VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp@ 47681

Last change on this file since 47681 was 47543, checked in by vboxsync, 11 years ago

inverted test on VBOX_WITH_FIRST_IEM_STEP.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 91.9 KB
Line 
1/* $Id: IOMAllMMIO.cpp 47543 2013-08-05 11:32:00Z vboxsync $ */
2/** @file
3 * IOM - Input / Output Monitor - Any Context, MMIO & String I/O.
4 */
5
6/*
7 * Copyright (C) 2006-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#define LOG_GROUP LOG_GROUP_IOM
23#include <VBox/vmm/iom.h>
24#include <VBox/vmm/cpum.h>
25#include <VBox/vmm/pgm.h>
26#include <VBox/vmm/selm.h>
27#include <VBox/vmm/mm.h>
28#include <VBox/vmm/em.h>
29#include <VBox/vmm/pgm.h>
30#include <VBox/vmm/trpm.h>
31#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
32# include <VBox/vmm/iem.h>
33#endif
34#include "IOMInternal.h"
35#include <VBox/vmm/vm.h>
36#include <VBox/vmm/vmm.h>
37#include <VBox/vmm/hm.h>
38#include "IOMInline.h"
39
40#include <VBox/dis.h>
41#include <VBox/disopcode.h>
42#include <VBox/vmm/pdmdev.h>
43#include <VBox/param.h>
44#include <VBox/err.h>
45#include <iprt/assert.h>
46#include <VBox/log.h>
47#include <iprt/asm.h>
48#include <iprt/string.h>
49
50
51/*******************************************************************************
52* Global Variables *
53*******************************************************************************/
54
55/**
56 * Array for fast recode of the operand size (1/2/4/8 bytes) to bit shift value.
57 */
58static const unsigned g_aSize2Shift[] =
59{
60 ~0U, /* 0 - invalid */
61 0, /* *1 == 2^0 */
62 1, /* *2 == 2^1 */
63 ~0U, /* 3 - invalid */
64 2, /* *4 == 2^2 */
65 ~0U, /* 5 - invalid */
66 ~0U, /* 6 - invalid */
67 ~0U, /* 7 - invalid */
68 3 /* *8 == 2^3 */
69};
70
71/**
72 * Macro for fast recode of the operand size (1/2/4/8 bytes) to bit shift value.
73 */
74#define SIZE_2_SHIFT(cb) (g_aSize2Shift[cb])
75
76
77/**
78 * Deals with complicated MMIO writes.
79 *
80 * Complicated means unaligned or non-dword/qword sized accesses depending on
81 * the MMIO region's access mode flags.
82 *
83 * @returns Strict VBox status code. Any EM scheduling status code,
84 * VINF_IOM_R3_MMIO_WRITE, VINF_IOM_R3_MMIO_READ_WRITE or
85 * VINF_IOM_R3_MMIO_READ may be returned.
86 *
87 * @param pVM Pointer to the VM.
88 * @param pRange The range to write to.
89 * @param GCPhys The physical address to start writing.
90 * @param pvValue Where to store the value.
91 * @param cbValue The size of the value to write.
92 */
93static VBOXSTRICTRC iomMMIODoComplicatedWrite(PVM pVM, PIOMMMIORANGE pRange, RTGCPHYS GCPhys, void const *pvValue, unsigned cbValue)
94{
95 AssertReturn( (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) != IOMMMIO_FLAGS_WRITE_PASSTHRU
96 || (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) <= IOMMMIO_FLAGS_WRITE_DWORD_QWORD_READ_MISSING,
97 VERR_IOM_MMIO_IPE_1);
98 AssertReturn(cbValue != 0 && cbValue <= 16, VERR_IOM_MMIO_IPE_2);
99 RTGCPHYS const GCPhysStart = GCPhys; NOREF(GCPhysStart);
100 bool const fReadMissing = (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_DWORD_READ_MISSING
101 || (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_DWORD_QWORD_READ_MISSING;
102
103 /*
104 * Do debug stop if requested.
105 */
106 int rc = VINF_SUCCESS; NOREF(pVM);
107#ifdef VBOX_STRICT
108 if (pRange->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE)
109 {
110# ifdef IN_RING3
111 rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
112 "Complicated write %#x byte at %RGp to %s\n", cbValue, GCPhys, R3STRING(pRange->pszDesc));
113 if (rc == VERR_DBGF_NOT_ATTACHED)
114 rc = VINF_SUCCESS;
115# else
116 return VINF_IOM_R3_MMIO_WRITE;
117# endif
118 }
119#endif
120
121 /*
122 * Check if we should ignore the write.
123 */
124 if ((pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_ONLY_DWORD)
125 {
126 Assert(cbValue != 4 || (GCPhys & 3));
127 return VINF_SUCCESS;
128 }
129 if ((pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_ONLY_DWORD_QWORD)
130 {
131 Assert((cbValue != 4 && cbValue != 8) || (GCPhys & (cbValue - 1)));
132 return VINF_SUCCESS;
133 }
134
135 /*
136 * Split and conquer.
137 */
138 for (;;)
139 {
140 unsigned const offAccess = GCPhys & 3;
141 unsigned cbThisPart = 4 - offAccess;
142 if (cbThisPart > cbValue)
143 cbThisPart = cbValue;
144
145 /*
146 * Get the missing bits (if any).
147 */
148 uint32_t u32MissingValue = 0;
149 if (fReadMissing && cbThisPart != 4)
150 {
151 int rc2 = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
152 GCPhys & ~(RTGCPHYS)3, &u32MissingValue, sizeof(u32MissingValue));
153 switch (rc2)
154 {
155 case VINF_SUCCESS:
156 break;
157 case VINF_IOM_MMIO_UNUSED_FF:
158 u32MissingValue = UINT32_C(0xffffffff);
159 break;
160 case VINF_IOM_MMIO_UNUSED_00:
161 u32MissingValue = 0;
162 break;
163 case VINF_IOM_R3_MMIO_READ:
164 case VINF_IOM_R3_MMIO_READ_WRITE:
165 case VINF_IOM_R3_MMIO_WRITE:
166 /** @todo What if we've split a transfer and already read
167 * something? Since writes generally have sideeffects we
168 * could be kind of screwed here...
169 *
170 * Fix: Save the current state and resume it in ring-3. Requires EM to not go
171 * to REM for MMIO accesses (like may currently do). */
172
173 LogFlow(("iomMMIODoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [read]\n", GCPhys, GCPhysStart, cbValue, rc2));
174 return rc2;
175 default:
176 if (RT_FAILURE(rc2))
177 {
178 Log(("iomMMIODoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [read]\n", GCPhys, GCPhysStart, cbValue, rc2));
179 return rc2;
180 }
181 AssertMsgReturn(rc2 >= VINF_EM_FIRST && rc2 <= VINF_EM_LAST, ("%Rrc\n", rc2), VERR_IPE_UNEXPECTED_INFO_STATUS);
182 if (rc == VINF_SUCCESS || rc2 < rc)
183 rc = rc2;
184 break;
185 }
186 }
187
188 /*
189 * Merge missing and given bits.
190 */
191 uint32_t u32GivenMask;
192 uint32_t u32GivenValue;
193 switch (cbThisPart)
194 {
195 case 1:
196 u32GivenValue = *(uint8_t const *)pvValue;
197 u32GivenMask = UINT32_C(0x000000ff);
198 break;
199 case 2:
200 u32GivenValue = *(uint16_t const *)pvValue;
201 u32GivenMask = UINT32_C(0x0000ffff);
202 break;
203 case 3:
204 u32GivenValue = RT_MAKE_U32_FROM_U8(((uint8_t const *)pvValue)[0], ((uint8_t const *)pvValue)[1],
205 ((uint8_t const *)pvValue)[2], 0);
206 u32GivenMask = UINT32_C(0x00ffffff);
207 break;
208 case 4:
209 u32GivenValue = *(uint32_t const *)pvValue;
210 u32GivenMask = UINT32_C(0xffffffff);
211 break;
212 default:
213 AssertFailedReturn(VERR_IOM_MMIO_IPE_3);
214 }
215 if (offAccess)
216 {
217 u32GivenValue <<= offAccess * 8;
218 u32GivenMask <<= offAccess * 8;
219 }
220
221 uint32_t u32Value = (u32MissingValue & ~u32GivenMask)
222 | (u32GivenValue & u32GivenMask);
223
224 /*
225 * Do DWORD write to the device.
226 */
227 int rc2 = pRange->CTX_SUFF(pfnWriteCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
228 GCPhys & ~(RTGCPHYS)3, &u32Value, sizeof(u32Value));
229 switch (rc2)
230 {
231 case VINF_SUCCESS:
232 break;
233 case VINF_IOM_R3_MMIO_READ:
234 case VINF_IOM_R3_MMIO_READ_WRITE:
235 case VINF_IOM_R3_MMIO_WRITE:
236 /** @todo What if we've split a transfer and already read
237 * something? Since reads can have sideeffects we could be
238 * kind of screwed here...
239 *
240 * Fix: Save the current state and resume it in ring-3. Requires EM to not go
241 * to REM for MMIO accesses (like may currently do). */
242 LogFlow(("iomMMIODoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [write]\n", GCPhys, GCPhysStart, cbValue, rc2));
243 return rc2;
244 default:
245 if (RT_FAILURE(rc2))
246 {
247 Log(("iomMMIODoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [write]\n", GCPhys, GCPhysStart, cbValue, rc2));
248 return rc2;
249 }
250 AssertMsgReturn(rc2 >= VINF_EM_FIRST && rc2 <= VINF_EM_LAST, ("%Rrc\n", rc2), VERR_IPE_UNEXPECTED_INFO_STATUS);
251 if (rc == VINF_SUCCESS || rc2 < rc)
252 rc = rc2;
253 break;
254 }
255
256 /*
257 * Advance.
258 */
259 cbValue -= cbThisPart;
260 if (!cbValue)
261 break;
262 GCPhys += cbThisPart;
263 pvValue = (uint8_t const *)pvValue + cbThisPart;
264 }
265
266 return rc;
267}
268
269
270
271
272/**
273 * Wrapper which does the write and updates range statistics when such are enabled.
274 * @warning RT_SUCCESS(rc=VINF_IOM_R3_MMIO_WRITE) is TRUE!
275 */
276static int iomMMIODoWrite(PVM pVM, PVMCPU pVCpu, PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault, const void *pvData, unsigned cb)
277{
278#ifdef VBOX_WITH_STATISTICS
279 int rcSem = IOM_LOCK_SHARED(pVM);
280 if (rcSem == VERR_SEM_BUSY)
281 return VINF_IOM_R3_MMIO_WRITE;
282 PIOMMMIOSTATS pStats = iomMmioGetStats(pVM, pVCpu, GCPhysFault, pRange);
283 if (!pStats)
284# ifdef IN_RING3
285 return VERR_NO_MEMORY;
286# else
287 return VINF_IOM_R3_MMIO_WRITE;
288# endif
289 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
290#endif
291
292 VBOXSTRICTRC rc;
293 if (RT_LIKELY(pRange->CTX_SUFF(pfnWriteCallback)))
294 {
295 if ( (cb == 4 && !(GCPhysFault & 3))
296 || (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_PASSTHRU
297 || (cb == 8 && !(GCPhysFault & 7) && IOMMMIO_DOES_WRITE_MODE_ALLOW_QWORD(pRange->fFlags)) )
298 rc = pRange->CTX_SUFF(pfnWriteCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
299 GCPhysFault, (void *)pvData, cb); /** @todo fix const!! */
300 else
301 rc = iomMMIODoComplicatedWrite(pVM, pRange, GCPhysFault, pvData, cb);
302 }
303 else
304 rc = VINF_SUCCESS;
305
306 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
307 STAM_COUNTER_INC(&pStats->Accesses);
308 return VBOXSTRICTRC_TODO(rc);
309}
310
311
312/**
313 * Deals with complicated MMIO reads.
314 *
315 * Complicatd means unaligned or non-dword/qword align accesses depending on
316 * the MMIO region's access mode flags.
317 *
318 * @returns Strict VBox status code. Any EM scheduling status code,
319 * VINF_IOM_R3_MMIO_READ, VINF_IOM_R3_MMIO_READ_WRITE or
320 * VINF_IOM_R3_MMIO_WRITE may be returned.
321 *
322 * @param pVM Pointer to the VM.
323 * @param pRange The range to read from.
324 * @param GCPhys The physical address to start reading.
325 * @param pvValue Where to store the value.
326 * @param cbValue The size of the value to read.
327 */
328static VBOXSTRICTRC iomMMIODoComplicatedRead(PVM pVM, PIOMMMIORANGE pRange, RTGCPHYS GCPhys, void *pvValue, unsigned cbValue)
329{
330 AssertReturn( (pRange->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD
331 || (pRange->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD_QWORD,
332 VERR_IOM_MMIO_IPE_1);
333 AssertReturn(cbValue != 0 && cbValue <= 16, VERR_IOM_MMIO_IPE_2);
334 RTGCPHYS const GCPhysStart = GCPhys; NOREF(GCPhysStart);
335
336 /*
337 * Do debug stop if requested.
338 */
339 int rc = VINF_SUCCESS; NOREF(pVM);
340#ifdef VBOX_STRICT
341 if (pRange->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_READ)
342 {
343# ifdef IN_RING3
344 rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
345 "Complicated read %#x byte at %RGp to %s\n", cbValue, GCPhys, R3STRING(pRange->pszDesc));
346 if (rc == VERR_DBGF_NOT_ATTACHED)
347 rc = VINF_SUCCESS;
348# else
349 return VINF_IOM_R3_MMIO_READ;
350# endif
351 }
352#endif
353
354 /*
355 * Split and conquer.
356 */
357 for (;;)
358 {
359 /*
360 * Do DWORD read from the device.
361 */
362 uint32_t u32Value;
363 int rc2 = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
364 GCPhys & ~(RTGCPHYS)3, &u32Value, sizeof(u32Value));
365 switch (rc2)
366 {
367 case VINF_SUCCESS:
368 break;
369 case VINF_IOM_MMIO_UNUSED_FF:
370 u32Value = UINT32_C(0xffffffff);
371 break;
372 case VINF_IOM_MMIO_UNUSED_00:
373 u32Value = 0;
374 break;
375 case VINF_IOM_R3_MMIO_READ:
376 case VINF_IOM_R3_MMIO_READ_WRITE:
377 case VINF_IOM_R3_MMIO_WRITE:
378 /** @todo What if we've split a transfer and already read
379 * something? Since reads can have sideeffects we could be
380 * kind of screwed here... */
381 LogFlow(("iomMMIODoComplicatedRead: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc\n", GCPhys, GCPhysStart, cbValue, rc2));
382 return rc2;
383 default:
384 if (RT_FAILURE(rc2))
385 {
386 Log(("iomMMIODoComplicatedRead: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc\n", GCPhys, GCPhysStart, cbValue, rc2));
387 return rc2;
388 }
389 AssertMsgReturn(rc2 >= VINF_EM_FIRST && rc2 <= VINF_EM_LAST, ("%Rrc\n", rc2), VERR_IPE_UNEXPECTED_INFO_STATUS);
390 if (rc == VINF_SUCCESS || rc2 < rc)
391 rc = rc2;
392 break;
393 }
394 u32Value >>= (GCPhys & 3) * 8;
395
396 /*
397 * Write what we've read.
398 */
399 unsigned cbThisPart = 4 - (GCPhys & 3);
400 if (cbThisPart > cbValue)
401 cbThisPart = cbValue;
402
403 switch (cbThisPart)
404 {
405 case 1:
406 *(uint8_t *)pvValue = (uint8_t)u32Value;
407 break;
408 case 2:
409 *(uint16_t *)pvValue = (uint16_t)u32Value;
410 break;
411 case 3:
412 ((uint8_t *)pvValue)[0] = RT_BYTE1(u32Value);
413 ((uint8_t *)pvValue)[1] = RT_BYTE2(u32Value);
414 ((uint8_t *)pvValue)[2] = RT_BYTE3(u32Value);
415 break;
416 case 4:
417 *(uint32_t *)pvValue = u32Value;
418 break;
419 }
420
421 /*
422 * Advance.
423 */
424 cbValue -= cbThisPart;
425 if (!cbValue)
426 break;
427 GCPhys += cbThisPart;
428 pvValue = (uint8_t *)pvValue + cbThisPart;
429 }
430
431 return rc;
432}
433
434
435/**
436 * Implements VINF_IOM_MMIO_UNUSED_FF.
437 *
438 * @returns VINF_SUCCESS.
439 * @param pvValue Where to store the zeros.
440 * @param cbValue How many bytes to read.
441 */
442static int iomMMIODoReadFFs(void *pvValue, size_t cbValue)
443{
444 switch (cbValue)
445 {
446 case 1: *(uint8_t *)pvValue = UINT8_C(0xff); break;
447 case 2: *(uint16_t *)pvValue = UINT16_C(0xffff); break;
448 case 4: *(uint32_t *)pvValue = UINT32_C(0xffffffff); break;
449 case 8: *(uint64_t *)pvValue = UINT64_C(0xffffffffffffffff); break;
450 default:
451 {
452 uint8_t *pb = (uint8_t *)pvValue;
453 while (cbValue--)
454 *pb++ = UINT8_C(0xff);
455 break;
456 }
457 }
458 return VINF_SUCCESS;
459}
460
461
462/**
463 * Implements VINF_IOM_MMIO_UNUSED_00.
464 *
465 * @returns VINF_SUCCESS.
466 * @param pvValue Where to store the zeros.
467 * @param cbValue How many bytes to read.
468 */
469static int iomMMIODoRead00s(void *pvValue, size_t cbValue)
470{
471 switch (cbValue)
472 {
473 case 1: *(uint8_t *)pvValue = UINT8_C(0x00); break;
474 case 2: *(uint16_t *)pvValue = UINT16_C(0x0000); break;
475 case 4: *(uint32_t *)pvValue = UINT32_C(0x00000000); break;
476 case 8: *(uint64_t *)pvValue = UINT64_C(0x0000000000000000); break;
477 default:
478 {
479 uint8_t *pb = (uint8_t *)pvValue;
480 while (cbValue--)
481 *pb++ = UINT8_C(0x00);
482 break;
483 }
484 }
485 return VINF_SUCCESS;
486}
487
488
489/**
490 * Wrapper which does the read and updates range statistics when such are enabled.
491 */
492DECLINLINE(int) iomMMIODoRead(PVM pVM, PVMCPU pVCpu, PIOMMMIORANGE pRange, RTGCPHYS GCPhys, void *pvValue, unsigned cbValue)
493{
494#ifdef VBOX_WITH_STATISTICS
495 int rcSem = IOM_LOCK_SHARED(pVM);
496 if (rcSem == VERR_SEM_BUSY)
497 return VINF_IOM_R3_MMIO_READ;
498 PIOMMMIOSTATS pStats = iomMmioGetStats(pVM, pVCpu, GCPhys, pRange);
499 if (!pStats)
500# ifdef IN_RING3
501 return VERR_NO_MEMORY;
502# else
503 return VINF_IOM_R3_MMIO_READ;
504# endif
505 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a);
506#endif
507
508 VBOXSTRICTRC rc;
509 if (RT_LIKELY(pRange->CTX_SUFF(pfnReadCallback)))
510 {
511 if ( ( cbValue == 4
512 && !(GCPhys & 3))
513 || (pRange->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_PASSTHRU
514 || ( cbValue == 8
515 && !(GCPhys & 7)
516 && (pRange->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD_QWORD ) )
517 rc = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhys, pvValue, cbValue);
518 else
519 rc = iomMMIODoComplicatedRead(pVM, pRange, GCPhys, pvValue, cbValue);
520 }
521 else
522 rc = VINF_IOM_MMIO_UNUSED_FF;
523 if (rc != VINF_SUCCESS)
524 {
525 switch (VBOXSTRICTRC_VAL(rc))
526 {
527 case VINF_IOM_MMIO_UNUSED_FF: rc = iomMMIODoReadFFs(pvValue, cbValue); break;
528 case VINF_IOM_MMIO_UNUSED_00: rc = iomMMIODoRead00s(pvValue, cbValue); break;
529 }
530 }
531
532 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
533 STAM_COUNTER_INC(&pStats->Accesses);
534 return VBOXSTRICTRC_VAL(rc);
535}
536
537
538/**
539 * Internal - statistics only.
540 */
541DECLINLINE(void) iomMMIOStatLength(PVM pVM, unsigned cb)
542{
543#ifdef VBOX_WITH_STATISTICS
544 switch (cb)
545 {
546 case 1:
547 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO1Byte);
548 break;
549 case 2:
550 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO2Bytes);
551 break;
552 case 4:
553 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO4Bytes);
554 break;
555 case 8:
556 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIO8Bytes);
557 break;
558 default:
559 /* No way. */
560 AssertMsgFailed(("Invalid data length %d\n", cb));
561 break;
562 }
563#else
564 NOREF(pVM); NOREF(cb);
565#endif
566}
567
568
569/**
570 * MOV reg, mem (read)
571 * MOVZX reg, mem (read)
572 * MOVSX reg, mem (read)
573 *
574 * @returns VBox status code.
575 *
576 * @param pVM The virtual machine.
577 * @param pVCpu Pointer to the virtual CPU structure of the caller.
578 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
579 * @param pCpu Disassembler CPU state.
580 * @param pRange Pointer MMIO range.
581 * @param GCPhysFault The GC physical address corresponding to pvFault.
582 */
583static int iomInterpretMOVxXRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu,
584 PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault)
585{
586 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
587
588 /*
589 * Get the data size from parameter 2,
590 * and call the handler function to get the data.
591 */
592 unsigned cb = DISGetParamSize(pCpu, &pCpu->Param2);
593 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
594
595 uint64_t u64Data = 0;
596 int rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &u64Data, cb);
597 if (rc == VINF_SUCCESS)
598 {
599 /*
600 * Do sign extension for MOVSX.
601 */
602 /** @todo checkup MOVSX implementation! */
603 if (pCpu->pCurInstr->uOpcode == OP_MOVSX)
604 {
605 if (cb == 1)
606 {
607 /* DWORD <- BYTE */
608 int64_t iData = (int8_t)u64Data;
609 u64Data = (uint64_t)iData;
610 }
611 else
612 {
613 /* DWORD <- WORD */
614 int64_t iData = (int16_t)u64Data;
615 u64Data = (uint64_t)iData;
616 }
617 }
618
619 /*
620 * Store the result to register (parameter 1).
621 */
622 bool fRc = iomSaveDataToReg(pCpu, &pCpu->Param1, pRegFrame, u64Data);
623 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
624 }
625
626 if (rc == VINF_SUCCESS)
627 iomMMIOStatLength(pVM, cb);
628 return rc;
629}
630
631
632/**
633 * MOV mem, reg|imm (write)
634 *
635 * @returns VBox status code.
636 *
637 * @param pVM The virtual machine.
638 * @param pVCpu Pointer to the virtual CPU structure of the caller.
639 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
640 * @param pCpu Disassembler CPU state.
641 * @param pRange Pointer MMIO range.
642 * @param GCPhysFault The GC physical address corresponding to pvFault.
643 */
644static int iomInterpretMOVxXWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu,
645 PIOMMMIORANGE pRange, RTGCPHYS GCPhysFault)
646{
647 Assert(pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3);
648
649 /*
650 * Get data to write from second parameter,
651 * and call the callback to write it.
652 */
653 unsigned cb = 0;
654 uint64_t u64Data = 0;
655 bool fRc = iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &u64Data, &cb);
656 AssertMsg(fRc, ("Failed to get reg/imm port number!\n")); NOREF(fRc);
657
658 int rc = iomMMIODoWrite(pVM, pVCpu, pRange, GCPhysFault, &u64Data, cb);
659 if (rc == VINF_SUCCESS)
660 iomMMIOStatLength(pVM, cb);
661 return rc;
662}
663
664
665/** Wrapper for reading virtual memory. */
666DECLINLINE(int) iomRamRead(PVMCPU pVCpu, void *pDest, RTGCPTR GCSrc, uint32_t cb)
667{
668 /* Note: This will fail in R0 or RC if it hits an access handler. That
669 isn't a problem though since the operation can be restarted in REM. */
670#ifdef IN_RC
671 NOREF(pVCpu);
672 int rc = MMGCRamReadNoTrapHandler(pDest, (void *)(uintptr_t)GCSrc, cb);
673 /* Page may be protected and not directly accessible. */
674 if (rc == VERR_ACCESS_DENIED)
675 rc = VINF_IOM_R3_IOPORT_WRITE;
676 return rc;
677#else
678 return PGMPhysReadGCPtr(pVCpu, pDest, GCSrc, cb);
679#endif
680}
681
682
683/** Wrapper for writing virtual memory. */
684DECLINLINE(int) iomRamWrite(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, void *pvSrc, uint32_t cb)
685{
686 /** @todo Need to update PGMVerifyAccess to take access handlers into account for Ring-0 and
687 * raw mode code. Some thought needs to be spent on theoretical concurrency issues as
688 * as well since we're not behind the pgm lock and handler may change between calls.
689 *
690 * PGMPhysInterpretedWriteNoHandlers/PGMPhysWriteGCPtr may mess up
691 * the state of some shadowed structures. */
692#if defined(IN_RING0) || defined(IN_RC)
693 return PGMPhysInterpretedWriteNoHandlers(pVCpu, pCtxCore, GCPtrDst, pvSrc, cb, false /*fRaiseTrap*/);
694#else
695 NOREF(pCtxCore);
696 return PGMPhysWriteGCPtr(pVCpu, GCPtrDst, pvSrc, cb);
697#endif
698}
699
700
701#if defined(IOM_WITH_MOVS_SUPPORT) && 0 /* locking prevents this from working. has buggy ecx handling. */
702/**
703 * [REP] MOVSB
704 * [REP] MOVSW
705 * [REP] MOVSD
706 *
707 * Restricted implementation.
708 *
709 *
710 * @returns VBox status code.
711 *
712 * @param pVM The virtual machine.
713 * @param uErrorCode CPU Error code.
714 * @param pRegFrame Trap register frame.
715 * @param GCPhysFault The GC physical address corresponding to pvFault.
716 * @param pCpu Disassembler CPU state.
717 * @param pRange Pointer MMIO range.
718 * @param ppStat Which sub-sample to attribute this call to.
719 */
720static int iomInterpretMOVS(PVM pVM, bool fWriteAccess, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu, PIOMMMIORANGE pRange,
721 PSTAMPROFILE *ppStat)
722{
723 /*
724 * We do not support segment prefixes or REPNE.
725 */
726 if (pCpu->fPrefix & (DISPREFIX_SEG | DISPREFIX_REPNE))
727 return VINF_IOM_R3_MMIO_READ_WRITE; /** @todo -> interpret whatever. */
728
729 PVMCPU pVCpu = VMMGetCpu(pVM);
730
731 /*
732 * Get bytes/words/dwords/qword count to copy.
733 */
734 uint32_t cTransfers = 1;
735 if (pCpu->fPrefix & DISPREFIX_REP)
736 {
737#ifndef IN_RC
738 if ( CPUMIsGuestIn64BitCode(pVCpu, pRegFrame)
739 && pRegFrame->rcx >= _4G)
740 return VINF_EM_RAW_EMULATE_INSTR;
741#endif
742
743 cTransfers = pRegFrame->ecx;
744 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) == DISCPUMODE_16BIT)
745 cTransfers &= 0xffff;
746
747 if (!cTransfers)
748 return VINF_SUCCESS;
749 }
750
751 /* Get the current privilege level. */
752 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
753
754 /*
755 * Get data size.
756 */
757 unsigned cb = DISGetParamSize(pCpu, &pCpu->Param1);
758 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
759 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
760
761#ifdef VBOX_WITH_STATISTICS
762 if (pVM->iom.s.cMovsMaxBytes < (cTransfers << SIZE_2_SHIFT(cb)))
763 pVM->iom.s.cMovsMaxBytes = cTransfers << SIZE_2_SHIFT(cb);
764#endif
765
766/** @todo re-evaluate on page boundaries. */
767
768 RTGCPHYS Phys = GCPhysFault;
769 int rc;
770 if (fWriteAccess)
771 {
772 /*
773 * Write operation: [Mem] -> [MMIO]
774 * ds:esi (Virt Src) -> es:edi (Phys Dst)
775 */
776 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsToMMIO; });
777
778 /* Check callback. */
779 if (!pRange->CTX_SUFF(pfnWriteCallback))
780 return VINF_IOM_R3_MMIO_WRITE;
781
782 /* Convert source address ds:esi. */
783 RTGCUINTPTR pu8Virt;
784 rc = SELMToFlatEx(pVM, DISSELREG_DS, pRegFrame, (RTGCPTR)pRegFrame->rsi,
785 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
786 (PRTGCPTR)&pu8Virt);
787 if (RT_SUCCESS(rc))
788 {
789
790 /* Access verification first; we currently can't recover properly from traps inside this instruction */
791 rc = PGMVerifyAccess(pVCpu, pu8Virt, cTransfers * cb, (cpl == 3) ? X86_PTE_US : 0);
792 if (rc != VINF_SUCCESS)
793 {
794 Log(("MOVS will generate a trap -> recompiler, rc=%d\n", rc));
795 return VINF_EM_RAW_EMULATE_INSTR;
796 }
797
798#ifdef IN_RC
799 MMGCRamRegisterTrapHandler(pVM);
800#endif
801
802 /* copy loop. */
803 while (cTransfers)
804 {
805 uint32_t u32Data = 0;
806 rc = iomRamRead(pVCpu, &u32Data, (RTGCPTR)pu8Virt, cb);
807 if (rc != VINF_SUCCESS)
808 break;
809 rc = iomMMIODoWrite(pVM, pRange, Phys, &u32Data, cb);
810 if (rc != VINF_SUCCESS)
811 break;
812
813 pu8Virt += offIncrement;
814 Phys += offIncrement;
815 pRegFrame->rsi += offIncrement;
816 pRegFrame->rdi += offIncrement;
817 cTransfers--;
818 }
819#ifdef IN_RC
820 MMGCRamDeregisterTrapHandler(pVM);
821#endif
822 /* Update ecx. */
823 if (pCpu->fPrefix & DISPREFIX_REP)
824 pRegFrame->ecx = cTransfers;
825 }
826 else
827 rc = VINF_IOM_R3_MMIO_READ_WRITE;
828 }
829 else
830 {
831 /*
832 * Read operation: [MMIO] -> [mem] or [MMIO] -> [MMIO]
833 * ds:[eSI] (Phys Src) -> es:[eDI] (Virt Dst)
834 */
835 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsFromMMIO; });
836
837 /* Check callback. */
838 if (!pRange->CTX_SUFF(pfnReadCallback))
839 return VINF_IOM_R3_MMIO_READ;
840
841 /* Convert destination address. */
842 RTGCUINTPTR pu8Virt;
843 rc = SELMToFlatEx(pVM, DISSELREG_ES, pRegFrame, (RTGCPTR)pRegFrame->rdi,
844 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
845 (RTGCPTR *)&pu8Virt);
846 if (RT_FAILURE(rc))
847 return VINF_IOM_R3_MMIO_READ;
848
849 /* Check if destination address is MMIO. */
850 PIOMMMIORANGE pMMIODst;
851 RTGCPHYS PhysDst;
852 rc = PGMGstGetPage(pVCpu, (RTGCPTR)pu8Virt, NULL, &PhysDst);
853 PhysDst |= (RTGCUINTPTR)pu8Virt & PAGE_OFFSET_MASK;
854 if ( RT_SUCCESS(rc)
855 && (pMMIODst = iomMmioGetRangeWithRef(pVM, PhysDst)))
856 {
857 /** @todo implement per-device locks for MMIO access. */
858 Assert(!pMMIODst->CTX_SUFF(pDevIns)->CTX_SUFF(pCritSect));
859
860 /*
861 * Extra: [MMIO] -> [MMIO]
862 */
863 STAM_STATS({ *ppStat = &pVM->iom.s.StatRZInstMovsMMIO; });
864 if (!pMMIODst->CTX_SUFF(pfnWriteCallback) && pMMIODst->pfnWriteCallbackR3)
865 {
866 iomMmioReleaseRange(pVM, pRange);
867 return VINF_IOM_R3_MMIO_READ_WRITE;
868 }
869
870 /* copy loop. */
871 while (cTransfers)
872 {
873 uint32_t u32Data;
874 rc = iomMMIODoRead(pVM, pRange, Phys, &u32Data, cb);
875 if (rc != VINF_SUCCESS)
876 break;
877 rc = iomMMIODoWrite(pVM, pMMIODst, PhysDst, &u32Data, cb);
878 if (rc != VINF_SUCCESS)
879 break;
880
881 Phys += offIncrement;
882 PhysDst += offIncrement;
883 pRegFrame->rsi += offIncrement;
884 pRegFrame->rdi += offIncrement;
885 cTransfers--;
886 }
887 iomMmioReleaseRange(pVM, pRange);
888 }
889 else
890 {
891 /*
892 * Normal: [MMIO] -> [Mem]
893 */
894 /* Access verification first; we currently can't recover properly from traps inside this instruction */
895 rc = PGMVerifyAccess(pVCpu, pu8Virt, cTransfers * cb, X86_PTE_RW | ((cpl == 3) ? X86_PTE_US : 0));
896 if (rc != VINF_SUCCESS)
897 {
898 Log(("MOVS will generate a trap -> recompiler, rc=%d\n", rc));
899 return VINF_EM_RAW_EMULATE_INSTR;
900 }
901
902 /* copy loop. */
903#ifdef IN_RC
904 MMGCRamRegisterTrapHandler(pVM);
905#endif
906 while (cTransfers)
907 {
908 uint32_t u32Data;
909 rc = iomMMIODoRead(pVM, pRange, Phys, &u32Data, cb);
910 if (rc != VINF_SUCCESS)
911 break;
912 rc = iomRamWrite(pVCpu, pRegFrame, (RTGCPTR)pu8Virt, &u32Data, cb);
913 if (rc != VINF_SUCCESS)
914 {
915 Log(("iomRamWrite %08X size=%d failed with %d\n", pu8Virt, cb, rc));
916 break;
917 }
918
919 pu8Virt += offIncrement;
920 Phys += offIncrement;
921 pRegFrame->rsi += offIncrement;
922 pRegFrame->rdi += offIncrement;
923 cTransfers--;
924 }
925#ifdef IN_RC
926 MMGCRamDeregisterTrapHandler(pVM);
927#endif
928 }
929
930 /* Update ecx on exit. */
931 if (pCpu->fPrefix & DISPREFIX_REP)
932 pRegFrame->ecx = cTransfers;
933 }
934
935 /* work statistics. */
936 if (rc == VINF_SUCCESS)
937 iomMMIOStatLength(pVM, cb);
938 NOREF(ppStat);
939 return rc;
940}
941#endif /* IOM_WITH_MOVS_SUPPORT */
942
943
944/**
945 * Gets the address / opcode mask corresponding to the given CPU mode.
946 *
947 * @returns Mask.
948 * @param enmCpuMode CPU mode.
949 */
950static uint64_t iomDisModeToMask(DISCPUMODE enmCpuMode)
951{
952 switch (enmCpuMode)
953 {
954 case DISCPUMODE_16BIT: return UINT16_MAX;
955 case DISCPUMODE_32BIT: return UINT32_MAX;
956 case DISCPUMODE_64BIT: return UINT64_MAX;
957 default:
958 AssertFailedReturn(UINT32_MAX);
959 }
960}
961
962
963/**
964 * [REP] STOSB
965 * [REP] STOSW
966 * [REP] STOSD
967 *
968 * Restricted implementation.
969 *
970 *
971 * @returns VBox status code.
972 *
973 * @param pVM The virtual machine.
974 * @param pVCpu Pointer to the virtual CPU structure of the caller.
975 * @param pRegFrame Trap register frame.
976 * @param GCPhysFault The GC physical address corresponding to pvFault.
977 * @param pCpu Disassembler CPU state.
978 * @param pRange Pointer MMIO range.
979 */
980static int iomInterpretSTOS(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault,
981 PDISCPUSTATE pCpu, PIOMMMIORANGE pRange)
982{
983 /*
984 * We do not support segment prefixes or REPNE..
985 */
986 if (pCpu->fPrefix & (DISPREFIX_SEG | DISPREFIX_REPNE))
987 return VINF_IOM_R3_MMIO_READ_WRITE; /** @todo -> REM instead of HC */
988
989 /*
990 * Get bytes/words/dwords/qwords count to copy.
991 */
992 uint64_t const fAddrMask = iomDisModeToMask((DISCPUMODE)pCpu->uAddrMode);
993 RTGCUINTREG cTransfers = 1;
994 if (pCpu->fPrefix & DISPREFIX_REP)
995 {
996#ifndef IN_RC
997 if ( CPUMIsGuestIn64BitCode(pVCpu)
998 && pRegFrame->rcx >= _4G)
999 return VINF_EM_RAW_EMULATE_INSTR;
1000#endif
1001
1002 cTransfers = pRegFrame->rcx & fAddrMask;
1003 if (!cTransfers)
1004 return VINF_SUCCESS;
1005 }
1006
1007/** @todo r=bird: bounds checks! */
1008
1009 /*
1010 * Get data size.
1011 */
1012 unsigned cb = DISGetParamSize(pCpu, &pCpu->Param1);
1013 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
1014 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
1015
1016#ifdef VBOX_WITH_STATISTICS
1017 if (pVM->iom.s.cStosMaxBytes < (cTransfers << SIZE_2_SHIFT(cb)))
1018 pVM->iom.s.cStosMaxBytes = cTransfers << SIZE_2_SHIFT(cb);
1019#endif
1020
1021
1022 RTGCPHYS Phys = GCPhysFault;
1023 int rc;
1024 if ( pRange->CTX_SUFF(pfnFillCallback)
1025 && cb <= 4 /* can only fill 32-bit values */)
1026 {
1027 /*
1028 * Use the fill callback.
1029 */
1030 /** @todo pfnFillCallback must return number of bytes successfully written!!! */
1031 if (offIncrement > 0)
1032 {
1033 /* addr++ variant. */
1034 rc = pRange->CTX_SUFF(pfnFillCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), Phys,
1035 pRegFrame->eax, cb, cTransfers);
1036 if (rc == VINF_SUCCESS)
1037 {
1038 /* Update registers. */
1039 pRegFrame->rdi = ((pRegFrame->rdi + (cTransfers << SIZE_2_SHIFT(cb))) & fAddrMask)
1040 | (pRegFrame->rdi & ~fAddrMask);
1041 if (pCpu->fPrefix & DISPREFIX_REP)
1042 pRegFrame->rcx &= ~fAddrMask;
1043 }
1044 }
1045 else
1046 {
1047 /* addr-- variant. */
1048 rc = pRange->CTX_SUFF(pfnFillCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
1049 Phys - ((cTransfers - 1) << SIZE_2_SHIFT(cb)),
1050 pRegFrame->eax, cb, cTransfers);
1051 if (rc == VINF_SUCCESS)
1052 {
1053 /* Update registers. */
1054 pRegFrame->rdi = ((pRegFrame->rdi - (cTransfers << SIZE_2_SHIFT(cb))) & fAddrMask)
1055 | (pRegFrame->rdi & ~fAddrMask);
1056 if (pCpu->fPrefix & DISPREFIX_REP)
1057 pRegFrame->rcx &= ~fAddrMask;
1058 }
1059 }
1060 }
1061 else
1062 {
1063 /*
1064 * Use the write callback.
1065 */
1066 Assert(pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3);
1067 uint64_t u64Data = pRegFrame->rax;
1068
1069 /* fill loop. */
1070 do
1071 {
1072 rc = iomMMIODoWrite(pVM, pVCpu, pRange, Phys, &u64Data, cb);
1073 if (rc != VINF_SUCCESS)
1074 break;
1075
1076 Phys += offIncrement;
1077 pRegFrame->rdi = ((pRegFrame->rdi + offIncrement) & fAddrMask)
1078 | (pRegFrame->rdi & ~fAddrMask);
1079 cTransfers--;
1080 } while (cTransfers);
1081
1082 /* Update rcx on exit. */
1083 if (pCpu->fPrefix & DISPREFIX_REP)
1084 pRegFrame->rcx = (cTransfers & fAddrMask)
1085 | (pRegFrame->rcx & ~fAddrMask);
1086 }
1087
1088 /*
1089 * Work statistics and return.
1090 */
1091 if (rc == VINF_SUCCESS)
1092 iomMMIOStatLength(pVM, cb);
1093 return rc;
1094}
1095
1096
1097/**
1098 * [REP] LODSB
1099 * [REP] LODSW
1100 * [REP] LODSD
1101 *
1102 * Restricted implementation.
1103 *
1104 *
1105 * @returns VBox status code.
1106 *
1107 * @param pVM The virtual machine.
1108 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1109 * @param pRegFrame Trap register frame.
1110 * @param GCPhysFault The GC physical address corresponding to pvFault.
1111 * @param pCpu Disassembler CPU state.
1112 * @param pRange Pointer MMIO range.
1113 */
1114static int iomInterpretLODS(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1115 PIOMMMIORANGE pRange)
1116{
1117 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
1118
1119 /*
1120 * We do not support segment prefixes or REP*.
1121 */
1122 if (pCpu->fPrefix & (DISPREFIX_SEG | DISPREFIX_REP | DISPREFIX_REPNE))
1123 return VINF_IOM_R3_MMIO_READ_WRITE; /** @todo -> REM instead of HC */
1124
1125 /*
1126 * Get data size.
1127 */
1128 unsigned cb = DISGetParamSize(pCpu, &pCpu->Param2);
1129 AssertMsg(cb > 0 && cb <= sizeof(uint64_t), ("cb=%d\n", cb));
1130 int offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cb : (signed)cb;
1131
1132 /*
1133 * Perform read.
1134 */
1135 int rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &pRegFrame->rax, cb);
1136 if (rc == VINF_SUCCESS)
1137 {
1138 uint64_t const fAddrMask = iomDisModeToMask((DISCPUMODE)pCpu->uAddrMode);
1139 pRegFrame->rsi = ((pRegFrame->rsi + offIncrement) & fAddrMask)
1140 | (pRegFrame->rsi & ~fAddrMask);
1141 }
1142
1143 /*
1144 * Work statistics and return.
1145 */
1146 if (rc == VINF_SUCCESS)
1147 iomMMIOStatLength(pVM, cb);
1148 return rc;
1149}
1150
1151
1152/**
1153 * CMP [MMIO], reg|imm
1154 * CMP reg|imm, [MMIO]
1155 *
1156 * Restricted implementation.
1157 *
1158 *
1159 * @returns VBox status code.
1160 *
1161 * @param pVM The virtual machine.
1162 * @param pRegFrame Trap register frame.
1163 * @param GCPhysFault The GC physical address corresponding to pvFault.
1164 * @param pCpu Disassembler CPU state.
1165 * @param pRange Pointer MMIO range.
1166 */
1167static int iomInterpretCMP(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1168 PIOMMMIORANGE pRange)
1169{
1170 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
1171
1172 /*
1173 * Get the operands.
1174 */
1175 unsigned cb = 0;
1176 uint64_t uData1 = 0;
1177 uint64_t uData2 = 0;
1178 int rc;
1179 if (iomGetRegImmData(pCpu, &pCpu->Param1, pRegFrame, &uData1, &cb))
1180 /* cmp reg, [MMIO]. */
1181 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData2, cb);
1182 else if (iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &uData2, &cb))
1183 /* cmp [MMIO], reg|imm. */
1184 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1185 else
1186 {
1187 AssertMsgFailed(("Disassember CMP problem..\n"));
1188 rc = VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1189 }
1190
1191 if (rc == VINF_SUCCESS)
1192 {
1193#if HC_ARCH_BITS == 32
1194 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
1195 if (cb > 4)
1196 return VINF_IOM_R3_MMIO_READ_WRITE;
1197#endif
1198 /* Emulate CMP and update guest flags. */
1199 uint32_t eflags = EMEmulateCmp(uData1, uData2, cb);
1200 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1201 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1202 iomMMIOStatLength(pVM, cb);
1203 }
1204
1205 return rc;
1206}
1207
1208
1209/**
1210 * AND [MMIO], reg|imm
1211 * AND reg, [MMIO]
1212 * OR [MMIO], reg|imm
1213 * OR reg, [MMIO]
1214 *
1215 * Restricted implementation.
1216 *
1217 *
1218 * @returns VBox status code.
1219 *
1220 * @param pVM The virtual machine.
1221 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1222 * @param pRegFrame Trap register frame.
1223 * @param GCPhysFault The GC physical address corresponding to pvFault.
1224 * @param pCpu Disassembler CPU state.
1225 * @param pRange Pointer MMIO range.
1226 * @param pfnEmulate Instruction emulation function.
1227 */
1228static int iomInterpretOrXorAnd(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1229 PIOMMMIORANGE pRange, PFNEMULATEPARAM3 pfnEmulate)
1230{
1231 unsigned cb = 0;
1232 uint64_t uData1 = 0;
1233 uint64_t uData2 = 0;
1234 bool fAndWrite;
1235 int rc;
1236
1237#ifdef LOG_ENABLED
1238 const char *pszInstr;
1239
1240 if (pCpu->pCurInstr->uOpcode == OP_XOR)
1241 pszInstr = "Xor";
1242 else if (pCpu->pCurInstr->uOpcode == OP_OR)
1243 pszInstr = "Or";
1244 else if (pCpu->pCurInstr->uOpcode == OP_AND)
1245 pszInstr = "And";
1246 else
1247 pszInstr = "OrXorAnd??";
1248#endif
1249
1250 if (iomGetRegImmData(pCpu, &pCpu->Param1, pRegFrame, &uData1, &cb))
1251 {
1252#if HC_ARCH_BITS == 32
1253 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
1254 if (cb > 4)
1255 return VINF_IOM_R3_MMIO_READ_WRITE;
1256#endif
1257 /* and reg, [MMIO]. */
1258 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
1259 fAndWrite = false;
1260 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData2, cb);
1261 }
1262 else if (iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &uData2, &cb))
1263 {
1264#if HC_ARCH_BITS == 32
1265 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
1266 if (cb > 4)
1267 return VINF_IOM_R3_MMIO_READ_WRITE;
1268#endif
1269 /* and [MMIO], reg|imm. */
1270 fAndWrite = true;
1271 if ( (pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3)
1272 && (pRange->CTX_SUFF(pfnWriteCallback) || !pRange->pfnWriteCallbackR3))
1273 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1274 else
1275 rc = VINF_IOM_R3_MMIO_READ_WRITE;
1276 }
1277 else
1278 {
1279 AssertMsgFailed(("Disassember AND problem..\n"));
1280 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1281 }
1282
1283 if (rc == VINF_SUCCESS)
1284 {
1285 /* Emulate AND and update guest flags. */
1286 uint32_t eflags = pfnEmulate((uint32_t *)&uData1, uData2, cb);
1287
1288 LogFlow(("iomInterpretOrXorAnd %s result %RX64\n", pszInstr, uData1));
1289
1290 if (fAndWrite)
1291 /* Store result to MMIO. */
1292 rc = iomMMIODoWrite(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1293 else
1294 {
1295 /* Store result to register. */
1296 bool fRc = iomSaveDataToReg(pCpu, &pCpu->Param1, pRegFrame, uData1);
1297 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
1298 }
1299 if (rc == VINF_SUCCESS)
1300 {
1301 /* Update guest's eflags and finish. */
1302 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1303 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1304 iomMMIOStatLength(pVM, cb);
1305 }
1306 }
1307
1308 return rc;
1309}
1310
1311
1312/**
1313 * TEST [MMIO], reg|imm
1314 * TEST reg, [MMIO]
1315 *
1316 * Restricted implementation.
1317 *
1318 *
1319 * @returns VBox status code.
1320 *
1321 * @param pVM The virtual machine.
1322 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1323 * @param pRegFrame Trap register frame.
1324 * @param GCPhysFault The GC physical address corresponding to pvFault.
1325 * @param pCpu Disassembler CPU state.
1326 * @param pRange Pointer MMIO range.
1327 */
1328static int iomInterpretTEST(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1329 PIOMMMIORANGE pRange)
1330{
1331 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
1332
1333 unsigned cb = 0;
1334 uint64_t uData1 = 0;
1335 uint64_t uData2 = 0;
1336 int rc;
1337
1338 if (iomGetRegImmData(pCpu, &pCpu->Param1, pRegFrame, &uData1, &cb))
1339 {
1340 /* and test, [MMIO]. */
1341 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData2, cb);
1342 }
1343 else if (iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &uData2, &cb))
1344 {
1345 /* test [MMIO], reg|imm. */
1346 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1347 }
1348 else
1349 {
1350 AssertMsgFailed(("Disassember TEST problem..\n"));
1351 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1352 }
1353
1354 if (rc == VINF_SUCCESS)
1355 {
1356#if HC_ARCH_BITS == 32
1357 /* Can't deal with 8 byte operands in our 32-bit emulation code. */
1358 if (cb > 4)
1359 return VINF_IOM_R3_MMIO_READ_WRITE;
1360#endif
1361
1362 /* Emulate TEST (=AND without write back) and update guest EFLAGS. */
1363 uint32_t eflags = EMEmulateAnd((uint32_t *)&uData1, uData2, cb);
1364 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1365 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1366 iomMMIOStatLength(pVM, cb);
1367 }
1368
1369 return rc;
1370}
1371
1372
1373/**
1374 * BT [MMIO], reg|imm
1375 *
1376 * Restricted implementation.
1377 *
1378 *
1379 * @returns VBox status code.
1380 *
1381 * @param pVM The virtual machine.
1382 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1383 * @param pRegFrame Trap register frame.
1384 * @param GCPhysFault The GC physical address corresponding to pvFault.
1385 * @param pCpu Disassembler CPU state.
1386 * @param pRange Pointer MMIO range.
1387 */
1388static int iomInterpretBT(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1389 PIOMMMIORANGE pRange)
1390{
1391 Assert(pRange->CTX_SUFF(pfnReadCallback) || !pRange->pfnReadCallbackR3);
1392
1393 uint64_t uBit = 0;
1394 uint64_t uData = 0;
1395 unsigned cbIgnored;
1396
1397 if (!iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &uBit, &cbIgnored))
1398 {
1399 AssertMsgFailed(("Disassember BT problem..\n"));
1400 return VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1401 }
1402 /* The size of the memory operand only matters here. */
1403 unsigned cbData = DISGetParamSize(pCpu, &pCpu->Param1);
1404
1405 /* bt [MMIO], reg|imm. */
1406 int rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData, cbData);
1407 if (rc == VINF_SUCCESS)
1408 {
1409 /* Find the bit inside the faulting address */
1410 pRegFrame->eflags.Bits.u1CF = (uData >> uBit);
1411 iomMMIOStatLength(pVM, cbData);
1412 }
1413
1414 return rc;
1415}
1416
1417/**
1418 * XCHG [MMIO], reg
1419 * XCHG reg, [MMIO]
1420 *
1421 * Restricted implementation.
1422 *
1423 *
1424 * @returns VBox status code.
1425 *
1426 * @param pVM The virtual machine.
1427 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1428 * @param pRegFrame Trap register frame.
1429 * @param GCPhysFault The GC physical address corresponding to pvFault.
1430 * @param pCpu Disassembler CPU state.
1431 * @param pRange Pointer MMIO range.
1432 */
1433static int iomInterpretXCHG(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, PDISCPUSTATE pCpu,
1434 PIOMMMIORANGE pRange)
1435{
1436 /* Check for read & write handlers since IOMMMIOHandler doesn't cover this. */
1437 if ( (!pRange->CTX_SUFF(pfnReadCallback) && pRange->pfnReadCallbackR3)
1438 || (!pRange->CTX_SUFF(pfnWriteCallback) && pRange->pfnWriteCallbackR3))
1439 return VINF_IOM_R3_MMIO_READ_WRITE;
1440
1441 int rc;
1442 unsigned cb = 0;
1443 uint64_t uData1 = 0;
1444 uint64_t uData2 = 0;
1445 if (iomGetRegImmData(pCpu, &pCpu->Param1, pRegFrame, &uData1, &cb))
1446 {
1447 /* xchg reg, [MMIO]. */
1448 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData2, cb);
1449 if (rc == VINF_SUCCESS)
1450 {
1451 /* Store result to MMIO. */
1452 rc = iomMMIODoWrite(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1453
1454 if (rc == VINF_SUCCESS)
1455 {
1456 /* Store result to register. */
1457 bool fRc = iomSaveDataToReg(pCpu, &pCpu->Param1, pRegFrame, uData2);
1458 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
1459 }
1460 else
1461 Assert(rc == VINF_IOM_R3_MMIO_WRITE || rc == VINF_PATM_HC_MMIO_PATCH_WRITE);
1462 }
1463 else
1464 Assert(rc == VINF_IOM_R3_MMIO_READ || rc == VINF_PATM_HC_MMIO_PATCH_READ);
1465 }
1466 else if (iomGetRegImmData(pCpu, &pCpu->Param2, pRegFrame, &uData2, &cb))
1467 {
1468 /* xchg [MMIO], reg. */
1469 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, &uData1, cb);
1470 if (rc == VINF_SUCCESS)
1471 {
1472 /* Store result to MMIO. */
1473 rc = iomMMIODoWrite(pVM, pVCpu, pRange, GCPhysFault, &uData2, cb);
1474 if (rc == VINF_SUCCESS)
1475 {
1476 /* Store result to register. */
1477 bool fRc = iomSaveDataToReg(pCpu, &pCpu->Param2, pRegFrame, uData1);
1478 AssertMsg(fRc, ("Failed to store register value!\n")); NOREF(fRc);
1479 }
1480 else
1481 AssertMsg(rc == VINF_IOM_R3_MMIO_READ_WRITE || rc == VINF_IOM_R3_MMIO_WRITE || rc == VINF_PATM_HC_MMIO_PATCH_WRITE, ("rc=%Rrc\n", rc));
1482 }
1483 else
1484 AssertMsg(rc == VINF_IOM_R3_MMIO_READ_WRITE || rc == VINF_IOM_R3_MMIO_READ || rc == VINF_PATM_HC_MMIO_PATCH_READ, ("rc=%Rrc\n", rc));
1485 }
1486 else
1487 {
1488 AssertMsgFailed(("Disassember XCHG problem..\n"));
1489 rc = VERR_IOM_MMIO_HANDLER_DISASM_ERROR;
1490 }
1491 return rc;
1492}
1493
1494
1495/**
1496 * \#PF Handler callback for MMIO ranges.
1497 *
1498 * @returns VBox status code (appropriate for GC return).
1499 * @param pVM Pointer to the VM.
1500 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1501 * @param uErrorCode CPU Error code. This is UINT32_MAX when we don't have
1502 * any error code (the EPT misconfig hack).
1503 * @param pCtxCore Trap register frame.
1504 * @param GCPhysFault The GC physical address corresponding to pvFault.
1505 * @param pvUser Pointer to the MMIO ring-3 range entry.
1506 */
1507static int iomMMIOHandler(PVM pVM, PVMCPU pVCpu, uint32_t uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPHYS GCPhysFault, void *pvUser)
1508{
1509 int rc = IOM_LOCK_SHARED(pVM);
1510#ifndef IN_RING3
1511 if (rc == VERR_SEM_BUSY)
1512 return VINF_IOM_R3_MMIO_READ_WRITE;
1513#endif
1514 AssertRC(rc);
1515
1516 STAM_PROFILE_START(&pVM->iom.s.StatRZMMIOHandler, a);
1517 Log(("iomMMIOHandler: GCPhys=%RGp uErr=%#x rip=%RGv\n", GCPhysFault, uErrorCode, (RTGCPTR)pCtxCore->rip));
1518
1519 PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
1520 Assert(pRange);
1521 Assert(pRange == iomMmioGetRange(pVM, pVCpu, GCPhysFault));
1522 iomMmioRetainRange(pRange);
1523#ifndef VBOX_WITH_STATISTICS
1524 IOM_UNLOCK_SHARED(pVM);
1525
1526#else
1527 /*
1528 * Locate the statistics.
1529 */
1530 PIOMMMIOSTATS pStats = iomMmioGetStats(pVM, pVCpu, GCPhysFault, pRange);
1531 if (!pStats)
1532 {
1533 iomMmioReleaseRange(pVM, pRange);
1534# ifdef IN_RING3
1535 return VERR_NO_MEMORY;
1536# else
1537 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1538 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1539 return VINF_IOM_R3_MMIO_READ_WRITE;
1540# endif
1541 }
1542#endif
1543
1544#ifndef IN_RING3
1545 /*
1546 * Should we defer the request right away? This isn't usually the case, so
1547 * do the simple test first and the try deal with uErrorCode being N/A.
1548 */
1549 if (RT_UNLIKELY( ( !pRange->CTX_SUFF(pfnWriteCallback)
1550 || !pRange->CTX_SUFF(pfnReadCallback))
1551 && ( uErrorCode == UINT32_MAX
1552 ? pRange->pfnWriteCallbackR3 || pRange->pfnReadCallbackR3
1553 : uErrorCode & X86_TRAP_PF_RW
1554 ? !pRange->CTX_SUFF(pfnWriteCallback) && pRange->pfnWriteCallbackR3
1555 : !pRange->CTX_SUFF(pfnReadCallback) && pRange->pfnReadCallbackR3
1556 )
1557 )
1558 )
1559 {
1560 if (uErrorCode & X86_TRAP_PF_RW)
1561 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1562 else
1563 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1564
1565 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1566 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1567 iomMmioReleaseRange(pVM, pRange);
1568 return VINF_IOM_R3_MMIO_READ_WRITE;
1569 }
1570#endif /* !IN_RING3 */
1571
1572 /*
1573 * Retain the range and do locking.
1574 */
1575 PPDMDEVINS pDevIns = pRange->CTX_SUFF(pDevIns);
1576 rc = PDMCritSectEnter(pDevIns->CTX_SUFF(pCritSectRo), VINF_IOM_R3_MMIO_READ_WRITE);
1577 if (rc != VINF_SUCCESS)
1578 {
1579 iomMmioReleaseRange(pVM, pRange);
1580 return rc;
1581 }
1582
1583 /*
1584 * Disassemble the instruction and interpret it.
1585 */
1586 PDISCPUSTATE pDis = &pVCpu->iom.s.DisState;
1587 unsigned cbOp;
1588 rc = EMInterpretDisasCurrent(pVM, pVCpu, pDis, &cbOp);
1589 if (RT_FAILURE(rc))
1590 {
1591 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1592 iomMmioReleaseRange(pVM, pRange);
1593 return rc;
1594 }
1595 switch (pDis->pCurInstr->uOpcode)
1596 {
1597 case OP_MOV:
1598 case OP_MOVZX:
1599 case OP_MOVSX:
1600 {
1601 STAM_PROFILE_START(&pVM->iom.s.StatRZInstMov, b);
1602 AssertMsg(uErrorCode == UINT32_MAX || DISUSE_IS_EFFECTIVE_ADDR(pDis->Param1.fUse) == !!(uErrorCode & X86_TRAP_PF_RW), ("flags1=%#llx/%RTbool flags2=%#llx/%RTbool ErrCd=%#x\n", pDis->Param1.fUse, DISUSE_IS_EFFECTIVE_ADDR(pDis->Param1.fUse), pDis->Param2.fUse, DISUSE_IS_EFFECTIVE_ADDR(pDis->Param2.fUse), uErrorCode));
1603 if (uErrorCode != UINT32_MAX /* EPT+MMIO optimization */
1604 ? uErrorCode & X86_TRAP_PF_RW
1605 : DISUSE_IS_EFFECTIVE_ADDR(pDis->Param1.fUse))
1606 rc = iomInterpretMOVxXWrite(pVM, pVCpu, pCtxCore, pDis, pRange, GCPhysFault);
1607 else
1608 rc = iomInterpretMOVxXRead(pVM, pVCpu, pCtxCore, pDis, pRange, GCPhysFault);
1609 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstMov, b);
1610 break;
1611 }
1612
1613
1614#ifdef IOM_WITH_MOVS_SUPPORT
1615 case OP_MOVSB:
1616 case OP_MOVSWD:
1617 {
1618 if (uErrorCode == UINT32_MAX)
1619 rc = VINF_IOM_R3_MMIO_READ_WRITE;
1620 else
1621 {
1622 STAM_PROFILE_ADV_START(&pVM->iom.s.StatRZInstMovs, c);
1623 PSTAMPROFILE pStat = NULL;
1624 rc = iomInterpretMOVS(pVM, !!(uErrorCode & X86_TRAP_PF_RW), pCtxCore, GCPhysFault, pDis, pRange, &pStat);
1625 STAM_PROFILE_ADV_STOP_EX(&pVM->iom.s.StatRZInstMovs, pStat, c);
1626 }
1627 break;
1628 }
1629#endif
1630
1631 case OP_STOSB:
1632 case OP_STOSWD:
1633 Assert(uErrorCode & X86_TRAP_PF_RW);
1634 STAM_PROFILE_START(&pVM->iom.s.StatRZInstStos, d);
1635 rc = iomInterpretSTOS(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1636 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstStos, d);
1637 break;
1638
1639 case OP_LODSB:
1640 case OP_LODSWD:
1641 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1642 STAM_PROFILE_START(&pVM->iom.s.StatRZInstLods, e);
1643 rc = iomInterpretLODS(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1644 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstLods, e);
1645 break;
1646
1647 case OP_CMP:
1648 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1649 STAM_PROFILE_START(&pVM->iom.s.StatRZInstCmp, f);
1650 rc = iomInterpretCMP(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1651 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstCmp, f);
1652 break;
1653
1654 case OP_AND:
1655 STAM_PROFILE_START(&pVM->iom.s.StatRZInstAnd, g);
1656 rc = iomInterpretOrXorAnd(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateAnd);
1657 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstAnd, g);
1658 break;
1659
1660 case OP_OR:
1661 STAM_PROFILE_START(&pVM->iom.s.StatRZInstOr, k);
1662 rc = iomInterpretOrXorAnd(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateOr);
1663 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstOr, k);
1664 break;
1665
1666 case OP_XOR:
1667 STAM_PROFILE_START(&pVM->iom.s.StatRZInstXor, m);
1668 rc = iomInterpretOrXorAnd(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange, EMEmulateXor);
1669 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstXor, m);
1670 break;
1671
1672 case OP_TEST:
1673 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1674 STAM_PROFILE_START(&pVM->iom.s.StatRZInstTest, h);
1675 rc = iomInterpretTEST(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1676 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstTest, h);
1677 break;
1678
1679 case OP_BT:
1680 Assert(!(uErrorCode & X86_TRAP_PF_RW) || uErrorCode == UINT32_MAX);
1681 STAM_PROFILE_START(&pVM->iom.s.StatRZInstBt, l);
1682 rc = iomInterpretBT(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1683 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstBt, l);
1684 break;
1685
1686 case OP_XCHG:
1687 STAM_PROFILE_START(&pVM->iom.s.StatRZInstXchg, i);
1688 rc = iomInterpretXCHG(pVM, pVCpu, pCtxCore, GCPhysFault, pDis, pRange);
1689 STAM_PROFILE_STOP(&pVM->iom.s.StatRZInstXchg, i);
1690 break;
1691
1692
1693 /*
1694 * The instruction isn't supported. Hand it on to ring-3.
1695 */
1696 default:
1697 STAM_COUNTER_INC(&pVM->iom.s.StatRZInstOther);
1698 rc = VINF_IOM_R3_MMIO_READ_WRITE;
1699 break;
1700 }
1701
1702 /*
1703 * On success advance EIP.
1704 */
1705 if (rc == VINF_SUCCESS)
1706 pCtxCore->rip += cbOp;
1707 else
1708 {
1709 STAM_COUNTER_INC(&pVM->iom.s.StatRZMMIOFailures);
1710#if defined(VBOX_WITH_STATISTICS) && !defined(IN_RING3)
1711 switch (rc)
1712 {
1713 case VINF_IOM_R3_MMIO_READ:
1714 case VINF_IOM_R3_MMIO_READ_WRITE:
1715 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1716 break;
1717 case VINF_IOM_R3_MMIO_WRITE:
1718 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
1719 break;
1720 }
1721#endif
1722 }
1723
1724 STAM_PROFILE_STOP(&pVM->iom.s.StatRZMMIOHandler, a);
1725 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1726 iomMmioReleaseRange(pVM, pRange);
1727 return rc;
1728}
1729
1730/**
1731 * \#PF Handler callback for MMIO ranges.
1732 *
1733 * @returns VBox status code (appropriate for GC return).
1734 * @param pVM Pointer to the VM.
1735 * @param uErrorCode CPU Error code.
1736 * @param pCtxCore Trap register frame.
1737 * @param pvFault The fault address (cr2).
1738 * @param GCPhysFault The GC physical address corresponding to pvFault.
1739 * @param pvUser Pointer to the MMIO ring-3 range entry.
1740 */
1741VMMDECL(int) IOMMMIOHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
1742{
1743 LogFlow(("IOMMMIOHandler: GCPhys=%RGp uErr=%#x pvFault=%RGv rip=%RGv\n",
1744 GCPhysFault, (uint32_t)uErrorCode, pvFault, (RTGCPTR)pCtxCore->rip));
1745 VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, VMMGetCpu(pVM), (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pvUser);
1746 return VBOXSTRICTRC_VAL(rcStrict);
1747}
1748
1749/**
1750 * Physical access handler for MMIO ranges.
1751 *
1752 * @returns VBox status code (appropriate for GC return).
1753 * @param pVM Pointer to the VM.
1754 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1755 * @param uErrorCode CPU Error code.
1756 * @param pCtxCore Trap register frame.
1757 * @param GCPhysFault The GC physical address.
1758 */
1759VMMDECL(VBOXSTRICTRC) IOMMMIOPhysHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pCtxCore, RTGCPHYS GCPhysFault)
1760{
1761 int rc2 = IOM_LOCK_SHARED(pVM); NOREF(rc2);
1762#ifndef IN_RING3
1763 if (rc2 == VERR_SEM_BUSY)
1764 return VINF_IOM_R3_MMIO_READ_WRITE;
1765#endif
1766 VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, pVCpu, (uint32_t)uErrorCode, pCtxCore, GCPhysFault,
1767 iomMmioGetRange(pVM, pVCpu, GCPhysFault));
1768 IOM_UNLOCK_SHARED(pVM);
1769 return VBOXSTRICTRC_VAL(rcStrict);
1770}
1771
1772
1773#ifdef IN_RING3
1774/**
1775 * \#PF Handler callback for MMIO ranges.
1776 *
1777 * @returns VINF_SUCCESS if the handler have carried out the operation.
1778 * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
1779 * @param pVM Pointer to the VM.
1780 * @param GCPhys The physical address the guest is writing to.
1781 * @param pvPhys The HC mapping of that address.
1782 * @param pvBuf What the guest is reading/writing.
1783 * @param cbBuf How much it's reading/writing.
1784 * @param enmAccessType The access type.
1785 * @param pvUser Pointer to the MMIO range entry.
1786 */
1787DECLCALLBACK(int) IOMR3MMIOHandler(PVM pVM, RTGCPHYS GCPhysFault, void *pvPhys, void *pvBuf, size_t cbBuf,
1788 PGMACCESSTYPE enmAccessType, void *pvUser)
1789{
1790 PVMCPU pVCpu = VMMGetCpu(pVM);
1791 PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
1792 STAM_COUNTER_INC(&pVM->iom.s.StatR3MMIOHandler);
1793
1794 AssertMsg(cbBuf == 1 || cbBuf == 2 || cbBuf == 4 || cbBuf == 8, ("%zu\n", cbBuf));
1795 AssertPtr(pRange);
1796 NOREF(pvPhys);
1797
1798 /*
1799 * Validate the range.
1800 */
1801 int rc = IOM_LOCK_SHARED(pVM);
1802 AssertRC(rc);
1803 Assert(pRange == iomMmioGetRange(pVM, pVCpu, GCPhysFault));
1804
1805 /*
1806 * Perform locking.
1807 */
1808 iomMmioRetainRange(pRange);
1809 PPDMDEVINS pDevIns = pRange->CTX_SUFF(pDevIns);
1810 IOM_UNLOCK_SHARED(pVM);
1811 rc = PDMCritSectEnter(pDevIns->CTX_SUFF(pCritSectRo), VINF_IOM_R3_MMIO_READ_WRITE);
1812 if (rc != VINF_SUCCESS)
1813 {
1814 iomMmioReleaseRange(pVM, pRange);
1815 return rc;
1816 }
1817
1818 /*
1819 * Perform the access.
1820 */
1821 if (enmAccessType == PGMACCESSTYPE_READ)
1822 rc = iomMMIODoRead(pVM, pVCpu, pRange, GCPhysFault, pvBuf, (unsigned)cbBuf);
1823 else
1824 rc = iomMMIODoWrite(pVM, pVCpu, pRange, GCPhysFault, pvBuf, (unsigned)cbBuf);
1825
1826 AssertRC(rc);
1827 iomMmioReleaseRange(pVM, pRange);
1828 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1829 return rc;
1830}
1831#endif /* IN_RING3 */
1832
1833
1834/**
1835 * Reads a MMIO register.
1836 *
1837 * @returns VBox status code.
1838 *
1839 * @param pVM Pointer to the VM.
1840 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1841 * @param GCPhys The physical address to read.
1842 * @param pu32Value Where to store the value read.
1843 * @param cbValue The size of the register to read in bytes. 1, 2 or 4 bytes.
1844 */
1845VMMDECL(VBOXSTRICTRC) IOMMMIORead(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, uint32_t *pu32Value, size_t cbValue)
1846{
1847 /* Take the IOM lock before performing any MMIO. */
1848 VBOXSTRICTRC rc = IOM_LOCK_SHARED(pVM);
1849#ifndef IN_RING3
1850 if (rc == VERR_SEM_BUSY)
1851 return VINF_IOM_R3_MMIO_WRITE;
1852#endif
1853 AssertRC(VBOXSTRICTRC_VAL(rc));
1854#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
1855 IEMNotifyMMIORead(pVM, GCPhys, cbValue);
1856#endif
1857
1858 /*
1859 * Lookup the current context range node and statistics.
1860 */
1861 PIOMMMIORANGE pRange = iomMmioGetRange(pVM, pVCpu, GCPhys);
1862 if (!pRange)
1863 {
1864 AssertMsgFailed(("Handlers and page tables are out of sync or something! GCPhys=%RGp cbValue=%d\n", GCPhys, cbValue));
1865 IOM_UNLOCK_SHARED(pVM);
1866 return VERR_IOM_MMIO_RANGE_NOT_FOUND;
1867 }
1868 iomMmioRetainRange(pRange);
1869#ifndef VBOX_WITH_STATISTICS
1870 IOM_UNLOCK_SHARED(pVM);
1871
1872#else /* VBOX_WITH_STATISTICS */
1873 PIOMMMIOSTATS pStats = iomMmioGetStats(pVM, pVCpu, GCPhys, pRange);
1874 if (!pStats)
1875 {
1876 iomMmioReleaseRange(pVM, pRange);
1877# ifdef IN_RING3
1878 return VERR_NO_MEMORY;
1879# else
1880 return VINF_IOM_R3_MMIO_READ;
1881# endif
1882 }
1883 STAM_COUNTER_INC(&pStats->Accesses);
1884#endif /* VBOX_WITH_STATISTICS */
1885
1886 if (pRange->CTX_SUFF(pfnReadCallback))
1887 {
1888 /*
1889 * Perform locking.
1890 */
1891 PPDMDEVINS pDevIns = pRange->CTX_SUFF(pDevIns);
1892 rc = PDMCritSectEnter(pDevIns->CTX_SUFF(pCritSectRo), VINF_IOM_R3_MMIO_WRITE);
1893 if (rc != VINF_SUCCESS)
1894 {
1895 iomMmioReleaseRange(pVM, pRange);
1896 return rc;
1897 }
1898
1899 /*
1900 * Perform the read and deal with the result.
1901 */
1902 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a);
1903 if ( (cbValue == 4 && !(GCPhys & 3))
1904 || (pRange->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_PASSTHRU
1905 || (cbValue == 8 && !(GCPhys & 7)) )
1906 rc = pRange->CTX_SUFF(pfnReadCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser), GCPhys,
1907 pu32Value, (unsigned)cbValue);
1908 else
1909 rc = iomMMIODoComplicatedRead(pVM, pRange, GCPhys, pu32Value, (unsigned)cbValue);
1910 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
1911 switch (VBOXSTRICTRC_VAL(rc))
1912 {
1913 case VINF_SUCCESS:
1914 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=VINF_SUCCESS\n", GCPhys, *pu32Value, cbValue));
1915 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1916 iomMmioReleaseRange(pVM, pRange);
1917 return rc;
1918#ifndef IN_RING3
1919 case VINF_IOM_R3_MMIO_READ:
1920 case VINF_IOM_R3_MMIO_READ_WRITE:
1921 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1922#endif
1923 default:
1924 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, VBOXSTRICTRC_VAL(rc)));
1925 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1926 iomMmioReleaseRange(pVM, pRange);
1927 return rc;
1928
1929 case VINF_IOM_MMIO_UNUSED_00:
1930 iomMMIODoRead00s(pu32Value, cbValue);
1931 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, VBOXSTRICTRC_VAL(rc)));
1932 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1933 iomMmioReleaseRange(pVM, pRange);
1934 return VINF_SUCCESS;
1935
1936 case VINF_IOM_MMIO_UNUSED_FF:
1937 iomMMIODoReadFFs(pu32Value, cbValue);
1938 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, *pu32Value, cbValue, VBOXSTRICTRC_VAL(rc)));
1939 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
1940 iomMmioReleaseRange(pVM, pRange);
1941 return VINF_SUCCESS;
1942 }
1943 /* not reached */
1944 }
1945#ifndef IN_RING3
1946 if (pRange->pfnReadCallbackR3)
1947 {
1948 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Read,ToR3));
1949 iomMmioReleaseRange(pVM, pRange);
1950 return VINF_IOM_R3_MMIO_READ;
1951 }
1952#endif
1953
1954 /*
1955 * Unassigned memory - this is actually not supposed t happen...
1956 */
1957 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfRead), a); /** @todo STAM_PROFILE_ADD_ZERO_PERIOD */
1958 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), a);
1959 iomMMIODoReadFFs(pu32Value, cbValue);
1960 Log4(("IOMMMIORead: GCPhys=%RGp *pu32=%08RX32 cb=%d rc=VINF_SUCCESS\n", GCPhys, *pu32Value, cbValue));
1961 iomMmioReleaseRange(pVM, pRange);
1962 return VINF_SUCCESS;
1963}
1964
1965
1966/**
1967 * Writes to a MMIO register.
1968 *
1969 * @returns VBox status code.
1970 *
1971 * @param pVM Pointer to the VM.
1972 * @param pVCpu Pointer to the virtual CPU structure of the caller.
1973 * @param GCPhys The physical address to write to.
1974 * @param u32Value The value to write.
1975 * @param cbValue The size of the register to read in bytes. 1, 2 or 4 bytes.
1976 */
1977VMMDECL(VBOXSTRICTRC) IOMMMIOWrite(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, uint32_t u32Value, size_t cbValue)
1978{
1979 /* Take the IOM lock before performing any MMIO. */
1980 VBOXSTRICTRC rc = IOM_LOCK_SHARED(pVM);
1981#ifndef IN_RING3
1982 if (rc == VERR_SEM_BUSY)
1983 return VINF_IOM_R3_MMIO_WRITE;
1984#endif
1985 AssertRC(VBOXSTRICTRC_VAL(rc));
1986#if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
1987 IEMNotifyMMIOWrite(pVM, GCPhys, u32Value, cbValue);
1988#endif
1989
1990 /*
1991 * Lookup the current context range node.
1992 */
1993 PIOMMMIORANGE pRange = iomMmioGetRange(pVM, pVCpu, GCPhys);
1994 if (!pRange)
1995 {
1996 AssertMsgFailed(("Handlers and page tables are out of sync or something! GCPhys=%RGp cbValue=%d\n", GCPhys, cbValue));
1997 IOM_UNLOCK_SHARED(pVM);
1998 return VERR_IOM_MMIO_RANGE_NOT_FOUND;
1999 }
2000 iomMmioRetainRange(pRange);
2001#ifndef VBOX_WITH_STATISTICS
2002 IOM_UNLOCK_SHARED(pVM);
2003
2004#else /* VBOX_WITH_STATISTICS */
2005 PIOMMMIOSTATS pStats = iomMmioGetStats(pVM, pVCpu, GCPhys, pRange);
2006 if (!pStats)
2007 {
2008 iomMmioReleaseRange(pVM, pRange);
2009# ifdef IN_RING3
2010 return VERR_NO_MEMORY;
2011# else
2012 return VINF_IOM_R3_MMIO_WRITE;
2013# endif
2014 }
2015 STAM_COUNTER_INC(&pStats->Accesses);
2016#endif /* VBOX_WITH_STATISTICS */
2017
2018 if (pRange->CTX_SUFF(pfnWriteCallback))
2019 {
2020 /*
2021 * Perform locking.
2022 */
2023 PPDMDEVINS pDevIns = pRange->CTX_SUFF(pDevIns);
2024 rc = PDMCritSectEnter(pDevIns->CTX_SUFF(pCritSectRo), VINF_IOM_R3_MMIO_READ);
2025 if (rc != VINF_SUCCESS)
2026 {
2027 iomMmioReleaseRange(pVM, pRange);
2028 return rc;
2029 }
2030
2031 /*
2032 * Perform the write.
2033 */
2034 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
2035 if ( (cbValue == 4 && !(GCPhys & 3))
2036 || (pRange->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_PASSTHRU
2037 || (cbValue == 8 && !(GCPhys & 7)) )
2038 rc = pRange->CTX_SUFF(pfnWriteCallback)(pRange->CTX_SUFF(pDevIns), pRange->CTX_SUFF(pvUser),
2039 GCPhys, &u32Value, (unsigned)cbValue);
2040 else
2041 rc = iomMMIODoComplicatedWrite(pVM, pRange, GCPhys, &u32Value, (unsigned)cbValue);
2042 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
2043#ifndef IN_RING3
2044 if ( rc == VINF_IOM_R3_MMIO_WRITE
2045 || rc == VINF_IOM_R3_MMIO_READ_WRITE)
2046 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
2047#endif
2048 Log4(("IOMMMIOWrite: GCPhys=%RGp u32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, u32Value, cbValue, VBOXSTRICTRC_VAL(rc)));
2049 iomMmioReleaseRange(pVM, pRange);
2050 PDMCritSectLeave(pDevIns->CTX_SUFF(pCritSectRo));
2051 return rc;
2052 }
2053#ifndef IN_RING3
2054 if (pRange->pfnWriteCallbackR3)
2055 {
2056 STAM_COUNTER_INC(&pStats->CTX_MID_Z(Write,ToR3));
2057 iomMmioReleaseRange(pVM, pRange);
2058 return VINF_IOM_R3_MMIO_WRITE;
2059 }
2060#endif
2061
2062 /*
2063 * No write handler, nothing to do.
2064 */
2065 STAM_PROFILE_START(&pStats->CTX_SUFF_Z(ProfWrite), a);
2066 STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), a);
2067 Log4(("IOMMMIOWrite: GCPhys=%RGp u32=%08RX32 cb=%d rc=%Rrc\n", GCPhys, u32Value, cbValue, VINF_SUCCESS));
2068 iomMmioReleaseRange(pVM, pRange);
2069 return VINF_SUCCESS;
2070}
2071
2072
2073/**
2074 * [REP*] INSB/INSW/INSD
2075 * ES:EDI,DX[,ECX]
2076 *
2077 * @remark Assumes caller checked the access privileges (IOMInterpretCheckPortIOAccess)
2078 *
2079 * @returns Strict VBox status code. Informational status codes other than the one documented
2080 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
2081 * @retval VINF_SUCCESS Success.
2082 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
2083 * status code must be passed on to EM.
2084 * @retval VINF_IOM_R3_IOPORT_READ Defer the read to ring-3. (R0/GC only)
2085 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the read to the REM.
2086 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
2087 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
2088 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
2089 *
2090 * @param pVM The virtual machine.
2091 * @param pVCpu Pointer to the virtual CPU structure of the caller.
2092 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
2093 * @param uPort IO Port
2094 * @param uPrefix IO instruction prefix
2095 * @param enmAddrMode The address mode.
2096 * @param cbTransfer Size of transfer unit
2097 */
2098VMMDECL(VBOXSTRICTRC) IOMInterpretINSEx(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t uPort, uint32_t uPrefix,
2099 DISCPUMODE enmAddrMode, uint32_t cbTransfer)
2100{
2101 STAM_COUNTER_INC(&pVM->iom.s.StatInstIns);
2102
2103 /*
2104 * We do not support REPNE or decrementing destination
2105 * pointer. Segment prefixes are deliberately ignored, as per the instruction specification.
2106 */
2107 if ( (uPrefix & DISPREFIX_REPNE)
2108 || pRegFrame->eflags.Bits.u1DF)
2109 return VINF_EM_RAW_EMULATE_INSTR;
2110
2111 /*
2112 * Get bytes/words/dwords count to transfer.
2113 */
2114 uint64_t const fAddrMask = iomDisModeToMask(enmAddrMode);
2115 RTGCUINTREG cTransfers = 1;
2116 if (uPrefix & DISPREFIX_REP)
2117 {
2118#ifndef IN_RC
2119 if ( CPUMIsGuestIn64BitCode(pVCpu)
2120 && pRegFrame->rcx >= _4G)
2121 return VINF_EM_RAW_EMULATE_INSTR;
2122#endif
2123 cTransfers = pRegFrame->rcx & fAddrMask;
2124 if (!cTransfers)
2125 return VINF_SUCCESS;
2126 }
2127
2128 /* Convert destination address es:edi. */
2129 RTGCPTR GCPtrDst;
2130 int rc2 = SELMToFlatEx(pVCpu, DISSELREG_ES, pRegFrame, pRegFrame->rdi & fAddrMask,
2131 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
2132 &GCPtrDst);
2133 if (RT_FAILURE(rc2))
2134 {
2135 Log(("INS destination address conversion failed -> fallback, rc2=%d\n", rc2));
2136 return VINF_EM_RAW_EMULATE_INSTR;
2137 }
2138
2139 /* Access verification first; we can't recover from traps inside this instruction, as the port read cannot be repeated. */
2140 uint32_t const cpl = CPUMGetGuestCPL(pVCpu);
2141 rc2 = PGMVerifyAccess(pVCpu, (RTGCUINTPTR)GCPtrDst, cTransfers * cbTransfer,
2142 X86_PTE_RW | ((cpl == 3) ? X86_PTE_US : 0));
2143 if (rc2 != VINF_SUCCESS)
2144 {
2145 Log(("INS will generate a trap -> fallback, rc2=%d\n", rc2));
2146 return VINF_EM_RAW_EMULATE_INSTR;
2147 }
2148
2149 Log(("IOM: rep ins%d port %#x count %d\n", cbTransfer * 8, uPort, cTransfers));
2150 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
2151 if (cTransfers > 1)
2152 {
2153 /* If the device supports string transfers, ask it to do as
2154 * much as it wants. The rest is done with single-word transfers. */
2155 const RTGCUINTREG cTransfersOrg = cTransfers;
2156 rcStrict = IOMIOPortReadString(pVM, pVCpu, uPort, &GCPtrDst, &cTransfers, cbTransfer);
2157 AssertRC(VBOXSTRICTRC_VAL(rcStrict)); Assert(cTransfers <= cTransfersOrg);
2158 pRegFrame->rdi = ((pRegFrame->rdi + (cTransfersOrg - cTransfers) * cbTransfer) & fAddrMask)
2159 | (pRegFrame->rdi & ~fAddrMask);
2160 }
2161
2162#ifdef IN_RC
2163 MMGCRamRegisterTrapHandler(pVM);
2164#endif
2165 while (cTransfers && rcStrict == VINF_SUCCESS)
2166 {
2167 uint32_t u32Value;
2168 rcStrict = IOMIOPortRead(pVM, pVCpu, uPort, &u32Value, cbTransfer);
2169 if (!IOM_SUCCESS(rcStrict))
2170 break;
2171 rc2 = iomRamWrite(pVCpu, pRegFrame, GCPtrDst, &u32Value, cbTransfer);
2172 Assert(rc2 == VINF_SUCCESS); NOREF(rc2);
2173 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + cbTransfer);
2174 pRegFrame->rdi = ((pRegFrame->rdi + cbTransfer) & fAddrMask)
2175 | (pRegFrame->rdi & ~fAddrMask);
2176 cTransfers--;
2177 }
2178#ifdef IN_RC
2179 MMGCRamDeregisterTrapHandler(pVM);
2180#endif
2181
2182 /* Update rcx on exit. */
2183 if (uPrefix & DISPREFIX_REP)
2184 pRegFrame->rcx = (cTransfers & fAddrMask)
2185 | (pRegFrame->rcx & ~fAddrMask);
2186
2187 AssertMsg(rcStrict == VINF_SUCCESS || rcStrict == VINF_IOM_R3_IOPORT_READ || (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST) || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
2188 return rcStrict;
2189}
2190
2191
2192#if !defined(VBOX_WITH_FIRST_IEM_STEP) || defined(IN_RC) /* Latter for IOMRCIOPortHandler */
2193/**
2194 * [REP*] INSB/INSW/INSD
2195 * ES:EDI,DX[,ECX]
2196 *
2197 * @returns Strict VBox status code. Informational status codes other than the one documented
2198 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
2199 * @retval VINF_SUCCESS Success.
2200 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
2201 * status code must be passed on to EM.
2202 * @retval VINF_IOM_R3_IOPORT_READ Defer the read to ring-3. (R0/GC only)
2203 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the read to the REM.
2204 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
2205 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
2206 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
2207 *
2208 * @param pVM The virtual machine.
2209 * @param pVCpu Pointer to the virtual CPU structure of the caller.
2210 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
2211 * @param pCpu Disassembler CPU state.
2212 */
2213VMMDECL(VBOXSTRICTRC) IOMInterpretINS(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu)
2214{
2215 /*
2216 * Get port number directly from the register (no need to bother the
2217 * disassembler). And get the I/O register size from the opcode / prefix.
2218 */
2219 RTIOPORT Port = pRegFrame->edx & 0xffff;
2220 unsigned cb = 0;
2221 if (pCpu->pCurInstr->uOpcode == OP_INSB)
2222 cb = 1;
2223 else
2224 cb = (pCpu->uOpMode == DISCPUMODE_16BIT) ? 2 : 4; /* dword in both 32 & 64 bits mode */
2225
2226 VBOXSTRICTRC rcStrict = IOMInterpretCheckPortIOAccess(pVM, pRegFrame, Port, cb);
2227 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2228 {
2229 AssertMsg(rcStrict == VINF_EM_RAW_GUEST_TRAP || rcStrict == VINF_TRPM_XCPT_DISPATCHED || rcStrict == VINF_TRPM_XCPT_DISPATCHED || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
2230 return rcStrict;
2231 }
2232
2233 return IOMInterpretINSEx(pVM, pVCpu, pRegFrame, Port, pCpu->fPrefix, (DISCPUMODE)pCpu->uAddrMode, cb);
2234}
2235#endif /* !IEM || RC */
2236
2237
2238/**
2239 * [REP*] OUTSB/OUTSW/OUTSD
2240 * DS:ESI,DX[,ECX]
2241 *
2242 * @remark Assumes caller checked the access privileges (IOMInterpretCheckPortIOAccess)
2243 *
2244 * @returns Strict VBox status code. Informational status codes other than the one documented
2245 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
2246 * @retval VINF_SUCCESS Success.
2247 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
2248 * status code must be passed on to EM.
2249 * @retval VINF_IOM_R3_IOPORT_WRITE Defer the write to ring-3. (R0/GC only)
2250 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
2251 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
2252 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
2253 *
2254 * @param pVM The virtual machine.
2255 * @param pVCpu Pointer to the virtual CPU structure of the caller.
2256 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
2257 * @param uPort IO Port
2258 * @param uPrefix IO instruction prefix
2259 * @param enmAddrMode The address mode.
2260 * @param cbTransfer Size of transfer unit
2261 */
2262VMMDECL(VBOXSTRICTRC) IOMInterpretOUTSEx(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t uPort, uint32_t uPrefix,
2263 DISCPUMODE enmAddrMode, uint32_t cbTransfer)
2264{
2265 STAM_COUNTER_INC(&pVM->iom.s.StatInstOuts);
2266
2267 /*
2268 * We do not support segment prefixes, REPNE or
2269 * decrementing source pointer.
2270 */
2271 if ( (uPrefix & (DISPREFIX_SEG | DISPREFIX_REPNE))
2272 || pRegFrame->eflags.Bits.u1DF)
2273 return VINF_EM_RAW_EMULATE_INSTR;
2274
2275 /*
2276 * Get bytes/words/dwords count to transfer.
2277 */
2278 uint64_t const fAddrMask = iomDisModeToMask(enmAddrMode);
2279 RTGCUINTREG cTransfers = 1;
2280 if (uPrefix & DISPREFIX_REP)
2281 {
2282#ifndef IN_RC
2283 if ( CPUMIsGuestIn64BitCode(pVCpu)
2284 && pRegFrame->rcx >= _4G)
2285 return VINF_EM_RAW_EMULATE_INSTR;
2286#endif
2287 cTransfers = pRegFrame->rcx & fAddrMask;
2288 if (!cTransfers)
2289 return VINF_SUCCESS;
2290 }
2291
2292 /* Convert source address ds:esi. */
2293 RTGCPTR GCPtrSrc;
2294 int rc2 = SELMToFlatEx(pVCpu, DISSELREG_DS, pRegFrame, pRegFrame->rsi & fAddrMask,
2295 SELMTOFLAT_FLAGS_HYPER | SELMTOFLAT_FLAGS_NO_PL,
2296 &GCPtrSrc);
2297 if (RT_FAILURE(rc2))
2298 {
2299 Log(("OUTS source address conversion failed -> fallback, rc2=%Rrc\n", rc2));
2300 return VINF_EM_RAW_EMULATE_INSTR;
2301 }
2302
2303 /* Access verification first; we currently can't recover properly from traps inside this instruction */
2304 uint32_t const cpl = CPUMGetGuestCPL(pVCpu);
2305 rc2 = PGMVerifyAccess(pVCpu, (RTGCUINTPTR)GCPtrSrc, cTransfers * cbTransfer,
2306 (cpl == 3) ? X86_PTE_US : 0);
2307 if (rc2 != VINF_SUCCESS)
2308 {
2309 Log(("OUTS will generate a trap -> fallback, rc2=%Rrc\n", rc2));
2310 return VINF_EM_RAW_EMULATE_INSTR;
2311 }
2312
2313 Log(("IOM: rep outs%d port %#x count %d\n", cbTransfer * 8, uPort, cTransfers));
2314 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
2315 if (cTransfers > 1)
2316 {
2317 /*
2318 * If the device supports string transfers, ask it to do as
2319 * much as it wants. The rest is done with single-word transfers.
2320 */
2321 const RTGCUINTREG cTransfersOrg = cTransfers;
2322 rcStrict = IOMIOPortWriteString(pVM, pVCpu, uPort, &GCPtrSrc, &cTransfers, cbTransfer);
2323 AssertRC(VBOXSTRICTRC_VAL(rcStrict)); Assert(cTransfers <= cTransfersOrg);
2324 pRegFrame->rsi = ((pRegFrame->rsi + (cTransfersOrg - cTransfers) * cbTransfer) & fAddrMask)
2325 | (pRegFrame->rsi & ~fAddrMask);
2326 }
2327
2328#ifdef IN_RC
2329 MMGCRamRegisterTrapHandler(pVM);
2330#endif
2331
2332 while (cTransfers && rcStrict == VINF_SUCCESS)
2333 {
2334 uint32_t u32Value = 0;
2335 rcStrict = iomRamRead(pVCpu, &u32Value, GCPtrSrc, cbTransfer);
2336 if (rcStrict != VINF_SUCCESS)
2337 break;
2338 rcStrict = IOMIOPortWrite(pVM, pVCpu, uPort, u32Value, cbTransfer);
2339 if (!IOM_SUCCESS(rcStrict))
2340 break;
2341 GCPtrSrc = (RTGCPTR)((RTUINTPTR)GCPtrSrc + cbTransfer);
2342 pRegFrame->rsi = ((pRegFrame->rsi + cbTransfer) & fAddrMask)
2343 | (pRegFrame->rsi & ~fAddrMask);
2344 cTransfers--;
2345 }
2346
2347#ifdef IN_RC
2348 MMGCRamDeregisterTrapHandler(pVM);
2349#endif
2350
2351 /* Update rcx on exit. */
2352 if (uPrefix & DISPREFIX_REP)
2353 pRegFrame->rcx = (cTransfers & fAddrMask)
2354 | (pRegFrame->rcx & ~fAddrMask);
2355
2356 AssertMsg(rcStrict == VINF_SUCCESS || rcStrict == VINF_IOM_R3_IOPORT_WRITE || (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST) || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
2357 return rcStrict;
2358}
2359
2360
2361#if !defined(VBOX_WITH_FIRST_IEM_STEP) || defined(IN_RC) /* Latter for IOMRCIOPortHandler */
2362/**
2363 * [REP*] OUTSB/OUTSW/OUTSD
2364 * DS:ESI,DX[,ECX]
2365 *
2366 * @returns Strict VBox status code. Informational status codes other than the one documented
2367 * here are to be treated as internal failure. Use IOM_SUCCESS() to check for success.
2368 * @retval VINF_SUCCESS Success.
2369 * @retval VINF_EM_FIRST-VINF_EM_LAST Success with some exceptions (see IOM_SUCCESS()), the
2370 * status code must be passed on to EM.
2371 * @retval VINF_IOM_R3_IOPORT_WRITE Defer the write to ring-3. (R0/GC only)
2372 * @retval VINF_EM_RAW_EMULATE_INSTR Defer the write to the REM.
2373 * @retval VINF_EM_RAW_GUEST_TRAP The exception was left pending. (TRPMRaiseXcptErr)
2374 * @retval VINF_TRPM_XCPT_DISPATCHED The exception was raised and dispatched for raw-mode execution. (TRPMRaiseXcptErr)
2375 * @retval VINF_EM_RESCHEDULE_REM The exception was dispatched and cannot be executed in raw-mode. (TRPMRaiseXcptErr)
2376 *
2377 * @param pVM The virtual machine.
2378 * @param pVCpu Pointer to the virtual CPU structure of the caller.
2379 * @param pRegFrame Pointer to CPUMCTXCORE guest registers structure.
2380 * @param pCpu Disassembler CPU state.
2381 */
2382VMMDECL(VBOXSTRICTRC) IOMInterpretOUTS(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu)
2383{
2384 /*
2385 * Get port number from the first parameter.
2386 * And get the I/O register size from the opcode / prefix.
2387 */
2388 uint64_t Port = 0;
2389 unsigned cb = 0;
2390 bool fRc = iomGetRegImmData(pCpu, &pCpu->Param1, pRegFrame, &Port, &cb);
2391 AssertMsg(fRc, ("Failed to get reg/imm port number!\n")); NOREF(fRc);
2392 if (pCpu->pCurInstr->uOpcode == OP_OUTSB)
2393 cb = 1;
2394 else
2395 cb = (pCpu->uOpMode == DISCPUMODE_16BIT) ? 2 : 4; /* dword in both 32 & 64 bits mode */
2396
2397 VBOXSTRICTRC rcStrict = IOMInterpretCheckPortIOAccess(pVM, pRegFrame, Port, cb);
2398 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2399 {
2400 AssertMsg(rcStrict == VINF_EM_RAW_GUEST_TRAP || rcStrict == VINF_TRPM_XCPT_DISPATCHED || rcStrict == VINF_TRPM_XCPT_DISPATCHED || RT_FAILURE(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
2401 return rcStrict;
2402 }
2403
2404 return IOMInterpretOUTSEx(pVM, pVCpu, pRegFrame, Port, pCpu->fPrefix, (DISCPUMODE)pCpu->uAddrMode, cb);
2405}
2406#endif /* !IEM || RC */
2407
2408#ifndef IN_RC
2409
2410/**
2411 * Mapping an MMIO2 page in place of an MMIO page for direct access.
2412 *
2413 * (This is a special optimization used by the VGA device.)
2414 *
2415 * @returns VBox status code. This API may return VINF_SUCCESS even if no
2416 * remapping is made,.
2417 *
2418 * @param pVM The virtual machine.
2419 * @param GCPhys The address of the MMIO page to be changed.
2420 * @param GCPhysRemapped The address of the MMIO2 page.
2421 * @param fPageFlags Page flags to set. Must be (X86_PTE_RW | X86_PTE_P)
2422 * for the time being.
2423 */
2424VMMDECL(int) IOMMMIOMapMMIO2Page(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS GCPhysRemapped, uint64_t fPageFlags)
2425{
2426 /* Currently only called from the VGA device during MMIO. */
2427 Log(("IOMMMIOMapMMIO2Page %RGp -> %RGp flags=%RX64\n", GCPhys, GCPhysRemapped, fPageFlags));
2428 AssertReturn(fPageFlags == (X86_PTE_RW | X86_PTE_P), VERR_INVALID_PARAMETER);
2429 PVMCPU pVCpu = VMMGetCpu(pVM);
2430
2431 /* This currently only works in real mode, protected mode without paging or with nested paging. */
2432 if ( !HMIsEnabled(pVM) /* useless without VT-x/AMD-V */
2433 || ( CPUMIsGuestInPagedProtectedMode(pVCpu)
2434 && !HMIsNestedPagingActive(pVM)))
2435 return VINF_SUCCESS; /* ignore */
2436
2437 int rc = IOM_LOCK_SHARED(pVM);
2438 if (RT_FAILURE(rc))
2439 return VINF_SUCCESS; /* better luck the next time around */
2440
2441 /*
2442 * Lookup the context range node the page belongs to.
2443 */
2444 PIOMMMIORANGE pRange = iomMmioGetRange(pVM, pVCpu, GCPhys);
2445 AssertMsgReturn(pRange,
2446 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
2447
2448 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
2449 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
2450
2451 /*
2452 * Do the aliasing; page align the addresses since PGM is picky.
2453 */
2454 GCPhys &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
2455 GCPhysRemapped &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
2456
2457 rc = PGMHandlerPhysicalPageAlias(pVM, pRange->GCPhys, GCPhys, GCPhysRemapped);
2458
2459 IOM_UNLOCK_SHARED(pVM);
2460 AssertRCReturn(rc, rc);
2461
2462 /*
2463 * Modify the shadow page table. Since it's an MMIO page it won't be present and we
2464 * can simply prefetch it.
2465 *
2466 * Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
2467 */
2468#if 0 /* The assertion is wrong for the PGM_SYNC_CLEAR_PGM_POOL and VINF_PGM_HANDLER_ALREADY_ALIASED cases. */
2469# ifdef VBOX_STRICT
2470 uint64_t fFlags;
2471 RTHCPHYS HCPhys;
2472 rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
2473 Assert(rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2474# endif
2475#endif
2476 rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
2477 Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2478 return VINF_SUCCESS;
2479}
2480
2481
2482/**
2483 * Mapping a HC page in place of an MMIO page for direct access.
2484 *
2485 * (This is a special optimization used by the APIC in the VT-x case.)
2486 *
2487 * @returns VBox status code.
2488 *
2489 * @param pVM Pointer to the VM.
2490 * @param pVCpu Pointer to the VMCPU.
2491 * @param GCPhys The address of the MMIO page to be changed.
2492 * @param HCPhys The address of the host physical page.
2493 * @param fPageFlags Page flags to set. Must be (X86_PTE_RW | X86_PTE_P)
2494 * for the time being.
2495 */
2496VMMDECL(int) IOMMMIOMapMMIOHCPage(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, RTHCPHYS HCPhys, uint64_t fPageFlags)
2497{
2498 /* Currently only called from VT-x code during a page fault. */
2499 Log(("IOMMMIOMapMMIOHCPage %RGp -> %RGp flags=%RX64\n", GCPhys, HCPhys, fPageFlags));
2500
2501 AssertReturn(fPageFlags == (X86_PTE_RW | X86_PTE_P), VERR_INVALID_PARAMETER);
2502 Assert(HMIsEnabled(pVM));
2503
2504 /*
2505 * Lookup the context range node the page belongs to.
2506 */
2507#ifdef VBOX_STRICT
2508 /* Can't lock IOM here due to potential deadlocks in the VGA device; not safe to access. */
2509 PIOMMMIORANGE pRange = iomMMIOGetRangeUnsafe(pVM, pVCpu, GCPhys);
2510 AssertMsgReturn(pRange,
2511 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
2512 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
2513 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
2514#endif
2515
2516 /*
2517 * Do the aliasing; page align the addresses since PGM is picky.
2518 */
2519 GCPhys &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
2520 HCPhys &= ~(RTHCPHYS)PAGE_OFFSET_MASK;
2521
2522 int rc = PGMHandlerPhysicalPageAliasHC(pVM, GCPhys, GCPhys, HCPhys);
2523 AssertRCReturn(rc, rc);
2524
2525 /*
2526 * Modify the shadow page table. Since it's an MMIO page it won't be present and we
2527 * can simply prefetch it.
2528 *
2529 * Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
2530 */
2531 rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
2532 Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2533 return VINF_SUCCESS;
2534}
2535
2536
2537/**
2538 * Reset a previously modified MMIO region; restore the access flags.
2539 *
2540 * @returns VBox status code.
2541 *
2542 * @param pVM The virtual machine.
2543 * @param GCPhys Physical address that's part of the MMIO region to be reset.
2544 */
2545VMMDECL(int) IOMMMIOResetRegion(PVM pVM, RTGCPHYS GCPhys)
2546{
2547 Log(("IOMMMIOResetRegion %RGp\n", GCPhys));
2548
2549 PVMCPU pVCpu = VMMGetCpu(pVM);
2550
2551 /* This currently only works in real mode, protected mode without paging or with nested paging. */
2552 if ( !HMIsEnabled(pVM) /* useless without VT-x/AMD-V */
2553 || ( CPUMIsGuestInPagedProtectedMode(pVCpu)
2554 && !HMIsNestedPagingActive(pVM)))
2555 return VINF_SUCCESS; /* ignore */
2556
2557 /*
2558 * Lookup the context range node the page belongs to.
2559 */
2560#ifdef VBOX_STRICT
2561 /* Can't lock IOM here due to potential deadlocks in the VGA device; not safe to access. */
2562 PIOMMMIORANGE pRange = iomMMIOGetRangeUnsafe(pVM, pVCpu, GCPhys);
2563 AssertMsgReturn(pRange,
2564 ("Handlers and page tables are out of sync or something! GCPhys=%RGp\n", GCPhys), VERR_IOM_MMIO_RANGE_NOT_FOUND);
2565 Assert((pRange->GCPhys & PAGE_OFFSET_MASK) == 0);
2566 Assert((pRange->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
2567#endif
2568
2569 /*
2570 * Call PGM to do the job work.
2571 *
2572 * After the call, all the pages should be non-present... unless there is
2573 * a page pool flush pending (unlikely).
2574 */
2575 int rc = PGMHandlerPhysicalReset(pVM, GCPhys);
2576 AssertRC(rc);
2577
2578#ifdef VBOX_STRICT
2579 if (!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3))
2580 {
2581 uint32_t cb = pRange->cb;
2582 GCPhys = pRange->GCPhys;
2583 while (cb)
2584 {
2585 uint64_t fFlags;
2586 RTHCPHYS HCPhys;
2587 rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
2588 Assert(rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
2589 cb -= PAGE_SIZE;
2590 GCPhys += PAGE_SIZE;
2591 }
2592 }
2593#endif
2594 return rc;
2595}
2596
2597#endif /* !IN_RC */
2598
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette