VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMGC/TRPMGCHandlers.cpp@ 19288

Last change on this file since 19288 was 19288, checked in by vboxsync, 16 years ago

DBGF,TRPM,HWACCM: Merged DBGFR0.cpp and DBGFGC.cpp into VMMRZ/DBGFRZ.cpp (new directory for things that are common to both R0 and RC).
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 45.7 KB
Line 
1/* $Id: TRPMGCHandlers.cpp 19288 2009-05-01 13:09:18Z vboxsync $ */
2/** @file
3 * TRPM - Guest Context Trap Handlers, CPP part
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22
23/*******************************************************************************
24* Header Files *
25*******************************************************************************/
26#define LOG_GROUP LOG_GROUP_TRPM
27#include <VBox/selm.h>
28#include <VBox/iom.h>
29#include <VBox/pgm.h>
30#include <VBox/pdm.h>
31#include <VBox/dbgf.h>
32#include <VBox/em.h>
33#include <VBox/csam.h>
34#include <VBox/patm.h>
35#include <VBox/mm.h>
36#include <VBox/cpum.h>
37#include "TRPMInternal.h"
38#include <VBox/vm.h>
39#include <VBox/vmm.h>
40#include <VBox/param.h>
41
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/x86.h>
46#include <VBox/log.h>
47#include <VBox/tm.h>
48#include <iprt/asm.h>
49#include <iprt/assert.h>
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/* still here. MODR/M byte parsing */
55#define X86_OPCODE_MODRM_MOD_MASK 0xc0
56#define X86_OPCODE_MODRM_REG_MASK 0x38
57#define X86_OPCODE_MODRM_RM_MASK 0x07
58
59/** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
60#define DTRACE_EXPERIMENT
61
62
63/*******************************************************************************
64* Structures and Typedefs *
65*******************************************************************************/
66/** Pointer to a readonly hypervisor trap record. */
67typedef const struct TRPMGCHYPER *PCTRPMGCHYPER;
68
69/**
70 * A hypervisor trap record.
71 * This contains information about a handler for a instruction range.
72 *
73 * @remark This must match what TRPM_HANDLER outputs.
74 */
75typedef struct TRPMGCHYPER
76{
77 /** The start address. */
78 uintptr_t uStartEIP;
79 /** The end address. (exclusive)
80 * If NULL the it's only for the instruction at pvStartEIP. */
81 uintptr_t uEndEIP;
82 /**
83 * The handler.
84 *
85 * @returns VBox status code
86 * VINF_SUCCESS means we've handled the trap.
87 * Any other error code means returning to the host context.
88 * @param pVM The VM handle.
89 * @param pRegFrame The register frame.
90 * @param uUser The user argument.
91 */
92 DECLRCCALLBACKMEMBER(int, pfnHandler, (PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser));
93 /** Whatever the handler desires to put here. */
94 uintptr_t uUser;
95} TRPMGCHYPER;
96
97
98/*******************************************************************************
99* Global Variables *
100*******************************************************************************/
101__BEGIN_DECLS
102/** Defined in VMMGC0.asm or VMMGC99.asm.
103 * @{ */
104extern const TRPMGCHYPER g_aTrap0bHandlers[1];
105extern const TRPMGCHYPER g_aTrap0bHandlersEnd[1];
106extern const TRPMGCHYPER g_aTrap0dHandlers[1];
107extern const TRPMGCHYPER g_aTrap0dHandlersEnd[1];
108extern const TRPMGCHYPER g_aTrap0eHandlers[1];
109extern const TRPMGCHYPER g_aTrap0eHandlersEnd[1];
110/** @} */
111__END_DECLS
112
113
114/*******************************************************************************
115* Internal Functions *
116*******************************************************************************/
117__BEGIN_DECLS /* addressed from asm (not called so no DECLASM). */
118DECLCALLBACK(int) trpmGCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser);
119__END_DECLS
120
121
122
123/**
124 * Exits the trap, called when exiting a trap handler.
125 *
126 * Will reset the trap if it's not a guest trap or the trap
127 * is already handled. Will process resume guest FFs.
128 *
129 * @returns rc, can be adjusted if its VINF_SUCCESS or something really bad
130 * happened.
131 * @param pVM VM handle.
132 * @param pVCpu The virtual CPU handle.
133 * @param rc The VBox status code to return.
134 * @param pRegFrame Pointer to the register frame for the trap.
135 */
136static int trpmGCExitTrap(PVM pVM, PVMCPU pVCpu, int rc, PCPUMCTXCORE pRegFrame)
137{
138 uint32_t uOldActiveVector = pVCpu->trpm.s.uActiveVector;
139 NOREF(uOldActiveVector);
140
141 /* Reset trap? */
142 if ( rc != VINF_EM_RAW_GUEST_TRAP
143 && rc != VINF_EM_RAW_RING_SWITCH_INT)
144 pVCpu->trpm.s.uActiveVector = ~0;
145
146#ifdef VBOX_HIGH_RES_TIMERS_HACK
147 /*
148 * We should poll the timers occationally.
149 * We must *NOT* do this too frequently as it adds a significant overhead
150 * and it'll kill us if the trap load is high. (See #1354.)
151 * (The heuristic is not very intelligent, we should really check trap
152 * frequency etc. here, but alas, we lack any such information atm.)
153 */
154 static unsigned s_iTimerPoll = 0;
155 if (rc == VINF_SUCCESS)
156 {
157 if (!(++s_iTimerPoll & 0xf))
158 {
159 uint64_t cTicks = TMTimerPoll(pVM); NOREF(cTicks);
160 Log2(("TMTimerPoll at %08RX32 returned %RX64 (VM_FF_TIMER=%d)\n", pRegFrame->eip, cTicks, VM_FF_ISPENDING(pVM, VM_FF_TIMER)));
161 }
162 }
163 else
164 s_iTimerPoll = 0;
165#endif
166
167 /* Clear pending inhibit interrupt state if required. (necessary for dispatching interrupts later on) */
168 if (VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
169 {
170 Log2(("VM_FF_INHIBIT_INTERRUPTS at %08RX32 successor %RGv\n", pRegFrame->eip, EMGetInhibitInterruptsPC(pVCpu)));
171 if (pRegFrame->eip != EMGetInhibitInterruptsPC(pVCpu))
172 {
173 /** @note we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here if the eip is the same as the inhibited instr address.
174 * Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
175 * force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
176 * break the guest. Sounds very unlikely, but such timing sensitive problem are not as rare as you might think.
177 */
178 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
179 }
180 }
181
182 /*
183 * Pending resume-guest-FF?
184 * Or pending (A)PIC interrupt? Windows XP will crash if we delay APIC interrupts.
185 */
186 if ( rc == VINF_SUCCESS
187 && ( VM_FF_ISPENDING(pVM, VM_FF_TIMER | VM_FF_REQUEST | VM_FF_PGM_NO_MEMORY)
188 || VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TO_R3 | VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC | VMCPU_FF_REQUEST | VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL)
189 )
190 )
191 {
192 /* The out of memory condition naturally outrang the others. */
193 if (RT_UNLIKELY(VM_FF_ISPENDING(pVM, VM_FF_PGM_NO_MEMORY)))
194 rc = VINF_EM_NO_MEMORY;
195 /* Pending Ring-3 action. */
196 else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TO_R3))
197 {
198 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
199 rc = VINF_EM_RAW_TO_R3;
200 }
201 /* Pending timer action. */
202 else if (VM_FF_ISPENDING(pVM, VM_FF_TIMER))
203 rc = VINF_EM_RAW_TIMER_PENDING;
204 /* Pending interrupt: dispatch it. */
205 else if ( VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
206 && !VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
207 && PATMAreInterruptsEnabledByCtxCore(pVM, pRegFrame)
208 )
209 {
210 uint8_t u8Interrupt;
211 rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
212 Log(("trpmGCExitTrap: u8Interrupt=%d (%#x) rc=%Rrc\n", u8Interrupt, u8Interrupt, rc));
213 AssertFatalMsgRC(rc, ("PDMGetInterrupt failed with %Rrc\n", rc));
214 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)u8Interrupt, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_HARDWARE_INT, uOldActiveVector);
215 /* can't return if successful */
216 Assert(rc != VINF_SUCCESS);
217
218 /* Stop the profile counter that was started in TRPMGCHandlersA.asm */
219 Assert(uOldActiveVector <= 16);
220 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
221
222 /* Assert the trap and go to the recompiler to dispatch it. */
223 TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
224
225 STAM_PROFILE_ADV_START(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
226 rc = VINF_EM_RAW_INTERRUPT_PENDING;
227 }
228 /*
229 * Try sync CR3?
230 */
231 else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
232#if 1
233 rc = PGMSyncCR3(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR3(pVCpu), CPUMGetGuestCR4(pVCpu), VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
234#else
235 rc = VINF_PGM_SYNC_CR3;
236#endif
237 /* Pending request packets might contain actions that need immediate attention, such as pending hardware interrupts. */
238 else if ( VM_FF_ISPENDING(pVM, VM_FF_REQUEST)
239 || VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_REQUEST))
240 rc = VINF_EM_PENDING_REQUEST;
241 }
242
243 AssertMsg( rc != VINF_SUCCESS
244 || ( pRegFrame->eflags.Bits.u1IF
245 && ( pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss & X86_SEL_RPL) || pRegFrame->eflags.Bits.u1VM))
246 , ("rc=%Rrc\neflags=%RX32 ss=%RTsel IOPL=%d\n", rc, pRegFrame->eflags.u32, pRegFrame->ss, pRegFrame->eflags.Bits.u2IOPL));
247 return rc;
248}
249
250
251/**
252 * \#DB (Debug event) handler.
253 *
254 * @returns VBox status code.
255 * VINF_SUCCESS means we completely handled this trap,
256 * other codes are passed execution to host context.
257 *
258 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
259 * @param pRegFrame Pointer to the register frame for the trap.
260 * @internal
261 */
262DECLASM(int) TRPMGCTrap01Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
263{
264 RTGCUINTREG uDr6 = ASMGetAndClearDR6();
265 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
266 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
267
268 LogFlow(("TRPMGC01: cs:eip=%04x:%08x uDr6=%RTreg\n", pRegFrame->cs, pRegFrame->eip, uDr6));
269
270 /*
271 * We currently don't make sure of the X86_DR7_GD bit, but
272 * there might come a time when we do.
273 */
274 if ((uDr6 & X86_DR6_BD) == X86_DR6_BD)
275 {
276 AssertReleaseMsgFailed(("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
277 ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6));
278 return VERR_NOT_IMPLEMENTED;
279 }
280
281 AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
282
283 /*
284 * Now leave the rest to the DBGF.
285 */
286 int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6);
287 if (rc == VINF_EM_RAW_GUEST_TRAP)
288 CPUMSetGuestDR6(pVCpu, uDr6);
289
290 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
291 Log6(("TRPMGC01: %Rrc (%04x:%08x %RTreg)\n", rc, pRegFrame->cs, pRegFrame->eip, uDr6));
292 return rc;
293}
294
295
296/**
297 * NMI handler, for when we are using NMIs to debug things.
298 *
299 * @returns VBox status code.
300 * VINF_SUCCESS means we completely handled this trap,
301 * other codes are passed execution to host context.
302 *
303 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
304 * @param pRegFrame Pointer to the register frame for the trap.
305 * @internal
306 * @remark This is not hooked up unless you're building with VBOX_WITH_NMI defined.
307 */
308DECLASM(int) TRPMGCTrap02Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
309{
310 LogFlow(("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
311 RTLogComPrintf("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip);
312 return VERR_TRPM_DONT_PANIC;
313}
314
315
316/**
317 * \#BP (Breakpoint) handler.
318 *
319 * @returns VBox status code.
320 * VINF_SUCCESS means we completely handled this trap,
321 * other codes are passed execution to host context.
322 *
323 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
324 * @param pRegFrame Pointer to the register frame for the trap.
325 * @internal
326 */
327DECLASM(int) TRPMGCTrap03Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
328{
329 LogFlow(("TRPMGC03: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
330 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
331 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
332 int rc;
333
334 /*
335 * Both PATM are using INT3s, let them have a go first.
336 */
337 if ( (pRegFrame->ss & X86_SEL_RPL) == 1
338 && !pRegFrame->eflags.Bits.u1VM)
339 {
340 rc = PATMHandleInt3PatchTrap(pVM, pRegFrame);
341 if (rc == VINF_SUCCESS || rc == VINF_EM_RAW_EMULATE_INSTR || rc == VINF_PATM_PATCH_INT3 || rc == VINF_PATM_DUPLICATE_FUNCTION)
342 {
343 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
344 Log6(("TRPMGC03: %Rrc (%04x:%08x) (PATM)\n", rc, pRegFrame->cs, pRegFrame->eip));
345 return rc;
346 }
347 }
348 rc = DBGFRZTrap03Handler(pVM, pVCpu, pRegFrame);
349
350 /* anything we should do with this? Schedule it in GC? */
351 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
352 Log6(("TRPMGC03: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
353 return rc;
354}
355
356
357/**
358 * Trap handler for illegal opcode fault (\#UD).
359 *
360 * @returns VBox status code.
361 * VINF_SUCCESS means we completely handled this trap,
362 * other codes are passed execution to host context.
363 *
364 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
365 * @param pRegFrame Pointer to the register frame for the trap.
366 * @internal
367 */
368DECLASM(int) TRPMGCTrap06Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
369{
370 LogFlow(("TRPMGC06: %04x:%08x efl=%x\n", pRegFrame->cs, pRegFrame->eip, pRegFrame->eflags.u32));
371 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
372 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
373 int rc;
374
375 if (CPUMGetGuestCPL(pVCpu, pRegFrame) == 0)
376 {
377 /*
378 * Decode the instruction.
379 */
380 RTGCPTR PC;
381 rc = SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip, &PC);
382 if (RT_FAILURE(rc))
383 {
384 Log(("TRPMGCTrap06Handler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n", pRegFrame->cs, pRegFrame->eip, pRegFrame->ss & X86_SEL_RPL, rc));
385 rc = trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
386 Log6(("TRPMGC06: %Rrc (%04x:%08x) (SELM)\n", rc, pRegFrame->cs, pRegFrame->eip));
387 return rc;
388 }
389
390 DISCPUSTATE Cpu;
391 uint32_t cbOp;
392 rc = EMInterpretDisasOneEx(pVM, pVCpu, (RTGCUINTPTR)PC, pRegFrame, &Cpu, &cbOp);
393 if (RT_FAILURE(rc))
394 {
395 rc = trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
396 Log6(("TRPMGC06: %Rrc (%04x:%08x) (EM)\n", rc, pRegFrame->cs, pRegFrame->eip));
397 return rc;
398 }
399
400 /*
401 * UD2 in a patch?
402 */
403 if ( Cpu.pCurInstr->opcode == OP_ILLUD2
404 && PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
405 {
406 rc = PATMGCHandleIllegalInstrTrap(pVM, pRegFrame);
407 /** @todo These tests are completely unnecessary, should just follow the
408 * flow and return at the end of the function. */
409 if ( rc == VINF_SUCCESS
410 || rc == VINF_EM_RAW_EMULATE_INSTR
411 || rc == VINF_PATM_DUPLICATE_FUNCTION
412 || rc == VINF_PATM_PENDING_IRQ_AFTER_IRET
413 || rc == VINF_EM_RESCHEDULE)
414 {
415 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
416 Log6(("TRPMGC06: %Rrc (%04x:%08x) (PATM)\n", rc, pRegFrame->cs, pRegFrame->eip));
417 return rc;
418 }
419 }
420 /*
421 * Speed up dtrace and don't entrust invalid lock sequences to the recompiler.
422 */
423 else if (Cpu.prefix & PREFIX_LOCK)
424 {
425 Log(("TRPMGCTrap06Handler: pc=%08x op=%d\n", pRegFrame->eip, Cpu.pCurInstr->opcode));
426#ifdef DTRACE_EXPERIMENT /** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
427 Assert(!PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip));
428 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0x6, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, 0x6);
429 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
430#else
431 rc = VINF_EM_RAW_EMULATE_INSTR;
432#endif
433 }
434 /*
435 * Handle MONITOR - it causes an #UD exception instead of #GP when not executed in ring 0.
436 */
437 else if (Cpu.pCurInstr->opcode == OP_MONITOR)
438 {
439 uint32_t cbIgnored;
440 rc = EMInterpretInstructionCPU(pVM, pVCpu, &Cpu, pRegFrame, PC, &cbIgnored);
441 if (RT_LIKELY(RT_SUCCESS(rc)))
442 pRegFrame->eip += Cpu.opsize;
443 }
444 /* Never generate a raw trap here; it might be an instruction, that requires emulation. */
445 else
446 rc = VINF_EM_RAW_EMULATE_INSTR;
447 }
448 else
449 {
450 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0x6, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, 0x6);
451 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
452 }
453
454 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
455 Log6(("TRPMGC06: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
456 return rc;
457}
458
459
460/**
461 * Trap handler for device not present fault (\#NM).
462 *
463 * Device not available, FP or (F)WAIT instruction.
464 *
465 * @returns VBox status code.
466 * VINF_SUCCESS means we completely handled this trap,
467 * other codes are passed execution to host context.
468 *
469 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
470 * @param pRegFrame Pointer to the register frame for the trap.
471 * @internal
472 */
473DECLASM(int) TRPMGCTrap07Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
474{
475 LogFlow(("TRPMGC07: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
476 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
477 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
478
479 int rc = CPUMHandleLazyFPU(pVCpu);
480 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
481 Log6(("TRPMGC07: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
482 return rc;
483}
484
485
486/**
487 * \#NP ((segment) Not Present) handler.
488 *
489 * @returns VBox status code.
490 * VINF_SUCCESS means we completely handled this trap,
491 * other codes are passed execution to host context.
492 *
493 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
494 * @param pRegFrame Pointer to the register frame for the trap.
495 * @internal
496 */
497DECLASM(int) TRPMGCTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
498{
499 LogFlow(("TRPMGC0b: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
500 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
501
502 /*
503 * Try to detect instruction by opcode which caused trap.
504 * XXX note: this code may cause \#PF (trap e) or \#GP (trap d) while
505 * accessing user code. need to handle it somehow in future!
506 */
507 RTGCPTR GCPtr;
508 if (SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip, &GCPtr) == VINF_SUCCESS)
509 {
510 uint8_t *pu8Code = (uint8_t *)(uintptr_t)GCPtr;
511
512 /*
513 * First skip possible instruction prefixes, such as:
514 * OS, AS
515 * CS:, DS:, ES:, SS:, FS:, GS:
516 * REPE, REPNE
517 *
518 * note: Currently we supports only up to 4 prefixes per opcode, more
519 * prefixes (normally not used anyway) will cause trap d in guest.
520 * note: Instruction length in IA-32 may be up to 15 bytes, we dont
521 * check this issue, its too hard.
522 */
523 for (unsigned i = 0; i < 4; i++)
524 {
525 if ( pu8Code[0] != 0xf2 /* REPNE/REPNZ */
526 && pu8Code[0] != 0xf3 /* REP/REPE/REPZ */
527 && pu8Code[0] != 0x2e /* CS: */
528 && pu8Code[0] != 0x36 /* SS: */
529 && pu8Code[0] != 0x3e /* DS: */
530 && pu8Code[0] != 0x26 /* ES: */
531 && pu8Code[0] != 0x64 /* FS: */
532 && pu8Code[0] != 0x65 /* GS: */
533 && pu8Code[0] != 0x66 /* OS */
534 && pu8Code[0] != 0x67 /* AS */
535 )
536 break;
537 pu8Code++;
538 }
539
540 /*
541 * Detect right switch using a callgate.
542 *
543 * We recognize the following causes for the trap 0b:
544 * CALL FAR, CALL FAR []
545 * JMP FAR, JMP FAR []
546 * IRET (may cause a task switch)
547 *
548 * Note: we can't detect whether the trap was caused by a call to a
549 * callgate descriptor or it is a real trap 0b due to a bad selector.
550 * In both situations we'll pass execution to our recompiler so we don't
551 * have to worry.
552 * If we wanted to do better detection, we have set GDT entries to callgate
553 * descriptors pointing to our own handlers.
554 */
555 /** @todo not sure about IRET, may generate Trap 0d (\#GP), NEED TO CHECK! */
556 if ( pu8Code[0] == 0x9a /* CALL FAR */
557 || ( pu8Code[0] == 0xff /* CALL FAR [] */
558 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x18)
559 || pu8Code[0] == 0xea /* JMP FAR */
560 || ( pu8Code[0] == 0xff /* JMP FAR [] */
561 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x28)
562 || pu8Code[0] == 0xcf /* IRET */
563 )
564 {
565 /*
566 * Got potential call to callgate.
567 * We simply return execution to the recompiler to do emulation
568 * starting from the instruction which caused the trap.
569 */
570 pTrpmCpu->uActiveVector = ~0;
571 Log6(("TRPMGC0b: %Rrc (%04x:%08x) (CG)\n", VINF_EM_RAW_RING_SWITCH, pRegFrame->cs, pRegFrame->eip));
572 return VINF_EM_RAW_RING_SWITCH;
573 }
574 }
575
576 /*
577 * Pass trap 0b as is to the recompiler in all other cases.
578 */
579 Log6(("TRPMGC0b: %Rrc (%04x:%08x)\n", VINF_EM_RAW_GUEST_TRAP, pRegFrame->cs, pRegFrame->eip));
580 return VINF_EM_RAW_GUEST_TRAP;
581}
582
583
584/**
585 * \#GP (General Protection Fault) handler for Ring-0 privileged instructions.
586 *
587 * @returns VBox status code.
588 * VINF_SUCCESS means we completely handled this trap,
589 * other codes are passed execution to host context.
590 *
591 * @param pVM The VM handle.
592 * @param pVCpu The virtual CPU handle.
593 * @param pRegFrame Pointer to the register frame for the trap.
594 * @param pCpu The opcode info.
595 * @param PC The program counter corresponding to cs:eip in pRegFrame.
596 */
597static int trpmGCTrap0dHandlerRing0(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
598{
599 int rc;
600
601 /*
602 * Try handle it here, if not return to HC and emulate/interpret it there.
603 */
604 switch (pCpu->pCurInstr->opcode)
605 {
606 case OP_INT3:
607 /*
608 * Little hack to make the code below not fail
609 */
610 pCpu->param1.flags = USE_IMMEDIATE8;
611 pCpu->param1.parval = 3;
612 /* fallthru */
613 case OP_INT:
614 {
615 Assert(pCpu->param1.flags & USE_IMMEDIATE8);
616 Assert(!(PATMIsPatchGCAddr(pVM, (RTRCPTR)PC)));
617 if (pCpu->param1.parval == 3)
618 {
619 /* Int 3 replacement patch? */
620 if (PATMHandleInt3PatchTrap(pVM, pRegFrame) == VINF_SUCCESS)
621 {
622 AssertFailed();
623 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
624 }
625 }
626 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->param1.parval, pCpu->opsize, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
627 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
628 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
629
630 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
631 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
632 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
633 }
634
635#ifdef PATM_EMULATE_SYSENTER
636 case OP_SYSEXIT:
637 case OP_SYSRET:
638 rc = PATMSysCall(pVM, pRegFrame, pCpu);
639 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
640#endif
641
642 case OP_HLT:
643 /* If it's in patch code, defer to ring-3. */
644 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)PC))
645 break;
646
647 pRegFrame->eip += pCpu->opsize;
648 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_HALT, pRegFrame);
649
650
651 /*
652 * These instructions are used by PATM and CASM for finding
653 * dangerous non-trapping instructions. Thus, since all
654 * scanning and patching is done in ring-3 we'll have to
655 * return to ring-3 on the first encounter of these instructions.
656 */
657 case OP_MOV_CR:
658 case OP_MOV_DR:
659 /* We can safely emulate control/debug register move instructions in patched code. */
660 if ( !PATMIsPatchGCAddr(pVM, (RTRCPTR)PC)
661 && !CSAMIsKnownDangerousInstr(pVM, (RTRCPTR)PC))
662 break;
663 case OP_INVLPG:
664 case OP_LLDT:
665 case OP_STI:
666 case OP_RDTSC: /* just in case */
667 case OP_RDPMC:
668 case OP_CLTS:
669 case OP_WBINVD: /* nop */
670 case OP_RDMSR:
671 case OP_WRMSR:
672 {
673 uint32_t cbIgnored;
674 rc = EMInterpretInstructionCPU(pVM, pVCpu, pCpu, pRegFrame, PC, &cbIgnored);
675 if (RT_SUCCESS(rc))
676 pRegFrame->eip += pCpu->opsize;
677 else if (rc == VERR_EM_INTERPRETER)
678 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
679 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
680 }
681 }
682
683 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EXCEPTION_PRIVILEGED, pRegFrame);
684}
685
686
687/**
688 * \#GP (General Protection Fault) handler for Ring-3.
689 *
690 * @returns VBox status code.
691 * VINF_SUCCESS means we completely handled this trap,
692 * other codes are passed execution to host context.
693 *
694 * @param pVM The VM handle.
695 * @param pVCpu The virtual CPU handle.
696 * @param pRegFrame Pointer to the register frame for the trap.
697 * @param pCpu The opcode info.
698 * @param PC The program counter corresponding to cs:eip in pRegFrame.
699 */
700static int trpmGCTrap0dHandlerRing3(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
701{
702 int rc;
703 Assert(!pRegFrame->eflags.Bits.u1VM);
704
705 switch (pCpu->pCurInstr->opcode)
706 {
707 /*
708 * INT3 and INT xx are ring-switching.
709 * (The shadow IDT will have set the entries to DPL=0, that's why we're here.)
710 */
711 case OP_INT3:
712 /*
713 * Little hack to make the code below not fail
714 */
715 pCpu->param1.flags = USE_IMMEDIATE8;
716 pCpu->param1.parval = 3;
717 /* fall thru */
718 case OP_INT:
719 {
720 Assert(pCpu->param1.flags & USE_IMMEDIATE8);
721 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->param1.parval, pCpu->opsize, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
722 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
723 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
724
725 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
726 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
727 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
728 }
729
730 /*
731 * SYSCALL, SYSENTER, INTO and BOUND are also ring-switchers.
732 */
733 case OP_SYSCALL:
734 case OP_SYSENTER:
735#ifdef PATM_EMULATE_SYSENTER
736 rc = PATMSysCall(pVM, pRegFrame, pCpu);
737 if (rc == VINF_SUCCESS)
738 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
739 /* else no break; */
740#endif
741 case OP_BOUND:
742 case OP_INTO:
743 pVCpu->trpm.s.uActiveVector = ~0;
744 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH, pRegFrame);
745
746 /*
747 * Handle virtualized TSC & PMC reads, just in case.
748 */
749 case OP_RDTSC:
750 case OP_RDPMC:
751 {
752 uint32_t cbIgnored;
753 rc = EMInterpretInstructionCPU(pVM, pVCpu, pCpu, pRegFrame, PC, &cbIgnored);
754 if (RT_SUCCESS(rc))
755 pRegFrame->eip += pCpu->opsize;
756 else if (rc == VERR_EM_INTERPRETER)
757 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
758 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
759 }
760
761 /*
762 * STI and CLI are I/O privileged, i.e. if IOPL
763 */
764 case OP_STI:
765 case OP_CLI:
766 {
767 uint32_t efl = CPUMRawGetEFlags(pVCpu, pRegFrame);
768 if (X86_EFL_GET_IOPL(efl) >= (unsigned)(pRegFrame->ss & X86_SEL_RPL))
769 {
770 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> REM\n"));
771 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RESCHEDULE_REM, pRegFrame);
772 }
773 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> #GP(0)\n"));
774 break;
775 }
776 }
777
778 /*
779 * A genuine guest fault.
780 */
781 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
782}
783
784
785/**
786 * Emulates RDTSC for the \#GP handler.
787 *
788 * @returns VINF_SUCCESS or VINF_EM_RAW_EMULATE_INSTR.
789 *
790 * @param pVM Pointer to the shared VM structure.
791 * @param pVCpu The virtual CPU handle.
792 * @param pRegFrame Pointer to the registre frame for the trap.
793 * This will be updated on successful return.
794 */
795DECLINLINE(int) trpmGCTrap0dHandlerRdTsc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
796{
797 STAM_COUNTER_INC(&pVM->trpm.s.StatTrap0dRdTsc);
798
799 if (CPUMGetGuestCR4(pVCpu) & X86_CR4_TSD)
800 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame); /* will trap (optimize later). */
801
802 uint64_t uTicks = TMCpuTickGet(pVCpu);
803 pRegFrame->eax = uTicks;
804 pRegFrame->edx = uTicks >> 32;
805 pRegFrame->eip += 2;
806 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
807}
808
809
810/**
811 * \#GP (General Protection Fault) handler.
812 *
813 * @returns VBox status code.
814 * VINF_SUCCESS means we completely handled this trap,
815 * other codes are passed execution to host context.
816 *
817 * @param pVM The VM handle.
818 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
819 * @param pRegFrame Pointer to the register frame for the trap.
820 */
821static int trpmGCTrap0dHandler(PVM pVM, PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
822{
823 LogFlow(("trpmGCTrap0dHandler: cs:eip=%RTsel:%08RX32 uErr=%RGv\n", pRegFrame->ss, pRegFrame->eip, pTrpmCpu->uActiveErrorCode));
824 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
825
826 /*
827 * Convert and validate CS.
828 */
829 STAM_PROFILE_START(&pVM->trpm.s.StatTrap0dDisasm, a);
830 RTGCPTR PC;
831 uint32_t cBits;
832 int rc = SELMValidateAndConvertCSAddrGCTrap(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs,
833 (RTGCPTR)pRegFrame->eip, &PC, &cBits);
834 if (RT_FAILURE(rc))
835 {
836 Log(("trpmGCTrap0dHandler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n",
837 pRegFrame->cs, pRegFrame->eip, pRegFrame->ss & X86_SEL_RPL, rc));
838 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
839 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
840 }
841
842 /*
843 * Optimize RDTSC traps.
844 * Some guests (like Solaris) are using RDTSC all over the place and
845 * will end up trapping a *lot* because of that.
846 */
847 if ( !pRegFrame->eflags.Bits.u1VM
848 && ((uint8_t *)PC)[0] == 0x0f
849 && ((uint8_t *)PC)[1] == 0x31)
850 {
851 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
852 return trpmGCTrap0dHandlerRdTsc(pVM, pVCpu, pRegFrame);
853 }
854
855 /*
856 * Disassemble the instruction.
857 */
858 DISCPUSTATE Cpu;
859 uint32_t cbOp;
860 rc = DISCoreOneEx((RTGCUINTPTR)PC, cBits == 32 ? CPUMODE_32BIT : cBits == 16 ? CPUMODE_16BIT : CPUMODE_64BIT,
861 NULL, NULL, &Cpu, &cbOp);
862 if (RT_FAILURE(rc))
863 {
864 AssertMsgFailed(("DISCoreOneEx failed to PC=%RGv rc=%Rrc\n", PC, rc));
865 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
866 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
867 }
868 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
869
870 /*
871 * Deal with I/O port access.
872 */
873 if ( pVCpu->trpm.s.uActiveErrorCode == 0
874 && (Cpu.pCurInstr->optype & OPTYPE_PORTIO))
875 {
876 rc = EMInterpretPortIO(pVM, pVCpu, pRegFrame, &Cpu, cbOp);
877 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
878 }
879
880 /*
881 * Deal with Ring-0 (privileged instructions)
882 */
883 if ( (pRegFrame->ss & X86_SEL_RPL) <= 1
884 && !pRegFrame->eflags.Bits.u1VM)
885 return trpmGCTrap0dHandlerRing0(pVM, pVCpu, pRegFrame, &Cpu, PC);
886
887 /*
888 * Deal with Ring-3 GPs.
889 */
890 if (!pRegFrame->eflags.Bits.u1VM)
891 return trpmGCTrap0dHandlerRing3(pVM, pVCpu, pRegFrame, &Cpu, PC);
892
893 /*
894 * Deal with v86 code.
895 *
896 * We always set IOPL to zero which makes e.g. pushf fault in V86
897 * mode. The guest might use IOPL=3 and therefore not expect a #GP.
898 * Simply fall back to the recompiler to emulate this instruction if
899 * that's the case. To get the correct we must use CPUMRawGetEFlags.
900 */
901 X86EFLAGS eflags;
902 eflags.u32 = CPUMRawGetEFlags(pVCpu, pRegFrame); /* Get the correct value. */
903 Log3(("TRPM #GP V86: cs:eip=%04x:%08x IOPL=%d efl=%08x\n", pRegFrame->cs, pRegFrame->eip, eflags.Bits.u2IOPL, eflags.u));
904 if (eflags.Bits.u2IOPL != 3)
905 {
906 Assert(eflags.Bits.u2IOPL == 0);
907
908 int rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xD, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xd);
909 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
910 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
911 }
912 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
913}
914
915
916/**
917 * \#GP (General Protection Fault) handler.
918 *
919 * @returns VBox status code.
920 * VINF_SUCCESS means we completely handled this trap,
921 * other codes are passed execution to host context.
922 *
923 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
924 * @param pRegFrame Pointer to the register frame for the trap.
925 * @internal
926 */
927DECLASM(int) TRPMGCTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
928{
929 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
930 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
931
932 LogFlow(("TRPMGC0d: %04x:%08x err=%x\n", pRegFrame->cs, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode));
933
934 int rc = trpmGCTrap0dHandler(pVM, pTrpmCpu, pRegFrame);
935 switch (rc)
936 {
937 case VINF_EM_RAW_GUEST_TRAP:
938 case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
939 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
940 rc = VINF_PATM_PATCH_TRAP_GP;
941 break;
942
943 case VINF_EM_RAW_INTERRUPT_PENDING:
944 Assert(TRPMHasTrap(pVCpu));
945 /* no break; */
946 case VINF_PGM_SYNC_CR3: /** @todo Check this with Sander. */
947 case VINF_EM_RAW_EMULATE_INSTR:
948 case VINF_IOM_HC_IOPORT_READ:
949 case VINF_IOM_HC_IOPORT_WRITE:
950 case VINF_IOM_HC_MMIO_WRITE:
951 case VINF_IOM_HC_MMIO_READ:
952 case VINF_IOM_HC_MMIO_READ_WRITE:
953 case VINF_PATM_PATCH_INT3:
954 case VINF_EM_NO_MEMORY:
955 case VINF_EM_RAW_TO_R3:
956 case VINF_EM_RAW_TIMER_PENDING:
957 case VINF_EM_PENDING_REQUEST:
958 case VINF_EM_HALT:
959 case VINF_SUCCESS:
960 break;
961
962 default:
963 AssertMsg(PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip) == false, ("return code %d\n", rc));
964 break;
965 }
966 Log6(("TRPMGC0d: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
967 return rc;
968}
969
970
971/**
972 * \#PF (Page Fault) handler.
973 *
974 * Calls PGM which does the actual handling.
975 *
976 *
977 * @returns VBox status code.
978 * VINF_SUCCESS means we completely handled this trap,
979 * other codes are passed execution to host context.
980 *
981 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
982 * @param pRegFrame Pointer to the register frame for the trap.
983 * @internal
984 */
985DECLASM(int) TRPMGCTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
986{
987 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
988 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
989
990 LogFlow(("TRPMGC0e: %04x:%08x err=%x cr2=%08x\n", pRegFrame->cs, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode, (uint32_t)pVCpu->trpm.s.uActiveCR2));
991
992 /*
993 * This is all PGM stuff.
994 */
995 int rc = PGMTrap0eHandler(pVCpu, pVCpu->trpm.s.uActiveErrorCode, pRegFrame, (RTGCPTR)pVCpu->trpm.s.uActiveCR2);
996 switch (rc)
997 {
998 case VINF_EM_RAW_EMULATE_INSTR:
999 case VINF_EM_RAW_EMULATE_INSTR_PD_FAULT:
1000 case VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT:
1001 case VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT:
1002 case VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT:
1003 case VINF_EM_RAW_EMULATE_INSTR_IDT_FAULT:
1004 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
1005 rc = VINF_PATCH_EMULATE_INSTR;
1006 break;
1007
1008 case VINF_EM_RAW_GUEST_TRAP:
1009 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
1010 return VINF_PATM_PATCH_TRAP_PF;
1011
1012 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xE, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xe);
1013 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
1014 break;
1015
1016 case VINF_EM_RAW_INTERRUPT_PENDING:
1017 Assert(TRPMHasTrap(pVCpu));
1018 /* no break; */
1019 case VINF_IOM_HC_MMIO_READ:
1020 case VINF_IOM_HC_MMIO_WRITE:
1021 case VINF_IOM_HC_MMIO_READ_WRITE:
1022 case VINF_PATM_HC_MMIO_PATCH_READ:
1023 case VINF_PATM_HC_MMIO_PATCH_WRITE:
1024 case VINF_SUCCESS:
1025 case VINF_EM_RAW_TO_R3:
1026 case VINF_EM_PENDING_REQUEST:
1027 case VINF_EM_RAW_TIMER_PENDING:
1028 case VINF_EM_NO_MEMORY:
1029 case VINF_CSAM_PENDING_ACTION:
1030 case VINF_PGM_SYNC_CR3: /** @todo Check this with Sander. */
1031 break;
1032
1033 default:
1034 AssertMsg(PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip) == false, ("Patch address for return code %d. eip=%08x\n", rc, pRegFrame->eip));
1035 break;
1036 }
1037 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
1038 Log6(("TRPMGC0e: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
1039 return rc;
1040}
1041
1042
1043/**
1044 * Scans for the EIP in the specified array of trap handlers.
1045 *
1046 * If we don't fine the EIP, we'll panic.
1047 *
1048 * @returns VBox status code.
1049 *
1050 * @param pVM The VM handle.
1051 * @param pRegFrame Pointer to the register frame for the trap.
1052 * @param paHandlers The array of trap handler records.
1053 * @param pEndRecord The end record (exclusive).
1054 */
1055static int trpmGCHyperGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, PCTRPMGCHYPER paHandlers, PCTRPMGCHYPER pEndRecord)
1056{
1057 uintptr_t uEip = (uintptr_t)pRegFrame->eip;
1058 Assert(paHandlers <= pEndRecord);
1059
1060 Log(("trpmGCHyperGeneric: uEip=%x %p-%p\n", uEip, paHandlers, pEndRecord));
1061
1062#if 0 /// @todo later
1063 /*
1064 * Start by doing a kind of binary search.
1065 */
1066 unsigned iStart = 0;
1067 unsigned iEnd = pEndRecord - paHandlers;
1068 unsigned i = iEnd / 2;
1069#endif
1070
1071 /*
1072 * Do a linear search now (in case the array wasn't properly sorted).
1073 */
1074 for (PCTRPMGCHYPER pCur = paHandlers; pCur < pEndRecord; pCur++)
1075 {
1076 if ( pCur->uStartEIP <= uEip
1077 && (pCur->uEndEIP ? pCur->uEndEIP > uEip : pCur->uStartEIP == uEip))
1078 return pCur->pfnHandler(pVM, pRegFrame, pCur->uUser);
1079 }
1080
1081 return VERR_TRPM_DONT_PANIC;
1082}
1083
1084
1085/**
1086 * Hypervisor \#NP ((segment) Not Present) handler.
1087 *
1088 * Scans for the EIP in the registered trap handlers.
1089 *
1090 * @returns VBox status code.
1091 * VINF_SUCCESS means we completely handled this trap,
1092 * other codes are passed back to host context.
1093 *
1094 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1095 * @param pRegFrame Pointer to the register frame for the trap.
1096 * @internal
1097 */
1098DECLASM(int) TRPMGCHyperTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1099{
1100 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0bHandlers, g_aTrap0bHandlersEnd);
1101}
1102
1103
1104/**
1105 * Hypervisor \#GP (General Protection Fault) handler.
1106 *
1107 * Scans for the EIP in the registered trap handlers.
1108 *
1109 * @returns VBox status code.
1110 * VINF_SUCCESS means we completely handled this trap,
1111 * other codes are passed back to host context.
1112 *
1113 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1114 * @param pRegFrame Pointer to the register frame for the trap.
1115 * @internal
1116 */
1117DECLASM(int) TRPMGCHyperTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1118{
1119 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1120}
1121
1122
1123/**
1124 * Hypervisor \#PF (Page Fault) handler.
1125 *
1126 * Scans for the EIP in the registered trap handlers.
1127 *
1128 * @returns VBox status code.
1129 * VINF_SUCCESS means we completely handled this trap,
1130 * other codes are passed back to host context.
1131 *
1132 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1133 * @param pRegFrame Pointer to the register frame for the trap.
1134 * @internal
1135 */
1136DECLASM(int) TRPMGCHyperTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1137{
1138 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1139}
1140
1141
1142/**
1143 * Deal with hypervisor traps occuring when resuming execution on a trap.
1144 *
1145 * @returns VBox status code.
1146 * @param pVM The VM handle.
1147 * @param pRegFrame Register frame.
1148 * @param uUser User arg.
1149 */
1150DECLCALLBACK(int) trpmGCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser)
1151{
1152 Log(("********************************************************\n"));
1153 Log(("trpmGCTrapInGeneric: eip=%RX32 uUser=%#x\n", pRegFrame->eip, uUser));
1154 Log(("********************************************************\n"));
1155
1156 if (uUser & TRPM_TRAP_IN_HYPER)
1157 {
1158 /*
1159 * Check that there is still some stack left, if not we'll flag
1160 * a guru meditation (the alternative is a triple fault).
1161 */
1162 RTRCUINTPTR cbStackUsed = (RTRCUINTPTR)VMMGetStackRC(pVM) - pRegFrame->esp;
1163 if (cbStackUsed > VMM_STACK_SIZE - _1K)
1164 {
1165 LogRel(("trpmGCTrapInGeneric: ran out of stack: esp=#x cbStackUsed=%#x\n", pRegFrame->esp, cbStackUsed));
1166 return VERR_TRPM_DONT_PANIC;
1167 }
1168
1169 /*
1170 * Just zero the register containing the selector in question.
1171 * We'll deal with the actual stale or troublesome selector value in
1172 * the outermost trap frame.
1173 */
1174 switch (uUser & TRPM_TRAP_IN_OP_MASK)
1175 {
1176 case TRPM_TRAP_IN_MOV_GS:
1177 pRegFrame->eax = 0;
1178 pRegFrame->gs = 0; /* prevent recursive trouble. */
1179 break;
1180 case TRPM_TRAP_IN_MOV_FS:
1181 pRegFrame->eax = 0;
1182 pRegFrame->fs = 0; /* prevent recursive trouble. */
1183 return VINF_SUCCESS;
1184
1185 default:
1186 AssertMsgFailed(("Invalid uUser=%#x\n", uUser));
1187 return VERR_INTERNAL_ERROR;
1188 }
1189 }
1190 else
1191 {
1192 /*
1193 * Reconstruct the guest context and switch to the recompiler.
1194 * We ASSUME we're only at
1195 */
1196 CPUMCTXCORE CtxCore = *pRegFrame;
1197 uint32_t *pEsp = (uint32_t *)pRegFrame->esp;
1198 int rc;
1199
1200 switch (uUser)
1201 {
1202 /*
1203 * This will only occur when resuming guest code in a trap handler!
1204 */
1205 /* @note ASSUMES esp points to the temporary guest CPUMCTXCORE!!! */
1206 case TRPM_TRAP_IN_MOV_GS:
1207 case TRPM_TRAP_IN_MOV_FS:
1208 case TRPM_TRAP_IN_MOV_ES:
1209 case TRPM_TRAP_IN_MOV_DS:
1210 {
1211 PCPUMCTXCORE pTempGuestCtx = (PCPUMCTXCORE)pEsp;
1212
1213 /* Just copy the whole thing; several selector registers, eip (etc) and eax are not yet in pRegFrame. */
1214 CtxCore = *pTempGuestCtx;
1215 rc = VINF_EM_RAW_STALE_SELECTOR;
1216 break;
1217 }
1218
1219 /*
1220 * This will only occur when resuming guest code!
1221 */
1222 case TRPM_TRAP_IN_IRET:
1223 CtxCore.eip = *pEsp++;
1224 CtxCore.cs = (RTSEL)*pEsp++;
1225 CtxCore.eflags.u32 = *pEsp++;
1226 CtxCore.esp = *pEsp++;
1227 CtxCore.ss = (RTSEL)*pEsp++;
1228 rc = VINF_EM_RAW_IRET_TRAP;
1229 break;
1230
1231 /*
1232 * This will only occur when resuming V86 guest code!
1233 */
1234 case TRPM_TRAP_IN_IRET | TRPM_TRAP_IN_V86:
1235 CtxCore.eip = *pEsp++;
1236 CtxCore.cs = (RTSEL)*pEsp++;
1237 CtxCore.eflags.u32 = *pEsp++;
1238 CtxCore.esp = *pEsp++;
1239 CtxCore.ss = (RTSEL)*pEsp++;
1240 CtxCore.es = (RTSEL)*pEsp++;
1241 CtxCore.ds = (RTSEL)*pEsp++;
1242 CtxCore.fs = (RTSEL)*pEsp++;
1243 CtxCore.gs = (RTSEL)*pEsp++;
1244 rc = VINF_EM_RAW_IRET_TRAP;
1245 break;
1246
1247 default:
1248 AssertMsgFailed(("Invalid uUser=%#x\n", uUser));
1249 return VERR_INTERNAL_ERROR;
1250 }
1251
1252
1253 CPUMSetGuestCtxCore(VMMGetCpu0(pVM), &CtxCore);
1254 TRPMGCHyperReturnToHost(pVM, rc);
1255 }
1256
1257 AssertMsgFailed(("Impossible!\n"));
1258 return VERR_INTERNAL_ERROR;
1259}
1260
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette