(30) /** Patched guest code. */
66#define PATMFL_MUST_INSTALL_PATCHJMP RT_BIT_64(31) /** Need to patch guest code in order to activate patch. */
67#define PATMFL_INT3_REPLACEMENT_BLOCK RT_BIT_64(32) /** int 3 replacement block */
68#define PATMFL_EXTERNAL_JUMP_INSIDE RT_BIT_64(33) /** A trampoline patch was created that jumps to an instruction in the patch block */
69
70#define SIZEOF_NEARJUMP8 2 //opcode byte + 1 byte relative offset
71#define SIZEOF_NEARJUMP16 3 //opcode byte + 2 byte relative offset
72#define SIZEOF_NEARJUMP32 5 //opcode byte + 4 byte relative offset
73#define SIZEOF_NEAR_COND_JUMP32 6 //0xF + opcode byte + 4 byte relative offset
74
75#define MAX_INSTR_SIZE 16
76
77//Patch states
78#define PATCH_REFUSED 1
79#define PATCH_DISABLED 2
80#define PATCH_ENABLED 4
81#define PATCH_UNUSABLE 8
82#define PATCH_DIRTY 16
83#define PATCH_DISABLE_PENDING 32
84
85
86#define MAX_PATCH_TRAPS 4
87#define PATM_MAX_CALL_DEPTH 32
88/* Maximum nr of writes before a patch is marked dirty. (disabled) */
89#define PATM_MAX_CODE_WRITES 32
90/* Maximum nr of invalid writes before a patch is disabled. */
91#define PATM_MAX_INVALID_WRITES 16384
92
93#define FIXUP_ABSOLUTE 0
94#define FIXUP_REL_JMPTOPATCH 1
95#define FIXUP_REL_JMPTOGUEST 2
96
97#define PATM_ILLEGAL_DESTINATION 0xDEADBEEF
98
99/** Size of the instruction that's used for requests from patch code (currently only call) */
100#define PATM_ILLEGAL_INSTR_SIZE 2
101
102
103/** No statistics counter index allocated just yet */
104#define PATM_STAT_INDEX_NONE (uint32_t)-1
105/** Dummy counter to handle overflows */
106#define PATM_STAT_INDEX_DUMMY 0
107#define PATM_STAT_INDEX_IS_VALID(a) (a != PATM_STAT_INDEX_DUMMY && a != PATM_STAT_INDEX_NONE)
108
109#ifdef VBOX_WITH_STATISTICS
110#define PATM_STAT_RUN_INC(pPatch) \
111 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
112 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32A++;
113#define PATM_STAT_FAULT_INC(pPatch) \
114 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
115 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32B++;
116#else
117#define PATM_STAT_RUN_INC(pPatch) do { } while (0)
118#define PATM_STAT_FAULT_INC(pPatch) do { } while (0)
119#endif
120
121/** Maximum number of stat counters. */
122#define PATM_STAT_MAX_COUNTERS 1024
123/** Size of memory allocated for patch statistics. */
124#define PATM_STAT_MEMSIZE (PATM_STAT_MAX_COUNTERS*sizeof(STAMRATIOU32))
125
126
127typedef struct
128{
129 /** The key is a HC virtual address. */
130 AVLPVNODECORE Core;
131
132 uint32_t uType;
133 R3PTRTYPE(uint8_t *) pRelocPos;
134 RTGCPTR pSource;
135 RTGCPTR pDest;
136} RELOCREC, *PRELOCREC;
137
138typedef struct
139{
140 R3PTRTYPE(uint8_t *) pPatchLocStartHC;
141 R3PTRTYPE(uint8_t *) pPatchLocEndHC;
142 GCPTRTYPE(uint8_t *) pGuestLoc;
143 uint32_t opsize;
144} P2GLOOKUPREC, *PP2GLOOKUPREC;
145
146typedef struct
147{
148 /** The key is a pointer to a JUMPREC structure. */
149 AVLPVNODECORE Core;
150
151 R3PTRTYPE(uint8_t *) pJumpHC;
152 GCPTRTYPE(uint8_t *) pTargetGC;
153 uint32_t offDispl;
154 uint32_t opcode;
155} JUMPREC, *PJUMPREC;
156
157/**
158 * Patch to guest lookup type (single or both direction)
159 */
160typedef enum
161{
162 PATM_LOOKUP_PATCH2GUEST, /* patch to guest */
163 PATM_LOOKUP_BOTHDIR /* guest to patch + patch to guest */
164} PATM_LOOKUP_TYPE;
165
166/**
167 * Patch to guest address lookup record
168 */
169typedef struct RECPATCHTOGUEST
170{
171 /** The key is an offset inside the patch memory block. */
172 AVLU32NODECORE Core;
173
174 RTGCPTR pOrgInstrGC;
175 PATM_LOOKUP_TYPE enmType;
176 bool fDirty;
177 bool fJumpTarget;
178 uint8_t u8DirtyOpcode; /* original opcode before writing 0xCC there to mark it dirty */
179} RECPATCHTOGUEST, *PRECPATCHTOGUEST;
180
181/**
182 * Guest to patch address lookup record
183 */
184typedef struct RECGUESTTOPATCH
185{
186 /** The key is a GC virtual address. */
187 AVLGCPTRNODECORE Core;
188
189 /** Patch offset (relative to PATM::pPatchMemGC / PATM::pPatchMemHC). */
190 uint32_t PatchOffset;
191} RECGUESTTOPATCH, *PRECGUESTTOPATCH;
192
193/**
194 * Temporary information used in ring 3 only; no need to waste memory in the patch record itself.
195 */
196typedef struct
197{
198 /* Temporary tree for storing the addresses of illegal instructions. */
199 R3PTRTYPE(PAVLPVNODECORE) IllegalInstrTree;
200 uint32_t nrIllegalInstr;
201
202 int32_t nrJumps;
203 uint32_t nrRetInstr;
204
205 /* Temporary tree of encountered jumps. (debug only) */
206 R3PTRTYPE(PAVLPVNODECORE) DisasmJumpTree;
207
208 int32_t nrCalls;
209
210 /** Last original guest instruction pointer; used for disassmebly log. */
211 RTGCPTR pLastDisasmInstrGC;
212
213 /** Keeping track of multiple ret instructions. */
214 RTGCPTR pPatchRetInstrGC;
215 uint32_t uPatchRetParam1;
216} PATCHINFOTEMP, *PPATCHINFOTEMP;
217
218typedef struct _PATCHINFO
219{
220 uint32_t uState;
221 uint32_t uOldState;
222 DISCPUMODE uOpMode;
223
224 GCPTRTYPE(uint8_t *) pPrivInstrGC; //GC pointer of privileged instruction
225 R3PTRTYPE(uint8_t *) pPrivInstrHC; //HC pointer of privileged instruction
226 uint8_t aPrivInstr[MAX_INSTR_SIZE];
227 uint32_t cbPrivInstr;
228 uint32_t opcode; //opcode for priv instr (OP_*)
229 uint32_t cbPatchJump; //patch jump size
230
231 /* Only valid for PATMFL_JUMP_CONFLICT patches */
232 RTGCPTR pPatchJumpDestGC;
233
234 RTGCUINTPTR pPatchBlockOffset;
235 uint32_t cbPatchBlockSize;
236 uint32_t uCurPatchOffset;
237#if HC_ARCH_BITS == 64
238 uint32_t Alignment0; /**< Align flags correctly. */
239#endif
240
241 uint64_t flags;
242
243 /**
244 * Lowest and highest patched GC instruction address. To optimize searches.
245 */
246 RTGCPTR pInstrGCLowest;
247 RTGCPTR pInstrGCHighest;
248
249 /* Tree of fixup records for the patch. */
250 R3PTRTYPE(PAVLPVNODECORE) FixupTree;
251 int32_t nrFixups;
252
253 /* Tree of jumps inside the generated patch code. */
254 int32_t nrJumpRecs;
255 R3PTRTYPE(PAVLPVNODECORE) JumpTree;
256
257 /**
258 * Lookup trees for determining the corresponding guest address of an
259 * instruction in the patch block.
260 */
261 R3PTRTYPE(PAVLU32NODECORE) Patch2GuestAddrTree;
262 R3PTRTYPE(PAVLGCPTRNODECORE) Guest2PatchAddrTree;
263 uint32_t nrPatch2GuestRecs;
264#if HC_ARCH_BITS == 64
265 uint32_t Alignment1;
266#endif
267
268 // Cache record for PATMGCVirtToHCVirt
269 P2GLOOKUPREC cacheRec;
270
271 /* Temporary information during patch creation. Don't waste hypervisor memory for this. */
272 R3PTRTYPE(PPATCHINFOTEMP) pTempInfo;
273
274 /* Count the number of writes to the corresponding guest code. */
275 uint32_t cCodeWrites;
276
277 /* Count the number of invalid writes to pages monitored for the patch. */
278 //some statistics to determine if we should keep this patch activated
279 uint32_t cTraps;
280
281 uint32_t cInvalidWrites;
282
283 // Index into the uPatchRun and uPatchTrap arrays (0..MAX_PATCHES-1)
284 uint32_t uPatchIdx;
285
286 /* First opcode byte, that's overwritten when a patch is marked dirty. */
287 uint8_t bDirtyOpcode;
288 uint8_t Alignment2[7]; /**< Align the structure size on a 8-byte boundrary. */
289} PATCHINFO, *PPATCHINFO;
290
291#define PATCHCODE_PTR_GC(pPatch) (RTGCPTR) (pVM->patm.s.pPatchMemGC + (pPatch)->pPatchBlockOffset)
292#define PATCHCODE_PTR_HC(pPatch) (uint8_t *)(pVM->patm.s.pPatchMemHC + (pPatch)->pPatchBlockOffset)
293
294/**
295 * Lookup record for patches
296 */
297typedef struct PATMPATCHREC
298{
299 /** The key is a GC virtual address. */
300 AVLOGCPTRNODECORE Core;
301 /** The key is a patch offset. */
302 AVLOGCPTRNODECORE CoreOffset;
303
304 PATCHINFO patch;
305} PATMPATCHREC, *PPATMPATCHREC;
306
307/** Increment for allocating room for pointer array */
308#define PATMPATCHPAGE_PREALLOC_INCREMENT 16
309
310/**
311 * Lookup record for patch pages
312 */
313typedef struct PATMPATCHPAGE
314{
315 /** The key is a GC virtual address. */
316 AVLOGCPTRNODECORE Core;
317 /** Region to monitor. */
318 RTGCPTR pLowestAddrGC;
319 RTGCPTR pHighestAddrGC;
320 /** Number of patches for this page. */
321 uint32_t cCount;
322 /** Maximum nr of pointers in the array. */
323 uint32_t cMaxPatches;
324 /** Array of patch pointers for this page. */
325 R3PTRTYPE(PPATCHINFO *) aPatch;
326} PATMPATCHPAGE, *PPATMPATCHPAGE;
327
328#define PATM_PATCHREC_FROM_COREOFFSET(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, CoreOffset))
329#define PATM_PATCHREC_FROM_PATCHINFO(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, patch))
330
331typedef struct PATMTREES
332{
333 /**
334 * AVL tree with all patches (active or disabled) sorted by guest instruction address
335 */
336 AVLOGCPTRTREE PatchTree;
337
338 /**
339 * AVL tree with all patches sorted by patch address (offset actually)
340 */
341 AVLOGCPTRTREE PatchTreeByPatchAddr;
342
343 /**
344 * AVL tree with all pages which were (partly) patched
345 */
346 AVLOGCPTRTREE PatchTreeByPage;
347
348 uint32_t align[1];
349} PATMTREES, *PPATMTREES;
350
351/**
352 * PATM VM Instance data.
353 * Changes to this must checked against the padding of the patm union in VM!
354 */
355typedef struct PATM
356{
357 /** Offset to the VM structure.
358 * See PATM2VM(). */
359 RTINT offVM;
360
361 GCPTRTYPE(uint8_t *) pPatchMemGC;
362 R3PTRTYPE(uint8_t *) pPatchMemHC;
363 uint32_t cbPatchMem;
364 uint32_t offPatchMem;
365 bool fOutOfMemory;
366
367 int32_t deltaReloc;
368
369 /* GC PATM state pointers */
370 R3PTRTYPE(PPATMGCSTATE) pGCStateHC;
371 GCPTRTYPE(PPATMGCSTATE) pGCStateGC;
372
373 /** PATM stack page for call instruction execution. (2 parts: one for our private stack and one to store the original return address */
374 GCPTRTYPE(RTGCPTR *) pGCStackGC;
375 R3PTRTYPE(RTGCPTR *) pGCStackHC;
376
377 /** GC pointer to CPUMCTX structure. */
378 GCPTRTYPE(PCPUMCTX) pCPUMCtxGC;
379
380 /* GC statistics pointers */
381 GCPTRTYPE(PSTAMRATIOU32) pStatsGC;
382 R3PTRTYPE(PSTAMRATIOU32) pStatsHC;
383
384 /* Current free index value (uPatchRun/uPatchTrap arrays). */
385 uint32_t uCurrentPatchIdx;
386
387 /* Temporary counter for patch installation call depth. (in order not to go on forever) */
388 uint32_t ulCallDepth;
389
390 /** Number of page lookup records. */
391 uint32_t cPageRecords;
392
393 /**
394 * Lowest and highest patched GC instruction addresses. To optimize searches.
395 */
396 RTGCPTR pPatchedInstrGCLowest;
397 RTGCPTR pPatchedInstrGCHighest;
398
399 /** Pointer to the patch tree for instructions replaced by 'int 3'. */
400 GCPTRTYPE(PPATMTREES) PatchLookupTreeGC;
401 R3PTRTYPE(PPATMTREES) PatchLookupTreeHC;
402
403 /** Global PATM lookup and call function (used by call patches). */
404 RTGCPTR pfnHelperCallGC;
405 /** Global PATM return function (used by ret patches). */
406 RTGCPTR pfnHelperRetGC;
407 /** Global PATM jump function (used by indirect jmp patches). */
408 RTGCPTR pfnHelperJumpGC;
409 /** Global PATM return function (used by iret patches). */
410 RTGCPTR pfnHelperIretGC;
411
412 /** Fake patch record for global functions. */
413 R3PTRTYPE(PPATMPATCHREC) pGlobalPatchRec;
414
415 /** Pointer to original sysenter handler */
416 RTGCPTR pfnSysEnterGC;
417 /** Pointer to sysenter handler trampoline */
418 RTGCPTR pfnSysEnterPatchGC;
419 /** Sysenter patch index (for stats only) */
420 uint32_t uSysEnterPatchIdx;
421
422 // GC address of fault in monitored page (set by PATMGCMonitorPage, used by PATMR3HandleMonitoredPage)
423 RTGCPTR pvFaultMonitor;
424
425 /* Temporary information for pending MMIO patch. Set in GC or R0 context. */
426 struct
427 {
428 RTGCPHYS GCPhys;
429 RTGCPTR pCachedData;
430#if GC_ARCH_BITS == 32
431 RTGCPTR Alignment0; /**< Align the structure size on a 8-byte boundrary. */
432#endif
433 } mmio;
434
435 /* Temporary storage during load/save state */
436 struct
437 {
438 R3PTRTYPE(PSSMHANDLE) pSSM;
439 uint32_t cPatches;
440#if HC_ARCH_BITS == 64
441 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundrary. */
442#endif
443 } savedstate;
444
445 STAMCOUNTER StatNrOpcodeRead;
446 STAMCOUNTER StatDisabled;
447 STAMCOUNTER StatUnusable;
448 STAMCOUNTER StatEnabled;
449 STAMCOUNTER StatInstalled;
450 STAMCOUNTER StatInstalledFunctionPatches;
451 STAMCOUNTER StatInstalledTrampoline;
452 STAMCOUNTER StatInstalledJump;
453 STAMCOUNTER StatInt3Callable;
454 STAMCOUNTER StatInt3BlockRun;
455 STAMCOUNTER StatOverwritten;
456 STAMCOUNTER StatFixedConflicts;
457 STAMCOUNTER StatFlushed;
458 STAMCOUNTER StatPageBoundaryCrossed;
459 STAMCOUNTER StatMonitored;
460 STAMPROFILEADV StatHandleTrap;
461 STAMCOUNTER StatSwitchBack;
462 STAMCOUNTER StatSwitchBackFail;
463 STAMCOUNTER StatPATMMemoryUsed;
464 STAMCOUNTER StatDuplicateREQSuccess;
465 STAMCOUNTER StatDuplicateREQFailed;
466 STAMCOUNTER StatDuplicateUseExisting;
467 STAMCOUNTER StatFunctionFound;
468 STAMCOUNTER StatFunctionNotFound;
469 STAMPROFILEADV StatPatchWrite;
470 STAMPROFILEADV StatPatchWriteDetect;
471 STAMCOUNTER StatDirty;
472 STAMCOUNTER StatPushTrap;
473 STAMCOUNTER StatPatchWriteInterpreted;
474 STAMCOUNTER StatPatchWriteInterpretedFailed;
475
476 STAMCOUNTER StatSysEnter;
477 STAMCOUNTER StatSysExit;
478 STAMCOUNTER StatEmulIret;
479 STAMCOUNTER StatEmulIretFailed;
480
481 STAMCOUNTER StatInstrDirty;
482 STAMCOUNTER StatInstrDirtyGood;
483 STAMCOUNTER StatInstrDirtyBad;
484
485 STAMCOUNTER StatPatchPageInserted;
486 STAMCOUNTER StatPatchPageRemoved;
487
488 STAMCOUNTER StatPatchRefreshSuccess;
489 STAMCOUNTER StatPatchRefreshFailed;
490
491 STAMCOUNTER StatGenRet;
492 STAMCOUNTER StatGenRetReused;
493 STAMCOUNTER StatGenJump;
494 STAMCOUNTER StatGenCall;
495 STAMCOUNTER StatGenPopf;
496
497 STAMCOUNTER StatCheckPendingIRQ;
498
499 STAMCOUNTER StatFunctionLookupReplace;
500 STAMCOUNTER StatFunctionLookupInsert;
501 uint32_t StatU32FunctionMaxSlotsUsed;
502 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundrary. */
503} PATM, *PPATM;
504
505
506/**
507 * Execute state save operation.
508 *
509 * @returns VBox status code.
510 * @param pVM VM Handle.
511 * @param pSSM SSM operation handle.
512 */
513DECLCALLBACK(int) patmr3Save(PVM pVM, PSSMHANDLE pSSM);
514
515
516/**
517 * Execute state load operation.
518 *
519 * @returns VBox status code.
520 * @param pVM VM Handle.
521 * @param pSSM SSM operation handle.
522 * @param u32Version Data layout version.
523 */
524DECLCALLBACK(int) patmr3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t u32Version);
525
526#ifdef IN_RING3
527RTGCPTR patmPatchGCPtr2GuestGCPtr(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t *) pPatchGC);
528RTGCPTR patmGuestGCPtrToPatchGCPtr(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t*) pInstrGC);
529RTGCPTR patmGuestGCPtrToClosestPatchGCPtr(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t*) pInstrGC);
530#endif
531
532/* Add a patch to guest lookup record
533 *
534 * @param pVM The VM to operate on.
535 * @param pPatch Patch structure ptr
536 * @param pPatchInstrHC Guest context pointer to patch block
537 * @param pInstrGC Guest context pointer to privileged instruction
538 * @param enmType Lookup type
539 * @param fDirty Dirty flag
540 *
541 */
542void patmr3AddP2GLookupRecord(PVM pVM, PPATCHINFO pPatch, uint8_t *pPatchInstrHC, RTGCPTR pInstrGC, PATM_LOOKUP_TYPE enmType, bool fDirty=false);
543
544/**
545 * Insert page records for all guest pages that contain instructions that were recompiled for this patch
546 *
547 * @returns VBox status code.
548 * @param pVM The VM to operate on.
549 * @param pPatch Patch record
550 */
551int patmInsertPatchPages(PVM pVM, PPATCHINFO pPatch);
552
553/**
554 * Remove page records for all guest pages that contain instructions that were recompiled for this patch
555 *
556 * @returns VBox status code.
557 * @param pVM The VM to operate on.
558 * @param pPatch Patch record
559 */
560int patmRemovePatchPages(PVM pVM, PPATCHINFO pPatch);
561
562/**
563 * Returns the GC address of the corresponding patch statistics counter
564 *
565 * @returns Stat address
566 * @param pVM The VM to operate on.
567 * @param pPatch Patch structure
568 */
569RTGCPTR patmPatchQueryStatAddress(PVM pVM, PPATCHINFO pPatch);
570
571/**
572 * Remove patch for privileged instruction at specified location
573 *
574 * @returns VBox status code.
575 * @param pVM The VM to operate on.
576 * @param pPatchRec Patch record
577 * @param fForceRemove Remove *all* patches
578 */
579int PATMRemovePatch(PVM pVM, PPATMPATCHREC pPatchRec, bool fForceRemove);
580
581/**
582 * Call for analysing the instructions following the privileged instr. for compliance with our heuristics
583 *
584 * @returns VBox status code.
585 * @param pVM The VM to operate on.
586 * @param pCpu CPU disassembly state
587 * @param pInstrHC Guest context pointer to privileged instruction
588 * @param pCurInstrHC Guest context pointer to current instruction
589 * @param pUserData User pointer
590 *
591 */
592typedef int (VBOXCALL *PFN_PATMR3ANALYSE)(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData);
593
594/**
595 * Install guest OS specific patch
596 *
597 * @returns VBox status code.
598 * @param pVM The VM to operate on
599 * @param pCpu Disassembly state of instruction.
600 * @param pInstrGC GC Instruction pointer for instruction
601 * @param pInstrHC GC Instruction pointer for instruction
602 * @param pPatchRec Patch structure
603 *
604 */
605int PATMInstallGuestSpecificPatch(PVM pVM, PDISCPUSTATE pCpu, RTGCPTR pInstrGC, uint8_t *pInstrHC, PPATMPATCHREC pPatchRec);
606
607/**
608 * Convert guest context address to host context pointer
609 *
610 * @returns VBox status code.
611 * @param pVM The VM to operate on.
612 * @param pPatch Patch block structure pointer
613 * @param pGCPtr Guest context pointer
614 *
615 * @returns Host context pointer or NULL in case of an error
616 *
617 */
618R3PTRTYPE(uint8_t *) PATMGCVirtToHCVirt(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t *) pGCPtr);
619
620
621/**
622 * Check if the instruction is patched as a duplicated function
623 *
624 * @returns patch record
625 * @param pVM The VM to operate on.
626 * @param pInstrGC Guest context point to the instruction
627 *
628 */
629PATMDECL(PPATMPATCHREC) PATMQueryFunctionPatch(PVM pVM, RTGCPTR pInstrGC);
630
631
632/**
633 * Empty the specified tree (PV tree, MMR3 heap)
634 *
635 * @param pVM The VM to operate on.
636 * @param ppTree Tree to empty
637 */
638void patmEmptyTree(PVM pVM, PPAVLPVNODECORE ppTree);
639
640
641/**
642 * Empty the specified tree (U32 tree, MMR3 heap)
643 *
644 * @param pVM The VM to operate on.
645 * @param ppTree Tree to empty
646 */
647void patmEmptyTreeU32(PVM pVM, PPAVLU32NODECORE ppTree);
648
649
650/**
651 * Return the name of the patched instruction
652 *
653 * @returns instruction name
654 *
655 * @param opcode DIS instruction opcode
656 * @param fPatchFlags Patch flags
657 */
658PATMDECL(const char *) patmGetInstructionString(uint32_t opcode, uint32_t fPatchFlags);
659
660
661/**
662 * Read callback for disassembly function; supports reading bytes that cross a page boundary
663 *
664 * @returns VBox status code.
665 * @param pSrc GC source pointer
666 * @param pDest HC destination pointer
667 * @param size Number of bytes to read
668 * @param pvUserdata Callback specific user data (pCpu)
669 *
670 */
671int patmReadBytes(RTHCUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata);
672
673
674#ifndef IN_GC
675
676#define PATMREAD_RAWCODE 1 /* read code as-is */
677#define PATMREAD_ORGCODE 2 /* read original guest opcode bytes; not the patched bytes */
678#define PATMREAD_NOCHECK 4 /* don't check for patch conflicts */
679
680/*
681 * Private structure used during disassembly
682 */
683typedef struct
684{
685 PVM pVM;
686 PPATCHINFO pPatchInfo;
687 R3PTRTYPE(uint8_t *) pInstrHC;
688 RTGCPTR pInstrGC;
689 uint32_t fReadFlags;
690} PATMDISASM, *PPATMDISASM;
691
692inline bool PATMR3DISInstr(PVM pVM, PPATCHINFO pPatch, DISCPUSTATE *pCpu, RTGCPTR InstrGC,
693 uint8_t *InstrHC, uint32_t *pOpsize, char *pszOutput,
694 uint32_t fReadFlags = PATMREAD_ORGCODE)
695{
696 PATMDISASM disinfo;
697 disinfo.pVM = pVM;
698 disinfo.pPatchInfo = pPatch;
699 disinfo.pInstrHC = InstrHC;
700 disinfo.pInstrGC = InstrGC;
701 disinfo.fReadFlags = fReadFlags;
702 (pCpu)->pfnReadBytes = patmReadBytes;
703 (pCpu)->apvUserData[0] = &disinfo;
704 return VBOX_SUCCESS(DISInstr(pCpu, InstrGC, 0, pOpsize, pszOutput));
705}
706#endif /* !IN_GC */
707
708__BEGIN_DECLS
709/**
710 * #PF Virtual Handler callback for Guest access a page monitored by PATM
711 *
712 * @returns VBox status code (appropritate for trap handling and GC return).
713 * @param pVM VM Handle.
714 * @param uErrorCode CPU Error code.
715 * @param pRegFrame Trap register frame.
716 * @param pvFault The fault address (cr2).
717 * @param pvRange The base address of the handled virtual range.
718 * @param offRange The offset of the access into this range.
719 * (If it's a EIP range this's the EIP, if not it's pvFault.)
720 */
721PATMGCDECL(int) PATMGCMonitorPage(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, void *pvFault, void *pvRange, uintptr_t offRange);
722
723/**
724 * Find patch for privileged instruction at specified location
725 *
726 * @returns Patch structure pointer if found; else NULL
727 * @param pVM The VM to operate on.
728 * @param pInstr Guest context point to instruction that might lie within 5 bytes of an existing patch jump
729 * @param fIncludeHints Include hinted patches or not
730 *
731 */
732PPATCHINFO PATMFindActivePatchByEntrypoint(PVM pVM, RTGCPTR pInstrGC, bool fIncludeHints=false);
733
734/**
735 * Patch cli/sti pushf/popf instruction block at specified location
736 *
737 * @returns VBox status code.
738 * @param pVM The VM to operate on.
739 * @param pInstrGC Guest context point to privileged instruction
740 * @param pInstrHC Host context point to privileged instruction
741 * @param uOpcode Instruction opcodee
742 * @param uOpSize Size of starting instruction
743 * @param pPatchRec Patch record
744 *
745 * @note returns failure if patching is not allowed or possible
746 *
747 */
748PATMR3DECL(int) PATMR3PatchBlock(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC,
749 uint32_t uOpcode, uint32_t uOpSize, PPATMPATCHREC pPatchRec);
750
751
752/**
753 * Replace an instruction with a breakpoint (0xCC), that is handled dynamically in the guest context.
754 *
755 * @returns VBox status code.
756 * @param pVM The VM to operate on.
757 * @param pInstrGC Guest context point to privileged instruction
758 * @param pInstrHC Host context point to privileged instruction
759 * @param pCpu Disassembly CPU structure ptr
760 * @param pPatch Patch record
761 *
762 * @note returns failure if patching is not allowed or possible
763 *
764 */
765PATMR3DECL(int) PATMR3PatchInstrInt3(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC, DISCPUSTATE *pCpu, PPATCHINFO pPatch);
766
767/**
768 * Mark patch as dirty
769 *
770 * @returns VBox status code.
771 * @param pVM The VM to operate on.
772 * @param pPatch Patch record
773 *
774 * @note returns failure if patching is not allowed or possible
775 *
776 */
777PATMR3DECL(int) PATMR3MarkDirtyPatch(PVM pVM, PPATCHINFO pPatch);
778
779/**
780 * Calculate the branch destination
781 *
782 * @returns branch destination or 0 if failed
783 * @param pCpu Disassembly state of instruction.
784 * @param pBranchInstrGC GC pointer of branch instruction
785 */
786inline RTGCPTR PATMResolveBranch(PDISCPUSTATE pCpu, RTGCPTR pBranchInstrGC)
787{
788 uint32_t disp;
789 if (pCpu->param1.flags & USE_IMMEDIATE8_REL)
790 {
791 disp = (int32_t)(char)pCpu->param1.parval;
792 }
793 else
794 if (pCpu->param1.flags & USE_IMMEDIATE16_REL)
795 {
796 disp = (int32_t)(uint16_t)pCpu->param1.parval;
797 }
798 else
799 if (pCpu->param1.flags & USE_IMMEDIATE32_REL)
800 {
801 disp = (int32_t)pCpu->param1.parval;
802 }
803 else
804 {
805 Log(("We don't support far jumps here!! (%08X)\n", pCpu->param1.flags));
806 return 0;
807 }
808#ifdef IN_GC
809 return (RTGCPTR)((uint8_t *)pBranchInstrGC + pCpu->opsize + disp);
810#else
811 return pBranchInstrGC + pCpu->opsize + disp;
812#endif
813}
814
815__END_DECLS
816
817#ifdef DEBUG
818int patmr3DisasmCallback(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData);
819int patmr3DisasmCodeStream(PVM pVM, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Analyse, void *pUserData);
820#endif
821
822#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette