VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp@ 37112

Last change on this file since 37112 was 36794, checked in by vboxsync, 14 years ago

IEM: Verify I/O port read and writes as well as MMIO accesses. Implemented some more instructions, getting thru the BIOS now.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 72.9 KB
Line 
1/* $Id: IOMAllMMIO.cpp 36794 2011-04-21 15:02:34Z vboxsync $ */
2/** @file
3 * IOM - Input / Output Monitor - Any Context, MMIO & String I/O.
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#define LOG_GROUP LOG_GROUP_IOM
23#include <VBox/vmm/iom.h>
24#include <VBox/vmm/cpum.h>
25#include <VBox/vmm/pgm.h>
26#include <VBox/vmm/selm.h>
27#include <VBox/vmm/mm.h>
28#include <VBox/vmm/em.h>
29#include <VBox/vmm/pgm.h>
30#include <VBox/vmm/trpm.h>
31#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
32# include <VBox/vmm/iem.h>
33#endif
34#include "IOMInternal.h"
35#include <VBox/vmm/vm.h>
36#include <VBox/vmm/vmm.h>
37#include <VBox/vmm/hwaccm.h>
38
39#include <VBox/dis.h>
40#include <VBox/disopcode.h>
41#include <VBox/vmm/pdmdev.h>
42#include <VBox/param.h>
43#include <VBox/err.h>
44#include <iprt/assert.h>
45#include <VBox/log.h>
46#include <iprt/asm.h>
47#include <iprt/string.h>
48
49
50/*******************************************************************************
51* Global Variables *
52*******************************************************************************/
53
54/**
55 * Array for fast recode of the operand size (1/2/4/8 bytes) to bit shift value.
56 */
57static const unsigned g_aSize2Shift[] =
58{
59 ~0, /* 0 - invalid */
60 0, /* *1 == 2^0 */
61 1, /* *2 == 2^1 */
62 ~0, /* 3 - invalid */
63 2, /* *4 == 2^2 */
64 ~0, /* 5 - invalid */
65 ~0, /* 6 - invalid */
66 ~0, /* 7 - invalid */
67 3 /* *8 == 2^3 */
68};
69
70/**
71 * Macro for fast recode of the operand size (1/2/4/8 bytes) to bit shift value.
72 */
73#define SIZE_2_SHIFT(cb) (g_aSize2Shift[cb])
74
75
76/**
77 * Wrapper which does the write and updates range statistics when such are enabled.
78 * @warning RT_SUCCESS(rc=VINF_IOM_HC_MMIO_WRITE) is TRUE!
79 */
80DECLINLINE(int) iomMMIODoWrite(PVM pVM, PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault, const void *pvData, unsigned cb)
81{
82#ifdef VBOX_WITH_STATISTICS
83 PIOMMMIOSTATS pStats = iomMMIOGetStats(&pVM->iom.s, GCPhysFault, pRange);
84 Assert(pStats);
85#endif
86
87 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
88 int rc;
89 if (RT_LIKELY(pRange->CTX_SUFF(pfnWriteCallback)))
90 rc = pRange->CTX_SUFF(pfnWriteCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhysFault, (void *)pvData, cb); /** @todo fix const!! */
91 else
92 rc = VINF_SUCCESS;
93 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
94 STAM_COUNTER_INC(&pStats->Accesses);
95 return rc;
96}
97
98
99/**
100 * Wrapper which does the read and updates range statistics when such are enabled.
101 */
102DECLINLINE(int) iomMMIODoRead(PVM pVM, PIOMMMIORANGE pRange, RTGCPHYS GCPhys, void *pvValue, unsigned cbValue)
103{
104#ifdef VBOX_WITH_STATISTICS
105 PIOMMMIOSTATS pStats = iomMMIOGetStats(&pVM->iom.s, GCPhys, pRange);
106 Assert(pStats);
107#endif
108
109 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a);
110 int rc;
111 if (RT_LIKELY(pRange->CTX_SUFF(pfnReadCallback)))
112 rc = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhys, pvValue, cbValue);
113 else
114 rc = VINF_IOM_MMIO_UNUSED_FF;
115 if (rc != VINF_SUCCESS)
116 {
117 switch (rc)
118 {
119 case VINF_IOM_MMIO_UNUSED_FF:
120 switch (cbValue)
121 {
122 case 1: *(uint8_t *)pvValue = UINT8_C(0xff); break;
123 case 2: *(uint16_t *)pvValue = UINT16_C(0xffff); break;
124 case 4: *(uint32_t *)pvValue = UINT32_C(0xffffffff); break;
125 case 8: *(uint64_t *)pvValue = UINT64_C(0xffffffffffffffff); break;
126 default: AssertReleaseMsgFailed(("cbValue=%d GCPhys=%RGp\n", cbValue, GCPhys)); break;
127 }
128 rc = VINF_SUCCESS;
129 break;
130
131 case VINF_IOM_MMIO_UNUSED_00:
132 switch (cbValue)
133 {
134 case 1: *(uint8_t *)pvValue = UINT8_C(0x00); break;
135 case 2: *(uint16_t *)pvValue = UINT16_C(0x0000); break;
136 case 4: *(uint32_t *)pvValue = UINT32_C(0x00000000); break;
137 case 8: *(uint64_t *)pvValue = UINT64_C(0x0000000000000000); break;
138 default: AssertReleaseMsgFailed(("cbValue=%d GCPhys=%RGp\n", cbValue, GCPhys)); break;
139 }
140 rc = VINF_SUCCESS;
141 break;
142 }
143 }
144 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
145 STAM_COUNTER_INC(&pStats->Accesses);
146 return rc;
147}
148
149
150/**
151 * Internal - statistics only.
152 */
153DECLINLINE(void) iomMMIOStatLength(PVM pVM, unsigned cb)
154{
155#ifdef VBOX_WITH_STATISTICS
156 switch (cb)
157 {
158 case 1:
159 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO1Byte);
160 break;
161 case 2:
162 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO2Bytes);
163 break;
164 case 4:
165 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO4Bytes);
166 break;
167 case 8:
168 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO8Bytes);
169 break;
170 default:
171 /* No way. */
172 AssertMsgFailed(("Invalid data length %d\n", cb));
173 break;
174 }
175#else
176 NOREF(pVM); NOREF(cb);
177#endif
178}
179
180
181/**
182 * MOV reg, mem (read)
183 * MOVZX reg, mem (read)
184 * MOVSX reg, mem (read)
185 *
186 * @returns VBox status code.
187 *
188 * @param pVM The virtual machine.
189 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
190 * @param pCpu Disassembler CPU state.
191 * @param pRange Pointer MMIO range.
192 * @param GCPhysFault The GC physical address corresponding to pvFault.
193 */
194static int iomInterpretMOVxXRead(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault)
195{
196 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
197
198 /*
199 * Get the data size from parameter 2,
200 * and call the handler function to get the data.
201 */
202 unsigned cb = DISGetParamSize(pCpu, &pCpu->param2);
203 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
204
205 uint64_t u64Data = 0;
206 int rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &u64Data, cb);
207 if (rc == VINF_SUCCESS)
208 {
209 /*
210 * Do sign extension for MOVSX.
211 */
212 /** @todo checkup MOVSX implementation! */
213 if (pCpu->pCurInstr->opcode == OP_MOVSX)
214 {
215 if (cb == 1)
216 {
217 /* DWORD <- BYTE */
218 int64_t iData = (int8_t)u64Data;
219 u64Data = (uint64_t)iData;
220 }
221 else
222 {
223 /* DWORD <- WORD */
224 int64_t iData = (int16_t)u64Data;
225 u64Data = (uint64_t)iData;
226 }
227 }
228
229 /*
230 * Store the result to register (parameter 1).
231 */
232 bool fRc = iomSaveDataToReg(pCpu, &pCpu->param1, pRegFrame, u64Data);
233 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
234 }
235
236 if (rc == VINF_SUCCESS)
237 iomMMIOStatLength(pVM, cb);
238 return rc;
239}
240
241
242/**
243 * MOV mem, reg|imm (write)
244 *
245 * @returns VBox status code.
246 *
247 * @param pVM The virtual machine.
248 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
249 * @param pCpu Disassembler CPU state.
250 * @param pRange Pointer MMIO range.
251 * @param GCPhysFault The GC physical address corresponding to pvFault.
252 */
253static int iomInterpretMOVxXWrite(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault)
254{
255 Assert(pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3);
256
257 /*
258 * Get data to write from second parameter,
259 * and call the callback to write it.
260 */
261 unsigned cb = 0;
262 uint64_t u64Data = 0;
263 bool fRc = iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &u64Data, &cb);
264 AssertMsg(fRc, ("Failed to get reg/imm port number!\n")); NOREF(fRc);
265
266 int rc = iomMMIODoWrite(pVM, pRange, GCPhysFault, &u64Data, cb);
267 if (rc == VINF_SUCCESS)
268 iomMMIOStatLength(pVM, cb);
269 return rc;
270}
271
272
273/** Wrapper for reading virtual memory. */
274DECLINLINE(int) iomRamRead(PVMCPU pVCpu, void *pDest, RTGCPTR GCSrc, uint32_t cb)
275{
276 /* Note: This will fail in R0 or RC if it hits an access handler. That
277 isn't a problem though since the operation can be restarted in REM. */
278#ifdef IN_RC
279 return MMGCRamReadNoTrapHandler(pDest, (void *)(uintptr_t)GCSrc, cb);
280#else
281 return PGMPhysReadGCPtr(pVCpu, pDest, GCSrc, cb);
282#endif
283}
284
285
286/** Wrapper for writing virtual memory. */
287DECLINLINE(int) iomRamWrite(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, void *pvSrc, uint32_t cb)
288{
289 /** @todo Need to update PGMVerifyAccess to take access handlers into account for Ring-0 and
290 * raw mode code. Some thought needs to be spent on theoretical concurrency issues as
291 * as well since we're not behind the pgm lock and handler may change between calls.
292 *
293 * PGMPhysInterpretedWriteNoHandlers/PGMPhysWriteGCPtr may mess up
294 * the state of some shadowed structures. */
295#if defined(IN_RING0) || defined(IN_RC)
296 return PGMPhysInterpretedWriteNoHandlers(pVCpu, pCtxCore, GCPtrDst, pvSrc, cb, false /*fRaiseTrap*/);
297#else
298 NOREF(pCtxCore);
299 return PGMPhysWriteGCPtr(pVCpu, GCPtrDst, pvSrc, cb);
300#endif
301}
302
303
304#ifdef IOM_WITH_MOVS_SUPPORT
305/**
306 * [REP] MOVSB
307 * [REP] MOVSW
308 * [REP] MOVSD
309 *
310 * Restricted implementation.
311 *
312 *
313 * @returns VBox status code.
314 *
315 * @param pVM The virtual machine.
316 * @param uErrorCode CPU Error code.
317 * @param pRegFrame Trap register frame.
318 * @param GCPhysFault The GC physical address corresponding to pvFault.
319 * @param pCpu Disassembler CPU state.
320 * @param pRange Pointer MMIO range.
321 * @param ppStat Which sub-sample to attribute this call to.
322 */
323static int iomInterpretMOVS(PVM pVM, bool fWriteAccess, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange, PSTAMPROFILE *ppStat)
324{
325 /*
326 * We do not support segment prefixes or REPNE.
327 */
328 if (pCpu->prefix & (PREFIX_SEG | PREFIX_REPNE))
329 return VINF_IOM_HC_MMIO_READ_WRITE; /** @todo -> interpret whatever. */
330
331 PVMCPU pVCpu = VMMGetCpu(pVM);
332
333 /*
334 * Get bytes/words/dwords/qword count to copy.
335 */
336 uint32_t cTransfers = 1;
337 if (pCpu->prefix & PREFIX_REP)
338 {
339#ifndef IN_RC
340 if ( CPUMIsGuestIn64BitCode(pVCpu, pRegFrame)
341 && pRegFrame->rcx >= _4G)
342 return VINF_EM_RAW_EMULATE_INSTR;
343#endif
344
345 cTransfers = pRegFrame->ecx;
346 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) == CPUMODE_16BIT)
347 cTransfers &= 0xffff;
348
349 if (!cTransfers)
350 return VINF_SUCCESS;
351 }
352
353 /* Get the current privilege level. */
354 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
355
356 /*
357 * Get data size.
358 */
359 unsigned cb = DISGetParamSize(pCpu, &pCpu->param1);
360 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
361 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
362
363#ifdef VBOX_WITH_STATISTICS
364 if (pVM->iom.s.cMovsMaxBytes < (cTransfers << SIZE_2_SHIFT(cb)))
365 pVM->iom.s.cMovsMaxBytes = cTransfers << SIZE_2_SHIFT(cb);
366#endif
367
368/** @todo re-evaluate on page boundaries. */
369
370 RTGCPHYS Phys = GCPhysFault;
371 int rc;
372 if (fWriteAccess)
373 {
374 /*
375 * Write operation: [Mem] -> [MMIO]
376 * ds:esi (Virt Src) -> es:edi (Phys Dst)
377 */
378 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsToMMIO; });
379
380 /* Check callback. */
381 if (!pRange->CTX_SUFF(pfnWriteCallback))
382 return VINF_IOM_HC_MMIO_WRITE;
383
384 /* Convert source address ds:esi. */
385 RTGCUINTPTR pu8Virt;
386 rc = SELMToFlatEx(pVM, DIS_SELREG_DS, pRegFrame, (RTGCPTR)pRegFrame->rsi,
387 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
388 (PRTGCPTR)&pu8Virt);
389 if (RT_SUCCESS(rc))
390 {
391
392 /* Access verification first; we currently can't recover properly from traps inside this instruction */
393 rc = PGMVerifyAccess(pVCpu, pu8Virt, cTransfers * cb, (cpl == 3) ? X86_PTE_US : 0);
394 if (rc != VINF_SUCCESS)
395 {
396 Log(("MOVS will generate a trap -> recompiler, rc=%d\n", rc));
397 return VINF_EM_RAW_EMULATE_INSTR;
398 }
399
400#ifdef IN_RC
401 MMGCRamRegisterTrapHandler(pVM);
402#endif
403
404 /* copy loop. */
405 while (cTransfers)
406 {
407 uint32_t u32Data = 0;
408 rc = iomRamRead(pVCpu, &u32Data, (RTGCPTR)pu8Virt, cb);
409 if (rc != VINF_SUCCESS)
410 break;
411 rc = iomMMIODoWrite(pVM, pRange, Phys, &u32Data, cb);
412 if (rc != VINF_SUCCESS)
413 break;
414
415 pu8Virt += offIncrement;
416 Phys += offIncrement;
417 pRegFrame->rsi += offIncrement;
418 pRegFrame->rdi += offIncrement;
419 cTransfers--;
420 }
421#ifdef IN_RC
422 MMGCRamDeregisterTrapHandler(pVM);
423#endif
424 /* Update ecx. */
425 if (pCpu->prefix & PREFIX_REP)
426 pRegFrame->ecx = cTransfers;
427 }
428 else
429 rc = VINF_IOM_HC_MMIO_READ_WRITE;
430 }
431 else
432 {
433 /*
434 * Read operation: [MMIO] -> [mem] or [MMIO] -> [MMIO]
435 * ds:[eSI] (Phys Src) -> es:[eDI] (Virt Dst)
436 */
437 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsFromMMIO; });
438
439 /* Check callback. */
440 if (!pRange->CTX_SUFF(pfnReadCallback))
441 return VINF_IOM_HC_MMIO_READ;
442
443 /* Convert destination address. */
444 RTGCUINTPTR pu8Virt;
445 rc = SELMToFlatEx(pVM, DIS_SELREG_ES, pRegFrame, (RTGCPTR)pRegFrame->rdi,
446 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
447 (RTGCPTR *)&pu8Virt);
448 if (RT_FAILURE(rc))
449 return VINF_IOM_HC_MMIO_READ;
450
451 /* Check if destination address is MMIO. */
452 PIOMMMIORANGE pMMIODst;
453 RTGCPHYS PhysDst;
454 rc = PGMGstGetPage(pVCpu, (RTGCPTR)pu8Virt, NULL, &PhysDst);
455 PhysDst |= (RTGCUINTPTR)pu8Virt & PAGE_OFFSET_MASK;
456 if ( RT_SUCCESS(rc)
457 && (pMMIODst = iomMMIOGetRange(&pVM->iom.s, PhysDst)))
458 {
459 /** @todo implement per-device locks for MMIO access. */
460 Assert(!pMMIODst->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
461
462 /*
463 * Extra: [MMIO] -> [MMIO]
464 */
465 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsMMIO; });
466 if (!pMMIODst->CTX_SUFF(pfnWriteCallback) && pMMIODst->pfnWriteCallbackR3)
467 return VINF_IOM_HC_MMIO_READ_WRITE;
468
469 /* copy loop. */
470 while (cTransfers)
471 {
472 uint32_t u32Data;
473 rc = iomMMIODoRead(pVM, pRange, Phys, &u32Data, cb);
474 if (rc != VINF_SUCCESS)
475 break;
476 rc = iomMMIODoWrite(pVM, pMMIODst, PhysDst, &u32Data, cb);
477 if (rc != VINF_SUCCESS)
478 break;
479
480 Phys += offIncrement;
481 PhysDst += offIncrement;
482 pRegFrame->rsi += offIncrement;
483 pRegFrame->rdi += offIncrement;
484 cTransfers--;
485 }
486 }
487 else
488 {
489 /*
490 * Normal: [MMIO] -> [Mem]
491 */
492 /* Access verification first; we currently can't recover properly from traps inside this instruction */
493 rc = PGMVerifyAccess(pVCpu, pu8Virt, cTransfers * cb, X86_PTE_RW | ((cpl == 3) ? X86_PTE_US : 0));
494 if (rc != VINF_SUCCESS)
495 {
496 Log(("MOVS will generate a trap -> recompiler, rc=%d\n", rc));
497 return VINF_EM_RAW_EMULATE_INSTR;
498 }
499
500 /* copy loop. */
501#ifdef IN_RC
502 MMGCRamRegisterTrapHandler(pVM);
503#endif
504 while (cTransfers)
505 {
506 uint32_t u32Data;
507 rc = iomMMIODoRead(pVM, pRange, Phys, &u32Data, cb);
508 if (rc != VINF_SUCCESS)
509 break;
510 rc = iomRamWrite(pVCpu, pRegFrame, (RTGCPTR)pu8Virt, &u32Data, cb);
511 if (rc != VINF_SUCCESS)
512 {
513 Log(("iomRamWrite %08X size=%d failed with %d\n", pu8Virt, cb, rc));
514 break;
515 }
516
517 pu8Virt += offIncrement;
518 Phys += offIncrement;
519 pRegFrame->rsi += offIncrement;
520 pRegFrame->rdi += offIncrement;
521 cTransfers--;
522 }
523#ifdef IN_RC
524 MMGCRamDeregisterTrapHandler(pVM);
525#endif
526 }
527
528 /* Update ecx on exit. */
529 if (pCpu->prefix & PREFIX_REP)
530 pRegFrame->ecx = cTransfers;
531 }
532
533 /* work statistics. */
534 if (rc == VINF_SUCCESS)
535 iomMMIOStatLength(pVM, cb);
536 NOREF(ppStat);
537 return rc;
538}
539#endif /* IOM_WITH_MOVS_SUPPORT */
540
541
542/**
543 * [REP] STOSB
544 * [REP] STOSW
545 * [REP] STOSD
546 *
547 * Restricted implementation.
548 *
549 *
550 * @returns VBox status code.
551 *
552 * @param pVM The virtual machine.
553 * @param pRegFrame Trap register frame.
554 * @param GCPhysFault The GC physical address corresponding to pvFault.
555 * @param pCpu Disassembler CPU state.
556 * @param pRange Pointer MMIO range.
557 */
558static int iomInterpretSTOS(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
559{
560 /*
561 * We do not support segment prefixes or REPNE..
562 */
563 if (pCpu->prefix & (PREFIX_SEG | PREFIX_REPNE))
564 return VINF_IOM_HC_MMIO_READ_WRITE; /** @todo -> REM instead of HC */
565
566 /*
567 * Get bytes/words/dwords count to copy.
568 */
569 uint32_t cTransfers = 1;
570 if (pCpu->prefix & PREFIX_REP)
571 {
572#ifndef IN_RC
573 if ( CPUMIsGuestIn64BitCode(VMMGetCpu(pVM), pRegFrame)
574 && pRegFrame->rcx >= _4G)
575 return VINF_EM_RAW_EMULATE_INSTR;
576#endif
577
578 cTransfers = pRegFrame->ecx;
579 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) == CPUMODE_16BIT)
580 cTransfers &= 0xffff;
581
582 if (!cTransfers)
583 return VINF_SUCCESS;
584 }
585
586/** @todo r=bird: bounds checks! */
587
588 /*
589 * Get data size.
590 */
591 unsigned cb = DISGetParamSize(pCpu, &pCpu->param1);
592 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
593 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
594
595#ifdef VBOX_WITH_STATISTICS
596 if (pVM->iom.s.cStosMaxBytes < (cTransfers << SIZE_2_SHIFT(cb)))
597 pVM->iom.s.cStosMaxBytes = cTransfers << SIZE_2_SHIFT(cb);
598#endif
599
600
601 RTGCPHYS Phys = GCPhysFault;
602 uint32_t u32Data = pRegFrame->eax;
603 int rc;
604 if (pRange->CTX_SUFF(pfnFillCallback))
605 {
606 /*
607 * Use the fill callback.
608 */
609 /** @todo pfnFillCallback must return number of bytes successfully written!!! */
610 if (offIncrement > 0)
611 {
612 /* addr++ variant. */
613 rc = pRange->CTX_SUFF(pfnFillCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), Phys, u32Data, cb, cTransfers);
614 if (rc == VINF_SUCCESS)
615 {
616 /* Update registers. */
617 pRegFrame->rdi += cTransfers << SIZE_2_SHIFT(cb);
618 if (pCpu->prefix & PREFIX_REP)
619 pRegFrame->ecx = 0;
620 }
621 }
622 else
623 {
624 /* addr-- variant. */
625 rc = pRange->CTX_SUFF(pfnFillCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), Phys - ((cTransfers - 1) << SIZE_2_SHIFT(cb)), u32Data, cb, cTransfers);
626 if (rc == VINF_SUCCESS)
627 {
628 /* Update registers. */
629 pRegFrame->rdi -= cTransfers << SIZE_2_SHIFT(cb);
630 if (pCpu->prefix & PREFIX_REP)
631 pRegFrame->ecx = 0;
632 }
633 }
634 }
635 else
636 {
637 /*
638 * Use the write callback.
639 */
640 Assert(pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3);
641
642 /* fill loop. */
643 do
644 {
645 rc = iomMMIODoWrite(pVM, pRange, Phys, &u32Data, cb);
646 if (rc != VINF_SUCCESS)
647 break;
648
649 Phys += offIncrement;
650 pRegFrame->rdi += offIncrement;
651 cTransfers--;
652 } while (cTransfers);
653
654 /* Update ecx on exit. */
655 if (pCpu->prefix & PREFIX_REP)
656 pRegFrame->ecx = cTransfers;
657 }
658
659 /*
660 * Work statistics and return.
661 */
662 if (rc == VINF_SUCCESS)
663 iomMMIOStatLength(pVM, cb);
664 return rc;
665}
666
667
668/**
669 * [REP] LODSB
670 * [REP] LODSW
671 * [REP] LODSD
672 *
673 * Restricted implementation.
674 *
675 *
676 * @returns VBox status code.
677 *
678 * @param pVM The virtual machine.
679 * @param pRegFrame Trap register frame.
680 * @param GCPhysFault The GC physical address corresponding to pvFault.
681 * @param pCpu Disassembler CPU state.
682 * @param pRange Pointer MMIO range.
683 */
684static int iomInterpretLODS(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
685{
686 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
687
688 /*
689 * We do not support segment prefixes or REP*.
690 */
691 if (pCpu->prefix & (PREFIX_SEG | PREFIX_REP | PREFIX_REPNE))
692 return VINF_IOM_HC_MMIO_READ_WRITE; /** @todo -> REM instead of HC */
693
694 /*
695 * Get data size.
696 */
697 unsigned cb = DISGetParamSize(pCpu, &pCpu->param2);
698 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
699 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
700
701 /*
702 * Perform read.
703 */
704 int rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &pRegFrame->rax, cb);
705 if (rc == VINF_SUCCESS)
706 pRegFrame->rsi += offIncrement;
707
708 /*
709 * Work statistics and return.
710 */
711 if (rc == VINF_SUCCESS)
712 iomMMIOStatLength(pVM, cb);
713 return rc;
714}
715
716
717/**
718 * CMP [MMIO], reg|imm
719 * CMP reg|imm, [MMIO]
720 *
721 * Restricted implementation.
722 *
723 *
724 * @returns VBox status code.
725 *
726 * @param pVM The virtual machine.
727 * @param pRegFrame Trap register frame.
728 * @param GCPhysFault The GC physical address corresponding to pvFault.
729 * @param pCpu Disassembler CPU state.
730 * @param pRange Pointer MMIO range.
731 */
732static int iomInterpretCMP(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
733{
734 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
735
736 /*
737 * Get the operands.
738 */
739 unsigned cb = 0;
740 uint64_t uData1 = 0;
741 uint64_t uData2 = 0;
742 int rc;
743 if (iomGetRegImmData(pCpu, &pCpu->param1, pRegFrame, &uData1, &cb))
744 /* cmp reg, [MMIO]. */
745 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData2, cb);
746 else if (iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &uData2, &cb))
747 /* cmp [MMIO], reg|imm. */
748 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData1, cb);
749 else
750 {
751 AssertMsgFailed(("Disassember CMP problem..\n"));
752 rc = VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
753 }
754
755 if (rc == VINF_SUCCESS)
756 {
757#if HC_ARCH_BITS == 32
758 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
759 if (cb > 4)
760 return VINF_IOM_HC_MMIO_READ_WRITE;
761#endif
762 /* Emulate CMP and update guest flags. */
763 uint32_t eflags = EMEmulateCmp(uData1, uData2, cb);
764 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
765 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
766 iomMMIOStatLength(pVM, cb);
767 }
768
769 return rc;
770}
771
772
773/**
774 * AND [MMIO], reg|imm
775 * AND reg, [MMIO]
776 * OR [MMIO], reg|imm
777 * OR reg, [MMIO]
778 *
779 * Restricted implementation.
780 *
781 *
782 * @returns VBox status code.
783 *
784 * @param pVM The virtual machine.
785 * @param pRegFrame Trap register frame.
786 * @param GCPhysFault The GC physical address corresponding to pvFault.
787 * @param pCpu Disassembler CPU state.
788 * @param pRange Pointer MMIO range.
789 * @param pfnEmulate Instruction emulation function.
790 */
791static int iomInterpretOrXorAnd(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange, PFNEMULATEPARAM3 pfnEmulate)
792{
793 unsigned cb = 0;
794 uint64_t uData1 = 0;
795 uint64_t uData2 = 0;
796 bool fAndWrite;
797 int rc;
798
799#ifdef LOG_ENABLED
800 const char *pszInstr;
801
802 if (pCpu->pCurInstr->opcode == OP_XOR)
803 pszInstr = "Xor";
804 else if (pCpu->pCurInstr->opcode == OP_OR)
805 pszInstr = "Or";
806 else if (pCpu->pCurInstr->opcode == OP_AND)
807 pszInstr = "And";
808 else
809 pszInstr = "OrXorAnd??";
810#endif
811
812 if (iomGetRegImmData(pCpu, &pCpu->param1, pRegFrame, &uData1, &cb))
813 {
814#if HC_ARCH_BITS == 32
815 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
816 if (cb > 4)
817 return VINF_IOM_HC_MMIO_READ_WRITE;
818#endif
819 /* and reg, [MMIO]. */
820 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
821 fAndWrite = false;
822 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData2, cb);
823 }
824 else if (iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &uData2, &cb))
825 {
826#if HC_ARCH_BITS == 32
827 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
828 if (cb > 4)
829 return VINF_IOM_HC_MMIO_READ_WRITE;
830#endif
831 /* and [MMIO], reg|imm. */
832 fAndWrite = true;
833 if ( (pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3)
834 && (pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3))
835 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData1, cb);
836 else
837 rc = VINF_IOM_HC_MMIO_READ_WRITE;
838 }
839 else
840 {
841 AssertMsgFailed(("Disassember AND problem..\n"));
842 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
843 }
844
845 if (rc == VINF_SUCCESS)
846 {
847 /* Emulate AND and update guest flags. */
848 uint32_t eflags = pfnEmulate((uint32_t *)&uData1, uData2, cb);
849
850 LogFlow(("iomInterpretOrXorAnd %s result %RX64\n", pszInstr, uData1));
851
852 if (fAndWrite)
853 /* Store result to MMIO. */
854 rc = iomMMIODoWrite(pVM, pRange, GCPhysFault, &uData1, cb);
855 else
856 {
857 /* Store result to register. */
858 bool fRc = iomSaveDataToReg(pCpu, &pCpu->param1, pRegFrame, uData1);
859 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
860 }
861 if (rc == VINF_SUCCESS)
862 {
863 /* Update guest's eflags and finish. */
864 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
865 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
866 iomMMIOStatLength(pVM, cb);
867 }
868 }
869
870 return rc;
871}
872
873
874/**
875 * TEST [MMIO], reg|imm
876 * TEST reg, [MMIO]
877 *
878 * Restricted implementation.
879 *
880 *
881 * @returns VBox status code.
882 *
883 * @param pVM The virtual machine.
884 * @param pRegFrame Trap register frame.
885 * @param GCPhysFault The GC physical address corresponding to pvFault.
886 * @param pCpu Disassembler CPU state.
887 * @param pRange Pointer MMIO range.
888 */
889static int iomInterpretTEST(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
890{
891 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
892
893 unsigned cb = 0;
894 uint64_t uData1 = 0;
895 uint64_t uData2 = 0;
896 int rc;
897
898 if (iomGetRegImmData(pCpu, &pCpu->param1, pRegFrame, &uData1, &cb))
899 {
900 /* and test, [MMIO]. */
901 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData2, cb);
902 }
903 else if (iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &uData2, &cb))
904 {
905 /* test [MMIO], reg|imm. */
906 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData1, cb);
907 }
908 else
909 {
910 AssertMsgFailed(("Disassember TEST problem..\n"));
911 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
912 }
913
914 if (rc == VINF_SUCCESS)
915 {
916#if HC_ARCH_BITS == 32
917 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
918 if (cb > 4)
919 return VINF_IOM_HC_MMIO_READ_WRITE;
920#endif
921
922 /* Emulate TEST (=AND without write back) and update guest EFLAGS. */
923 uint32_t eflags = EMEmulateAnd((uint32_t *)&uData1, uData2, cb);
924 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
925 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
926 iomMMIOStatLength(pVM, cb);
927 }
928
929 return rc;
930}
931
932
933/**
934 * BT [MMIO], reg|imm
935 *
936 * Restricted implementation.
937 *
938 *
939 * @returns VBox status code.
940 *
941 * @param pVM The virtual machine.
942 * @param pRegFrame Trap register frame.
943 * @param GCPhysFault The GC physical address corresponding to pvFault.
944 * @param pCpu Disassembler CPU state.
945 * @param pRange Pointer MMIO range.
946 */
947static int iomInterpretBT(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
948{
949 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
950
951 uint64_t uBit = 0;
952 uint64_t uData = 0;
953 unsigned cbIgnored;
954
955 if (!iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &uBit, &cbIgnored))
956 {
957 AssertMsgFailed(("Disassember BT problem..\n"));
958 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
959 }
960 /* The size of the memory operand only matters here. */
961 unsigned cbData = DISGetParamSize(pCpu, &pCpu->param1);
962
963 /* bt [MMIO], reg|imm. */
964 int rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData, cbData);
965 if (rc == VINF_SUCCESS)
966 {
967 /* Find the bit inside the faulting address */
968 pRegFrame->eflags.Bits.u1CF = (uData >> uBit);
969 iomMMIOStatLength(pVM, cbData);
970 }
971
972 return rc;
973}
974
975/**
976 * XCHG [MMIO], reg
977 * XCHG reg, [MMIO]
978 *
979 * Restricted implementation.
980 *
981 *
982 * @returns VBox status code.
983 *
984 * @param pVM The virtual machine.
985 * @param pRegFrame Trap register frame.
986 * @param GCPhysFault The GC physical address corresponding to pvFault.
987 * @param pCpu Disassembler CPU state.
988 * @param pRange Pointer MMIO range.
989 */
990static int iomInterpretXCHG(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
991{
992 /* Check for read & write handlers since IOMMMIOHandler doesn't cover this. */
993 if ( (!pRange->CTX_SUFF(pfnReadCallback) && pRange->pfnReadCallbackR3)
994 || (!pRange->CTX_SUFF(pfnWriteCallback) && pRange->pfnWriteCallbackR3))
995 return VINF_IOM_HC_MMIO_READ_WRITE;
996
997 int rc;
998 unsigned cb = 0;
999 uint64_t uData1 = 0;
1000 uint64_t uData2 = 0;
1001 if (iomGetRegImmData(pCpu, &pCpu->param1, pRegFrame, &uData1, &cb))
1002 {
1003 /* xchg reg, [MMIO]. */
1004 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData2, cb);
1005 if (rc == VINF_SUCCESS)
1006 {
1007 /* Store result to MMIO. */
1008 rc = iomMMIODoWrite(pVM, pRange, GCPhysFault, &uData1, cb);
1009
1010 if (rc == VINF_SUCCESS)
1011 {
1012 /* Store result to register. */
1013 bool fRc = iomSaveDataToReg(pCpu, &pCpu->param1, pRegFrame, uData2);
1014 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
1015 }
1016 else
1017 Assert(rc == VINF_IOM_HC_MMIO_WRITE || rc == VINF_PATM_HC_MMIO_PATCH_WRITE);
1018 }
1019 else
1020 Assert(rc == VINF_IOM_HC_MMIO_READ || rc == VINF_PATM_HC_MMIO_PATCH_READ);
1021 }
1022 else if (iomGetRegImmData(pCpu, &pCpu->param2, pRegFrame, &uData2, &cb))
1023 {
1024 /* xchg [MMIO], reg. */
1025 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, &uData1, cb);
1026 if (rc == VINF_SUCCESS)
1027 {
1028 /* Store result to MMIO. */
1029 rc = iomMMIODoWrite(pVM, pRange, GCPhysFault, &uData2, cb);
1030 if (rc == VINF_SUCCESS)
1031 {
1032 /* Store result to register. */
1033 bool fRc = iomSaveDataToReg(pCpu, &pCpu->param2, pRegFrame, uData1);
1034 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
1035 }
1036 else
1037 AssertMsg(rc == VINF_IOM_HC_MMIO_READ_WRITE || rc == VINF_IOM_HC_MMIO_WRITE || rc == VINF_PATM_HC_MMIO_PATCH_WRITE, ("rc=%Rrc\n", rc));
1038 }
1039 else
1040 AssertMsg(rc == VINF_IOM_HC_MMIO_READ_WRITE || rc == VINF_IOM_HC_MMIO_READ || rc == VINF_PATM_HC_MMIO_PATCH_READ, ("rc=%Rrc\n", rc));
1041 }
1042 else
1043 {
1044 AssertMsgFailed(("Disassember XCHG problem..\n"));
1045 rc = VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1046 }
1047 return rc;
1048}
1049
1050
1051/**
1052 * \#PF Handler callback for MMIO ranges.
1053 *
1054 * @returns VBox status code (appropriate for GC return).
1055 * @param pVM VM Handle.
1056 * @param uErrorCode CPU Error code. This is UINT32_MAX when we don't have
1057 * any error code (the EPT misconfig hack).
1058 * @param pCtxCore Trap register frame.
1059 * @param GCPhysFault The GC physical address corresponding to pvFault.
1060 * @param pvUser Pointer to the MMIO ring-3 range entry.
1061 */
1062static int iomMMIOHandler(PVM pVM, uint32_t uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPHYS GCPhysFault, void *pvUser)
1063{
1064 /* Take the IOM lock before performing any MMIO. */
1065 int rc = iomLock(pVM);
1066#ifndef IN_RING3
1067 if (rc == VERR_SEM_BUSY)
1068 return VINF_IOM_HC_MMIO_READ_WRITE;
1069#endif
1070 AssertRC(rc);
1071
1072 STAM_PROFILE_START(&pVM->iom.s.StatRZMMIOHandler, a);
1073 Log(("iomMMIOHandler: GCPhys=%RGp uErr=%#x rip=%RGv\n",
1074 GCPhysFault, uErrorCode, (RTGCPTR)pCtxCore->rip));
1075
1076 PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
1077 Assert(pRange);
1078 Assert(pRange == iomMMIOGetRange(&pVM->iom.s, GCPhysFault));
1079 /** @todo implement per-device locks for MMIO access. It can replace the IOM
1080 * lock for most of the code, provided that we retake the lock while
1081 * deregistering PIOMMMIORANGE to deal with remapping/access races
1082 * (unlikely, but an SMP guest shouldn't cause us to crash). */
1083 Assert(!pRange->CTX_SUFF(pDevIns) || !pRange->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
1084
1085#ifdef VBOX_WITH_STATISTICS
1086 /*
1087 * Locate the statistics, if > PAGE_SIZE we'll use the first byte for everything.
1088 */
1089 PIOMMMIOSTATS pStats = iomMMIOGetStats(&pVM->iom.s, GCPhysFault, pRange);
1090 if (!pStats)
1091 {
1092# ifdef IN_RING3
1093 iomUnlock(pVM);
1094 return VERR_NO_MEMORY;
1095# else
1096 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1097 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1098 iomUnlock(pVM);
1099 return VINF_IOM_HC_MMIO_READ_WRITE;
1100# endif
1101 }
1102#endif
1103
1104#ifndef IN_RING3
1105 /*
1106 * Should we defer the request right away? This isn't usually the case, so
1107 * do the simple test first and the try deal with uErrorCode being N/A.
1108 */
1109 if (RT_UNLIKELY( ( !pRange->CTX_SUFF(pfnWriteCallback)
1110 || !pRange->CTX_SUFF(pfnReadCallback))
1111 && ( uErrorCode == UINT32_MAX
1112 ? pRange->pfnWriteCallbackR3 || pRange->pfnReadCallbackR3
1113 : uErrorCode & X86_TRAP_PF_RW
1114 ? !pRange->CTX_SUFF(pfnWriteCallback) && pRange->pfnWriteCallbackR3
1115 : !pRange->CTX_SUFF(pfnReadCallback) && pRange->pfnReadCallbackR3
1116 )
1117 )
1118 )
1119 {
1120 if (uErrorCode & X86_TRAP_PF_RW)
1121 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1122 else
1123 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1124
1125 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1126 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1127 iomUnlock(pVM);
1128 return VINF_IOM_HC_MMIO_READ_WRITE;
1129 }
1130#endif /* !IN_RING3 */
1131
1132 /*
1133 * Disassemble the instruction and interpret it.
1134 */
1135 PVMCPU pVCpu = VMMGetCpu(pVM);
1136 PDISCPUSTATE pDis = &pVCpu->iom.s.DisState;
1137 unsigned cbOp;
1138 rc = EMInterpretDisasOne(pVM, pVCpu, pCtxCore, pDis, &cbOp);
1139 AssertRC(rc);
1140 if (RT_FAILURE(rc))
1141 {
1142 iomUnlock(pVM);
1143 return rc;
1144 }
1145 switch (pDis->pCurInstr->opcode)
1146 {
1147 case OP_MOV:
1148 case OP_MOVZX:
1149 case OP_MOVSX:
1150 {
1151 STAM_PROFILE_START(&pVM->iom.s.StatRZInstMov, b);
1152 AssertMsg(uErrorCode == UINT32_MAX || DIS_IS_EFFECTIVE_ADDR(pDis->param1.flags) == !!(uErrorCode & X86_TRAP_PF_RW), ("flags1=%#llx/%RTbool flags2=%#llx/%RTbool ErrCd=%#x\n", pDis->param1.flags, DIS_IS_EFFECTIVE_ADDR(pDis->param1.flags), pDis->param2.flags, DIS_IS_EFFECTIVE_ADDR(pDis->param2.flags), uErrorCode));
1153 if (uErrorCode != UINT32_MAX /* EPT+MMIO optimization */
1154 ? uErrorCode & X86_TRAP_PF_RW
1155 : DIS_IS_EFFECTIVE_ADDR(pDis->param1.flags))
1156 rc = iomInterpretMOVxXWrite(pVM, pCtxCore, pDis, pRange, GCPhysFault);
1157 else
1158 rc = iomInterpretMOVxXRead(pVM, pCtxCore, pDis, pRange, GCPhysFault);
1159 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstMov, b);
1160 break;
1161 }
1162
1163
1164#ifdef IOM_WITH_MOVS_SUPPORT
1165 case OP_MOVSB:
1166 case OP_MOVSWD:
1167 {
1168 if (uErrorCode == UINT32_MAX)
1169 return VINF_IOM_HC_MMIO_READ_WRITE;
1170 STAM_PROFILE_ADV_START(&pVM->iom.s.StatRZInstMovs, c);
1171 PSTAMPROFILE pStat = NULL;
1172 rc = iomInterpretMOVS(pVM, !!(uErrorCode & X86_TRAP_PF_RW), pCtxCore, GCPhysFault, pDis, pRange, &pStat);
1173 STAM_PROFILE_ADV_STOP_EX(&pVM->iom.s.StatRZInstMovs, pStat, c);
1174 break;
1175 }
1176#endif
1177
1178 case OP_STOSB:
1179 case OP_STOSWD:
1180 Assert(uErrorCode & X86_TRAP_PF_RW);
1181 STAM_PROFILE_START(&pVM->iom.s.StatRZInstStos, d);
1182 rc = iomInterpretSTOS(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1183 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstStos, d);
1184 break;
1185
1186 case OP_LODSB:
1187 case OP_LODSWD:
1188 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1189 STAM_PROFILE_START(&pVM->iom.s.StatRZInstLods, e);
1190 rc = iomInterpretLODS(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1191 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstLods, e);
1192 break;
1193
1194 case OP_CMP:
1195 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1196 STAM_PROFILE_START(&pVM->iom.s.StatRZInstCmp, f);
1197 rc = iomInterpretCMP(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1198 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstCmp, f);
1199 break;
1200
1201 case OP_AND:
1202 STAM_PROFILE_START(&pVM->iom.s.StatRZInstAnd, g);
1203 rc = iomInterpretOrXorAnd(pVM, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateAnd);
1204 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstAnd, g);
1205 break;
1206
1207 case OP_OR:
1208 STAM_PROFILE_START(&pVM->iom.s.StatRZInstOr, k);
1209 rc = iomInterpretOrXorAnd(pVM, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateOr);
1210 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstOr, k);
1211 break;
1212
1213 case OP_XOR:
1214 STAM_PROFILE_START(&pVM->iom.s.StatRZInstXor, m);
1215 rc = iomInterpretOrXorAnd(pVM, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateXor);
1216 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstXor, m);
1217 break;
1218
1219 case OP_TEST:
1220 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1221 STAM_PROFILE_START(&pVM->iom.s.StatRZInstTest, h);
1222 rc = iomInterpretTEST(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1223 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstTest, h);
1224 break;
1225
1226 case OP_BT:
1227 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1228 STAM_PROFILE_START(&pVM->iom.s.StatRZInstBt, l);
1229 rc = iomInterpretBT(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1230 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstBt, l);
1231 break;
1232
1233 case OP_XCHG:
1234 STAM_PROFILE_START(&pVM->iom.s.StatRZInstXchg, i);
1235 rc = iomInterpretXCHG(pVM, pCtxCore, GCPhysFault, pDis, pRange);
1236 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstXchg, i);
1237 break;
1238
1239
1240 /*
1241 * The instruction isn't supported. Hand it on to ring-3.
1242 */
1243 default:
1244 STAM_COUNTER_INC(&pVM->iom.s.StatRZInstOther);
1245 rc = VINF_IOM_HC_MMIO_READ_WRITE;
1246 break;
1247 }
1248
1249 /*
1250 * On success advance EIP.
1251 */
1252 if (rc == VINF_SUCCESS)
1253 pCtxCore->rip += cbOp;
1254 else
1255 {
1256 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1257#if defined(VBOX_WITH_STATISTICS) && !defined(IN_RING3)
1258 switch (rc)
1259 {
1260 case VINF_IOM_HC_MMIO_READ:
1261 case VINF_IOM_HC_MMIO_READ_WRITE:
1262 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1263 break;
1264 case VINF_IOM_HC_MMIO_WRITE:
1265 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1266 break;
1267 }
1268#endif
1269 }
1270
1271 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1272 iomUnlock(pVM);
1273 return rc;
1274}
1275
1276/**
1277 * \#PF Handler callback for MMIO ranges.
1278 *
1279 * @returns VBox status code (appropriate for GC return).
1280 * @param pVM VM Handle.
1281 * @param uErrorCode CPU Error code.
1282 * @param pCtxCore Trap register frame.
1283 * @param pvFault The fault address (cr2).
1284 * @param GCPhysFault The GC physical address corresponding to pvFault.
1285 * @param pvUser Pointer to the MMIO ring-3 range entry.
1286 */
1287VMMDECL(int) IOMMMIOHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
1288{
1289 LogFlow(("IOMMMIOHandler: GCPhys=%RGp uErr=%#x pvFault=%RGv rip=%RGv\n",
1290 GCPhysFault, (uint32_t)uErrorCode, pvFault, (RTGCPTR)pCtxCore->rip));
1291 VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pvUser);
1292 return VBOXSTRICTRC_VAL(rcStrict);
1293}
1294
1295/**
1296 * Physical access handler for MMIO ranges.
1297 *
1298 * @returns VBox status code (appropriate for GC return).
1299 * @param pVM VM Handle.
1300 * @param uErrorCode CPU Error code.
1301 * @param pCtxCore Trap register frame.
1302 * @param GCPhysFault The GC physical address.
1303 */
1304VMMDECL(VBOXSTRICTRC) IOMMMIOPhysHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPHYS GCPhysFault)
1305{
1306 int rc2 = iomLock(pVM);
1307#ifndef IN_RING3
1308 if (rc2 == VERR_SEM_BUSY)
1309 return VINF_IOM_HC_MMIO_READ_WRITE;
1310#endif
1311 VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMMIOGetRange(&pVM->iom.s, GCPhysFault));
1312 iomUnlock(pVM);
1313 return VBOXSTRICTRC_VAL(rcStrict);
1314}
1315
1316#ifdef IN_RING3
1317/**
1318 * \#PF Handler callback for MMIO ranges.
1319 *
1320 * @returns VINF_SUCCESS if the handler have carried out the operation.
1321 * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
1322 * @param pVM VM Handle.
1323 * @param GCPhys The physical address the guest is writing to.
1324 * @param pvPhys The HC mapping of that address.
1325 * @param pvBuf What the guest is reading/writing.
1326 * @param cbBuf How much it's reading/writing.
1327 * @param enmAccessType The access type.
1328 * @param pvUser Pointer to the MMIO range entry.
1329 */
1330DECLCALLBACK(int) IOMR3MMIOHandler(PVM pVM, RTGCPHYS GCPhysFault, void *pvPhys, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser)
1331{
1332 PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
1333 STAM_COUNTER_INC(&pVM->iom.s.StatR3MMIOHandler);
1334
1335 /* Take the IOM lock before performing any MMIO. */
1336 int rc = iomLock(pVM);
1337 AssertRC(rc);
1338
1339 AssertMsg(cbBuf == 1 || cbBuf == 2 || cbBuf == 4 || cbBuf == 8, ("%zu\n", cbBuf));
1340
1341 Assert(pRange);
1342 Assert(pRange == iomMMIOGetRange(&pVM->iom.s, GCPhysFault));
1343 /** @todo implement per-device locks for MMIO access. It can replace the IOM
1344 * lock for most of the code, provided that we retake the lock while
1345 * deregistering PIOMMMIORANGE to deal with remapping/access races
1346 * (unlikely, but an SMP guest shouldn't cause us to crash). */
1347 Assert(!pRange->CTX_SUFF(pDevIns) || !pRange->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
1348
1349 if (enmAccessType == PGMACCESSTYPE_READ)
1350 rc = iomMMIODoRead(pVM, pRange, GCPhysFault, pvBuf, (unsigned)cbBuf);
1351 else
1352 rc = iomMMIODoWrite(pVM, pRange, GCPhysFault, pvBuf, (unsigned)cbBuf);
1353
1354 AssertRC(rc);
1355 iomUnlock(pVM);
1356 return rc;
1357}
1358#endif /* IN_RING3 */
1359
1360/**
1361 * Reads a MMIO register.
1362 *
1363 * @returns VBox status code.
1364 *
1365 * @param pVM VM handle.
1366 * @param GCPhys The physical address to read.
1367 * @param pu32Value Where to store the value read.
1368 * @param cbValue The size of the register to read in bytes. 1, 2 or 4 bytes.
1369 */
1370VMMDECL(VBOXSTRICTRC) IOMMMIORead(PVM pVM, RTGCPHYS GCPhys, uint32_t *pu32Value, size_t cbValue)
1371{
1372 /* Take the IOM lock before performing any MMIO. */
1373 int rc = iomLock(pVM);
1374#ifndef IN_RING3
1375 if (rc == VERR_SEM_BUSY)
1376 return VINF_IOM_HC_MMIO_WRITE;
1377#endif
1378 AssertRC(rc);
1379#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
1380 IEMNotifyMMIORead(pVM, GCPhys, cbValue);
1381#endif
1382
1383 /*
1384 * Lookup the current context range node and statistics.
1385 */
1386 PIOMMMIORANGE pRange = iomMMIOGetRange(&pVM->iom.s, GCPhys);
1387 AssertMsg(pRange, ("Handlers and page tables are out of sync or something! GCPhys=%RGp cbValue=%d\n", GCPhys, cbValue));
1388 if (!pRange)
1389 {
1390 iomUnlock(pVM);
1391 return VERR_INTERNAL_ERROR;
1392 }
1393 /** @todo implement per-device locks for MMIO access. */
1394 Assert(!pRange->CTX_SUFF(pDevIns) || !pRange->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
1395#ifdef VBOX_WITH_STATISTICS
1396 PIOMMMIOSTATS pStats = iomMMIOGetStats(&pVM->iom.s, GCPhys, pRange);
1397 if (!pStats)
1398 {
1399 iomUnlock(pVM);
1400# ifdef IN_RING3
1401 return VERR_NO_MEMORY;
1402# else
1403 return VINF_IOM_HC_MMIO_READ;
1404# endif
1405 }
1406 STAM_COUNTER_INC(&pStats->Accesses);
1407#endif /* VBOX_WITH_STATISTICS */
1408
1409 if (pRange->CTX_SUFF(pfnReadCallback))
1410 {
1411 /*
1412 * Perform the read and deal with the result.
1413 */
1414 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a);
1415 rc = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhys, pu32Value, (unsigned)cbValue);
1416 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
1417 switch (rc)
1418 {
1419 case VINF_SUCCESS:
1420 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=VINF_SUCCESS\n", GCPhys, *pu32Value, cbValue));
1421 iomUnlock(pVM);
1422 return rc;
1423#ifndef IN_RING3
1424 case VINF_IOM_HC_MMIO_READ:
1425 case VINF_IOM_HC_MMIO_READ_WRITE:
1426 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1427#endif
1428 default:
1429 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, rc));
1430 iomUnlock(pVM);
1431 return rc;
1432
1433 case VINF_IOM_MMIO_UNUSED_00:
1434 switch (cbValue)
1435 {
1436 case 1: *(uint8_t *)pu32Value = UINT8_C(0x00); break;
1437 case 2: *(uint16_t *)pu32Value = UINT16_C(0x0000); break;
1438 case 4: *(uint32_t *)pu32Value = UINT32_C(0x00000000); break;
1439 case 8: *(uint64_t *)pu32Value = UINT64_C(0x0000000000000000); break;
1440 default: AssertReleaseMsgFailed(("cbValue=%d GCPhys=%RGp\n", cbValue, GCPhys)); break;
1441 }
1442 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, rc));
1443 iomUnlock(pVM);
1444 return VINF_SUCCESS;
1445
1446 case VINF_IOM_MMIO_UNUSED_FF:
1447 switch (cbValue)
1448 {
1449 case 1: *(uint8_t *)pu32Value = UINT8_C(0xff); break;
1450 case 2: *(uint16_t *)pu32Value = UINT16_C(0xffff); break;
1451 case 4: *(uint32_t *)pu32Value = UINT32_C(0xffffffff); break;
1452 case 8: *(uint64_t *)pu32Value = UINT64_C(0xffffffffffffffff); break;
1453 default: AssertReleaseMsgFailed(("cbValue=%d GCPhys=%RGp\n", cbValue, GCPhys)); break;
1454 }
1455 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, rc));
1456 iomUnlock(pVM);
1457 return VINF_SUCCESS;
1458 }
1459 }
1460#ifndef IN_RING3
1461 if (pRange->pfnReadCallbackR3)
1462 {
1463 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1464 iomUnlock(pVM);
1465 return VINF_IOM_HC_MMIO_READ;
1466 }
1467#endif
1468
1469 /*
1470 * Lookup the ring-3 range.
1471 */
1472 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a); /** @todo STAM_PROFILE_ADD_ZERO_PERIOD */
1473 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
1474 /* Unassigned memory; this is actually not supposed to happen. */
1475 switch (cbValue)
1476 {
1477 case 1: *(uint8_t *)pu32Value = UINT8_C(0xff); break;
1478 case 2: *(uint16_t *)pu32Value = UINT16_C(0xffff); break;
1479 case 4: *(uint32_t *)pu32Value = UINT32_C(0xffffffff); break;
1480 case 8: *(uint64_t *)pu32Value = UINT64_C(0xffffffffffffffff); break;
1481 default: AssertReleaseMsgFailed(("cbValue=%d GCPhys=%RGp\n", cbValue, GCPhys)); break;
1482 }
1483 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=VINF_SUCCESS\n", GCPhys, *pu32Value, cbValue));
1484 iomUnlock(pVM);
1485 return VINF_SUCCESS;
1486}
1487
1488
1489/**
1490 * Writes to a MMIO register.
1491 *
1492 * @returns VBox status code.
1493 *
1494 * @param pVM VM handle.
1495 * @param GCPhys The physical address to write to.
1496 * @param u32Value The value to write.
1497 * @param cbValue The size of the register to read in bytes. 1, 2 or 4 bytes.
1498 */
1499VMMDECL(VBOXSTRICTRC) IOMMMIOWrite(PVM pVM, RTGCPHYS GCPhys, uint32_t u32Value, size_t cbValue)
1500{
1501 /* Take the IOM lock before performing any MMIO. */
1502 int rc = iomLock(pVM);
1503#ifndef IN_RING3
1504 if (rc == VERR_SEM_BUSY)
1505 return VINF_IOM_HC_MMIO_WRITE;
1506#endif
1507 AssertRC(rc);
1508#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
1509 IEMNotifyMMIOWrite(pVM, GCPhys, u32Value, cbValue);
1510#endif
1511
1512 /*
1513 * Lookup the current context range node.
1514 */
1515 PIOMMMIORANGE pRange = iomMMIOGetRange(&pVM->iom.s, GCPhys);
1516 AssertMsg(pRange, ("Handlers and page tables are out of sync or something! GCPhys=%RGp cbValue=%d\n", GCPhys, cbValue));
1517 if (!pRange)
1518 {
1519 iomUnlock(pVM);
1520 return VERR_INTERNAL_ERROR;
1521 }
1522 /** @todo implement per-device locks for MMIO access. */
1523 Assert(!pRange->CTX_SUFF(pDevIns) || !pRange->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
1524#ifdef VBOX_WITH_STATISTICS
1525 PIOMMMIOSTATS pStats = iomMMIOGetStats(&pVM->iom.s, GCPhys, pRange);
1526 if (!pStats)
1527 {
1528 iomUnlock(pVM);
1529# ifdef IN_RING3
1530 return VERR_NO_MEMORY;
1531# else
1532 return VINF_IOM_HC_MMIO_WRITE;
1533# endif
1534 }
1535 STAM_COUNTER_INC(&pStats->Accesses);
1536#endif /* VBOX_WITH_STATISTICS */
1537
1538 /*
1539 * Perform the write if there's a write handler. R0/GC may have
1540 * to defer it to ring-3.
1541 */
1542 if (pRange->CTX_SUFF(pfnWriteCallback))
1543 {
1544 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
1545 rc = pRange->CTX_SUFF(pfnWriteCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhys, &u32Value, (unsigned)cbValue);
1546 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
1547#ifndef IN_RING3
1548 if ( rc == VINF_IOM_HC_MMIO_WRITE
1549 || rc == VINF_IOM_HC_MMIO_READ_WRITE)
1550 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1551#endif
1552 Log4(("IOMMMIOWrite: GCPhys=%RGp u32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, u32Value, cbValue, rc));
1553 iomUnlock(pVM);
1554 return rc;
1555 }
1556#ifndef IN_RING3
1557 if (pRange->pfnWriteCallbackR3)
1558 {
1559 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1560 iomUnlock(pVM);
1561 return VINF_IOM_HC_MMIO_WRITE;
1562 }
1563#endif
1564
1565 /*
1566 * No write handler, nothing to do.
1567 */
1568 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
1569 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
1570 Log4(("IOMMMIOWrite: GCPhys=%RGp u32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, u32Value, cbValue, VINF_SUCCESS));
1571 iomUnlock(pVM);
1572 return VINF_SUCCESS;
1573}
1574
1575/**
1576 * [REP*] INSB/INSW/INSD
1577 * ES:EDI,DX[,ECX]
1578 *
1579 * @remark Assumes caller checked the access privileges (IOMInterpretCheckPortIOAccess)
1580 *
1581 * @returns Strict VBox status code. Informational status codes other than the one documented
1582 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
1583 * @retval VINF_SUCCESS Success.
1584 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
1585 * status code must be passed on to EM.
1586 * @retval VINF_IOM_HC_IOPORT_READ Defer the read to ring-3. (R0/GC only)
1587 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the read to the REM.
1588 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
1589 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
1590 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
1591 *
1592 * @param pVM The virtual machine.
1593 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
1594 * @param uPort IO Port
1595 * @param uPrefix IO instruction prefix
1596 * @param cbTransfer Size of transfer unit
1597 */
1598VMMDECL(VBOXSTRICTRC) IOMInterpretINSEx(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t uPort, uint32_t uPrefix, uint32_t cbTransfer)
1599{
1600 STAM_COUNTER_INC(&pVM->iom.s.StatInstIns);
1601
1602 /*
1603 * We do not support REPNE or decrementing destination
1604 * pointer. Segment prefixes are deliberately ignored, as per the instruction specification.
1605 */
1606 if ( (uPrefix & PREFIX_REPNE)
1607 || pRegFrame->eflags.Bits.u1DF)
1608 return VINF_EM_RAW_EMULATE_INSTR;
1609
1610 PVMCPU pVCpu = VMMGetCpu(pVM);
1611
1612 /*
1613 * Get bytes/words/dwords count to transfer.
1614 */
1615 RTGCUINTREG cTransfers = 1;
1616 if (uPrefix & PREFIX_REP)
1617 {
1618#ifndef IN_RC
1619 if ( CPUMIsGuestIn64BitCode(pVCpu, pRegFrame)
1620 && pRegFrame->rcx >= _4G)
1621 return VINF_EM_RAW_EMULATE_INSTR;
1622#endif
1623 cTransfers = pRegFrame->ecx;
1624
1625 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) == CPUMODE_16BIT)
1626 cTransfers &= 0xffff;
1627
1628 if (!cTransfers)
1629 return VINF_SUCCESS;
1630 }
1631
1632 /* Convert destination address es:edi. */
1633 RTGCPTR GCPtrDst;
1634 int rc2 = SELMToFlatEx(pVM, DIS_SELREG_ES, pRegFrame, (RTGCPTR)pRegFrame->rdi,
1635 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
1636 &GCPtrDst);
1637 if (RT_FAILURE(rc2))
1638 {
1639 Log(("INS destination address conversion failed -> fallback, rc2=%d\n", rc2));
1640 return VINF_EM_RAW_EMULATE_INSTR;
1641 }
1642
1643 /* Access verification first; we can't recover from traps inside this instruction, as the port read cannot be repeated. */
1644 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
1645
1646 rc2 = PGMVerifyAccess(pVCpu, (RTGCUINTPTR)GCPtrDst, cTransfers * cbTransfer,
1647 X86_PTE_RW | ((cpl == 3) ? X86_PTE_US : 0));
1648 if (rc2 != VINF_SUCCESS)
1649 {
1650 Log(("INS will generate a trap -> fallback, rc2=%d\n", rc2));
1651 return VINF_EM_RAW_EMULATE_INSTR;
1652 }
1653
1654 Log(("IOM: rep ins%d port %#x count %d\n", cbTransfer * 8, uPort, cTransfers));
1655 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
1656 if (cTransfers > 1)
1657 {
1658 /* If the device supports string transfers, ask it to do as
1659 * much as it wants. The rest is done with single-word transfers. */
1660 const RTGCUINTREG cTransfersOrg = cTransfers;
1661 rcStrict = IOMIOPortReadString(pVM, uPort, &GCPtrDst, &cTransfers, cbTransfer);
1662 AssertRC(VBOXSTRICTRC_VAL(rcStrict)); Assert(cTransfers <= cTransfersOrg);
1663 pRegFrame->rdi += (cTransfersOrg - cTransfers) * cbTransfer;
1664 }
1665
1666#ifdef IN_RC
1667 MMGCRamRegisterTrapHandler(pVM);
1668#endif
1669 while (cTransfers && rcStrict == VINF_SUCCESS)
1670 {
1671 uint32_t u32Value;
1672 rcStrict = IOMIOPortRead(pVM, uPort, &u32Value, cbTransfer);
1673 if (!IOM_SUCCESS(rcStrict))
1674 break;
1675 rc2 = iomRamWrite(pVCpu, pRegFrame, GCPtrDst, &u32Value, cbTransfer);
1676 Assert(rc2 == VINF_SUCCESS); NOREF(rc2);
1677 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + cbTransfer);
1678 pRegFrame->rdi += cbTransfer;
1679 cTransfers--;
1680 }
1681#ifdef IN_RC
1682 MMGCRamDeregisterTrapHandler(pVM);
1683#endif
1684
1685 /* Update ecx on exit. */
1686 if (uPrefix & PREFIX_REP)
1687 pRegFrame->ecx = cTransfers;
1688
1689 AssertMsg(rcStrict == VINF_SUCCESS || rcStrict == VINF_IOM_HC_IOPORT_READ || (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST) || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
1690 return rcStrict;
1691}
1692
1693
1694/**
1695 * [REP*] INSB/INSW/INSD
1696 * ES:EDI,DX[,ECX]
1697 *
1698 * @returns Strict VBox status code. Informational status codes other than the one documented
1699 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
1700 * @retval VINF_SUCCESS Success.
1701 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
1702 * status code must be passed on to EM.
1703 * @retval VINF_IOM_HC_IOPORT_READ Defer the read to ring-3. (R0/GC only)
1704 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the read to the REM.
1705 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
1706 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
1707 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
1708 *
1709 * @param pVM The virtual machine.
1710 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
1711 * @param pCpu Disassembler CPU state.
1712 */
1713VMMDECL(VBOXSTRICTRC) IOMInterpretINS(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu)
1714{
1715 /*
1716 * Get port number directly from the register (no need to bother the
1717 * disassembler). And get the I/O register size from the opcode / prefix.
1718 */
1719 RTIOPORT Port = pRegFrame->edx & 0xffff;
1720 unsigned cb = 0;
1721 if (pCpu->pCurInstr->opcode == OP_INSB)
1722 cb = 1;
1723 else
1724 cb = (pCpu->opmode == CPUMODE_16BIT) ? 2 : 4; /* dword in both 32 & 64 bits mode */
1725
1726 VBOXSTRICTRC rcStrict = IOMInterpretCheckPortIOAccess(pVM, pRegFrame, Port, cb);
1727 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
1728 {
1729 AssertMsg(rcStrict == VINF_EM_RAW_GUEST_TRAP || rcStrict == VINF_TRPM_XCPT_DISPATCHED || rcStrict == VINF_TRPM_XCPT_DISPATCHED || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
1730 return rcStrict;
1731 }
1732
1733 return IOMInterpretINSEx(pVM, pRegFrame, Port, pCpu->prefix, cb);
1734}
1735
1736
1737/**
1738 * [REP*] OUTSB/OUTSW/OUTSD
1739 * DS:ESI,DX[,ECX]
1740 *
1741 * @remark Assumes caller checked the access privileges (IOMInterpretCheckPortIOAccess)
1742 *
1743 * @returns Strict VBox status code. Informational status codes other than the one documented
1744 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
1745 * @retval VINF_SUCCESS Success.
1746 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
1747 * status code must be passed on to EM.
1748 * @retval VINF_IOM_HC_IOPORT_WRITE Defer the write to ring-3. (R0/GC only)
1749 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
1750 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
1751 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
1752 *
1753 * @param pVM The virtual machine.
1754 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
1755 * @param uPort IO Port
1756 * @param uPrefix IO instruction prefix
1757 * @param cbTransfer Size of transfer unit
1758 */
1759VMMDECL(VBOXSTRICTRC) IOMInterpretOUTSEx(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t uPort, uint32_t uPrefix, uint32_t cbTransfer)
1760{
1761 STAM_COUNTER_INC(&pVM->iom.s.StatInstOuts);
1762
1763 /*
1764 * We do not support segment prefixes, REPNE or
1765 * decrementing source pointer.
1766 */
1767 if ( (uPrefix & (PREFIX_SEG | PREFIX_REPNE))
1768 || pRegFrame->eflags.Bits.u1DF)
1769 return VINF_EM_RAW_EMULATE_INSTR;
1770
1771 PVMCPU pVCpu = VMMGetCpu(pVM);
1772
1773 /*
1774 * Get bytes/words/dwords count to transfer.
1775 */
1776 RTGCUINTREG cTransfers = 1;
1777 if (uPrefix & PREFIX_REP)
1778 {
1779#ifndef IN_RC
1780 if ( CPUMIsGuestIn64BitCode(pVCpu, pRegFrame)
1781 && pRegFrame->rcx >= _4G)
1782 return VINF_EM_RAW_EMULATE_INSTR;
1783#endif
1784 cTransfers = pRegFrame->ecx;
1785 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) == CPUMODE_16BIT)
1786 cTransfers &= 0xffff;
1787
1788 if (!cTransfers)
1789 return VINF_SUCCESS;
1790 }
1791
1792 /* Convert source address ds:esi. */
1793 RTGCPTR GCPtrSrc;
1794 int rc2 = SELMToFlatEx(pVM, DIS_SELREG_DS, pRegFrame, (RTGCPTR)pRegFrame->rsi,
1795 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
1796 &GCPtrSrc);
1797 if (RT_FAILURE(rc2))
1798 {
1799 Log(("OUTS source address conversion failed -> fallback, rc2=%Rrc\n", rc2));
1800 return VINF_EM_RAW_EMULATE_INSTR;
1801 }
1802
1803 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1804 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
1805 rc2 = PGMVerifyAccess(pVCpu, (RTGCUINTPTR)GCPtrSrc, cTransfers * cbTransfer,
1806 (cpl == 3) ? X86_PTE_US : 0);
1807 if (rc2 != VINF_SUCCESS)
1808 {
1809 Log(("OUTS will generate a trap -> fallback, rc2=%Rrc\n", rc2));
1810 return VINF_EM_RAW_EMULATE_INSTR;
1811 }
1812
1813 Log(("IOM: rep outs%d port %#x count %d\n", cbTransfer * 8, uPort, cTransfers));
1814 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
1815 if (cTransfers > 1)
1816 {
1817 /*
1818 * If the device supports string transfers, ask it to do as
1819 * much as it wants. The rest is done with single-word transfers.
1820 */
1821 const RTGCUINTREG cTransfersOrg = cTransfers;
1822 rcStrict = IOMIOPortWriteString(pVM, uPort, &GCPtrSrc, &cTransfers, cbTransfer);
1823 AssertRC(VBOXSTRICTRC_VAL(rcStrict)); Assert(cTransfers <= cTransfersOrg);
1824 pRegFrame->rsi += (cTransfersOrg - cTransfers) * cbTransfer;
1825 }
1826
1827#ifdef IN_RC
1828 MMGCRamRegisterTrapHandler(pVM);
1829#endif
1830
1831 while (cTransfers && rcStrict == VINF_SUCCESS)
1832 {
1833 uint32_t u32Value = 0;
1834 rcStrict = iomRamRead(pVCpu, &u32Value, GCPtrSrc, cbTransfer);
1835 if (rcStrict != VINF_SUCCESS)
1836 break;
1837 rcStrict = IOMIOPortWrite(pVM, uPort, u32Value, cbTransfer);
1838 if (!IOM_SUCCESS(rcStrict))
1839 break;
1840 GCPtrSrc = (RTGCPTR)((RTUINTPTR)GCPtrSrc + cbTransfer);
1841 pRegFrame->rsi += cbTransfer;
1842 cTransfers--;
1843 }
1844
1845#ifdef IN_RC
1846 MMGCRamDeregisterTrapHandler(pVM);
1847#endif
1848
1849 /* Update ecx on exit. */
1850 if (uPrefix & PREFIX_REP)
1851 pRegFrame->ecx = cTransfers;
1852
1853 AssertMsg(rcStrict == VINF_SUCCESS || rcStrict == VINF_IOM_HC_IOPORT_WRITE || (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST) || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
1854 return rcStrict;
1855}
1856
1857
1858/**
1859 * [REP*] OUTSB/OUTSW/OUTSD
1860 * DS:ESI,DX[,ECX]
1861 *
1862 * @returns Strict VBox status code. Informational status codes other than the one documented
1863 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
1864 * @retval VINF_SUCCESS Success.
1865 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
1866 * status code must be passed on to EM.
1867 * @retval VINF_IOM_HC_IOPORT_WRITE Defer the write to ring-3. (R0/GC only)
1868 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the write to the REM.
1869 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
1870 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
1871 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
1872 *
1873 * @param pVM The virtual machine.
1874 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
1875 * @param pCpu Disassembler CPU state.
1876 */
1877VMMDECL(VBOXSTRICTRC) IOMInterpretOUTS(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu)
1878{
1879 /*
1880 * Get port number from the first parameter.
1881 * And get the I/O register size from the opcode / prefix.
1882 */
1883 uint64_t Port = 0;
1884 unsigned cb = 0;
1885 bool fRc = iomGetRegImmData(pCpu, &pCpu->param1, pRegFrame, &Port, &cb);
1886 AssertMsg(fRc, ("Failed to get reg/imm port number!\n")); NOREF(fRc);
1887 if (pCpu->pCurInstr->opcode == OP_OUTSB)
1888 cb = 1;
1889 else
1890 cb = (pCpu->opmode == CPUMODE_16BIT) ? 2 : 4; /* dword in both 32 & 64 bits mode */
1891
1892 VBOXSTRICTRC rcStrict = IOMInterpretCheckPortIOAccess(pVM, pRegFrame, Port, cb);
1893 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
1894 {
1895 AssertMsg(rcStrict == VINF_EM_RAW_GUEST_TRAP || rcStrict == VINF_TRPM_XCPT_DISPATCHED || rcStrict == VINF_TRPM_XCPT_DISPATCHED || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
1896 return rcStrict;
1897 }
1898
1899 return IOMInterpretOUTSEx(pVM, pRegFrame, Port, pCpu->prefix, cb);
1900}
1901
1902
1903#ifndef IN_RC
1904/**
1905 * Mapping an MMIO2 page in place of an MMIO page for direct access.
1906 *
1907 * (This is a special optimization used by the VGA device.)
1908 *
1909 * @returns VBox status code.
1910 *
1911 * @param pVM The virtual machine.
1912 * @param GCPhys The address of the MMIO page to be changed.
1913 * @param GCPhysRemapped The address of the MMIO2 page.
1914 * @param fPageFlags Page flags to set. Must be (X86_PTE_RW | X86_PTE_P)
1915 * for the time being.
1916 */
1917VMMDECL(int) IOMMMIOMapMMIO2Page(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS GCPhysRemapped, uint64_t fPageFlags)
1918{
1919 /* Currently only called from the VGA device during MMIO. */
1920 Assert(IOMIsLockOwner(pVM));
1921 Log(("IOMMMIOMapMMIO2Page %RGp -> %RGp flags=%RX64\n", GCPhys, GCPhysRemapped, fPageFlags));
1922
1923 AssertReturn(fPageFlags == (X86_PTE_RW | X86_PTE_P), VERR_INVALID_PARAMETER);
1924
1925 PVMCPU pVCpu = VMMGetCpu(pVM);
1926
1927 /* This currently only works in real mode, protected mode without paging or with nested paging. */
1928 if ( !HWACCMIsEnabled(pVM) /* useless without VT-x/AMD-V */
1929 || ( CPUMIsGuestInPagedProtectedMode(pVCpu)
1930 && !HWACCMIsNestedPagingActive(pVM)))
1931 return VINF_SUCCESS; /* ignore */
1932
1933 /*
1934 * Lookup the context range node the page belongs to.
1935 */
1936 PIOMMMIORANGE pRange = iomMMIOGetRange(&pVM->iom.s, GCPhys);
1937 AssertMsgReturn(pRange,
1938 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
1939
1940 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
1941 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
1942
1943 /*
1944 * Do the aliasing; page align the addresses since PGM is picky.
1945 */
1946 GCPhys &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
1947 GCPhysRemapped &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
1948
1949 int rc = PGMHandlerPhysicalPageAlias(pVM, pRange->GCPhys, GCPhys, GCPhysRemapped);
1950 AssertRCReturn(rc, rc);
1951
1952 /*
1953 * Modify the shadow page table. Since it's an MMIO page it won't be present and we
1954 * can simply prefetch it.
1955 *
1956 * Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
1957 */
1958#if 0 /* The assertion is wrong for the PGM_SYNC_CLEAR_PGM_POOL and VINF_PGM_HANDLER_ALREADY_ALIASED cases. */
1959# ifdef VBOX_STRICT
1960 uint64_t fFlags;
1961 RTHCPHYS HCPhys;
1962 rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
1963 Assert(rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
1964# endif
1965#endif
1966 rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
1967 Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
1968 return VINF_SUCCESS;
1969}
1970
1971/**
1972 * Mapping a HC page in place of an MMIO page for direct access.
1973 *
1974 * (This is a special optimization used by the APIC in the VT-x case.)
1975 *
1976 * @returns VBox status code.
1977 *
1978 * @param pVM The virtual machine.
1979 * @param GCPhys The address of the MMIO page to be changed.
1980 * @param HCPhys The address of the host physical page.
1981 * @param fPageFlags Page flags to set. Must be (X86_PTE_RW | X86_PTE_P)
1982 * for the time being.
1983 */
1984VMMDECL(int) IOMMMIOMapMMIOHCPage(PVM pVM, RTGCPHYS GCPhys, RTHCPHYS HCPhys, uint64_t fPageFlags)
1985{
1986 /* Currently only called from VT-x code during a page fault. */
1987 Log(("IOMMMIOMapMMIOHCPage %RGp -> %RGp flags=%RX64\n", GCPhys, HCPhys, fPageFlags));
1988
1989 AssertReturn(fPageFlags == (X86_PTE_RW | X86_PTE_P), VERR_INVALID_PARAMETER);
1990 Assert(HWACCMIsEnabled(pVM));
1991
1992 PVMCPU pVCpu = VMMGetCpu(pVM);
1993
1994 /*
1995 * Lookup the context range node the page belongs to.
1996 */
1997#ifdef VBOX_STRICT
1998 /* Can't lock IOM here due to potential deadlocks in the VGA device; not safe to access. */
1999 PIOMMMIORANGE pRange = iomMMIOGetRangeUnsafe(&pVM->iom.s, GCPhys);
2000 AssertMsgReturn(pRange,
2001 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
2002 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
2003 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
2004#endif
2005
2006 /*
2007 * Do the aliasing; page align the addresses since PGM is picky.
2008 */
2009 GCPhys &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
2010 HCPhys &= ~(RTHCPHYS)PAGE_OFFSET_MASK;
2011
2012 int rc = PGMHandlerPhysicalPageAliasHC(pVM, GCPhys, GCPhys, HCPhys);
2013 AssertRCReturn(rc, rc);
2014
2015 /*
2016 * Modify the shadow page table. Since it's an MMIO page it won't be present and we
2017 * can simply prefetch it.
2018 *
2019 * Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
2020 */
2021 rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
2022 Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2023 return VINF_SUCCESS;
2024}
2025
2026/**
2027 * Reset a previously modified MMIO region; restore the access flags.
2028 *
2029 * @returns VBox status code.
2030 *
2031 * @param pVM The virtual machine.
2032 * @param GCPhys Physical address that's part of the MMIO region to be reset.
2033 */
2034VMMDECL(int) IOMMMIOResetRegion(PVM pVM, RTGCPHYS GCPhys)
2035{
2036 Log(("IOMMMIOResetRegion %RGp\n", GCPhys));
2037
2038 PVMCPU pVCpu = VMMGetCpu(pVM);
2039
2040 /* This currently only works in real mode, protected mode without paging or with nested paging. */
2041 if ( !HWACCMIsEnabled(pVM) /* useless without VT-x/AMD-V */
2042 || ( CPUMIsGuestInPagedProtectedMode(pVCpu)
2043 && !HWACCMIsNestedPagingActive(pVM)))
2044 return VINF_SUCCESS; /* ignore */
2045
2046 /*
2047 * Lookup the context range node the page belongs to.
2048 */
2049#ifdef VBOX_STRICT
2050 /* Can't lock IOM here due to potential deadlocks in the VGA device; not safe to access. */
2051 PIOMMMIORANGE pRange = iomMMIOGetRangeUnsafe(&pVM->iom.s, GCPhys);
2052 AssertMsgReturn(pRange,
2053 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
2054 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
2055 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
2056#endif
2057
2058 /*
2059 * Call PGM to do the job work.
2060 *
2061 * After the call, all the pages should be non-present... unless there is
2062 * a page pool flush pending (unlikely).
2063 */
2064 int rc = PGMHandlerPhysicalReset(pVM, GCPhys);
2065 AssertRC(rc);
2066
2067#ifdef VBOX_STRICT
2068 if (!VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3))
2069 {
2070 uint32_t cb = pRange->cb;
2071 GCPhys = pRange->GCPhys;
2072 while (cb)
2073 {
2074 uint64_t fFlags;
2075 RTHCPHYS HCPhys;
2076 rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
2077 Assert(rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2078 cb -= PAGE_SIZE;
2079 GCPhys += PAGE_SIZE;
2080 }
2081 }
2082#endif
2083 return rc;
2084}
2085#endif /* !IN_RC */
2086
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette