VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMR3/DBGFR3Bp.cpp@ 92556

Last change on this file since 92556 was 90794, checked in by vboxsync, 3 years ago

*: More VALID_PTR -> RT_VALID_PTR/AssertPtr.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 103.2 KB
Line 
1/* $Id: DBGFR3Bp.cpp 90794 2021-08-23 13:16:11Z vboxsync $ */
2/** @file
3 * DBGF - Debugger Facility, Breakpoint Management.
4 */
5
6/*
7 * Copyright (C) 2006-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/** @page pg_dbgf_bp DBGF - The Debugger Facility, Breakpoint Management
20 *
21 * The debugger facilities breakpoint managers purpose is to efficiently manage
22 * large amounts of breakpoints for various use cases like dtrace like operations
23 * or execution flow tracing for instance. Especially execution flow tracing can
24 * require thousands of breakpoints which need to be managed efficiently to not slow
25 * down guest operation too much. Before the rewrite starting end of 2020, DBGF could
26 * only handle 32 breakpoints (+ 4 hardware assisted breakpoints). The new
27 * manager is supposed to be able to handle up to one million breakpoints.
28 *
29 * @see grp_dbgf
30 *
31 *
32 * @section sec_dbgf_bp_owner Breakpoint owners
33 *
34 * A single breakpoint owner has a mandatory ring-3 callback and an optional ring-0
35 * callback assigned which is called whenever a breakpoint with the owner assigned is hit.
36 * The common part of the owner is managed by a single table mapped into both ring-0
37 * and ring-3 and the handle being the index into the table. This allows resolving
38 * the handle to the internal structure efficiently. Searching for a free entry is
39 * done using a bitmap indicating free and occupied entries. For the optional
40 * ring-0 owner part there is a separate ring-0 only table for security reasons.
41 *
42 * The callback of the owner can be used to gather and log guest state information
43 * and decide whether to continue guest execution or stop and drop into the debugger.
44 * Breakpoints which don't have an owner assigned will always drop the VM right into
45 * the debugger.
46 *
47 *
48 * @section sec_dbgf_bp_bps Breakpoints
49 *
50 * Breakpoints are referenced by an opaque handle which acts as an index into a global table
51 * mapped into ring-3 and ring-0. Each entry contains the necessary state to manage the breakpoint
52 * like trigger conditions, type, owner, etc. If an owner is given an optional opaque user argument
53 * can be supplied which is passed in the respective owner callback. For owners with ring-0 callbacks
54 * a dedicated ring-0 table is held saving possible ring-0 user arguments.
55 *
56 * To keep memory consumption under control and still support large amounts of
57 * breakpoints the table is split into fixed sized chunks and the chunk index and index
58 * into the chunk can be derived from the handle with only a few logical operations.
59 *
60 *
61 * @section sec_dbgf_bp_resolv Resolving breakpoint addresses
62 *
63 * Whenever a \#BP(0) event is triggered DBGF needs to decide whether the event originated
64 * from within the guest or whether a DBGF breakpoint caused it. This has to happen as fast
65 * as possible. The following scheme is employed to achieve this:
66 *
67 * @verbatim
68 * 7 6 5 4 3 2 1 0
69 * +---+---+---+---+---+---+---+---+
70 * | | | | | | | | | BP address
71 * +---+---+---+---+---+---+---+---+
72 * \_____________________/ \_____/
73 * | |
74 * | +---------------+
75 * | |
76 * BP table | v
77 * +------------+ | +-----------+
78 * | hBp 0 | | X <- | 0 | xxxxx |
79 * | hBp 1 | <----------------+------------------------ | 1 | hBp 1 |
80 * | | | +--- | 2 | idxL2 |
81 * | hBp <m> | <---+ v | |...| ... |
82 * | | | +-----------+ | |...| ... |
83 * | | | | | | |...| ... |
84 * | hBp <n> | <-+ +----- | +> leaf | | | . |
85 * | | | | | | | | . |
86 * | | | | + root + | <------------+ | . |
87 * | | | | | | +-----------+
88 * | | +------- | leaf<+ | L1: 65536
89 * | . | | . |
90 * | . | | . |
91 * | . | | . |
92 * +------------+ +-----------+
93 * L2 idx BST
94 * @endverbatim
95 *
96 * -# Take the lowest 16 bits of the breakpoint address and use it as an direct index
97 * into the L1 table. The L1 table is contiguous and consists of 4 byte entries
98 * resulting in 256KiB of memory used. The topmost 4 bits indicate how to proceed
99 * and the meaning of the remaining 28bits depends on the topmost 4 bits:
100 * - A 0 type entry means no breakpoint is registered with the matching lowest 16bits,
101 * so forward the event to the guest.
102 * - A 1 in the topmost 4 bits means that the remaining 28bits directly denote a breakpoint
103 * handle which can be resolved by extracting the chunk index and index into the chunk
104 * of the global breakpoint table. If the address matches the breakpoint is processed
105 * according to the configuration. Otherwise the breakpoint is again forwarded to the guest.
106 * - A 2 in the topmost 4 bits means that there are multiple breakpoints registered
107 * matching the lowest 16bits and the search must continue in the L2 table with the
108 * remaining 28bits acting as an index into the L2 table indicating the search root.
109 * -# The L2 table consists of multiple index based binary search trees, there is one for each reference
110 * from the L1 table. The key for the table are the upper 6 bytes of the breakpoint address
111 * used for searching. This tree is traversed until either a matching address is found and
112 * the breakpoint is being processed or again forwarded to the guest if it isn't successful.
113 * Each entry in the L2 table is 16 bytes big and densly packed to avoid excessive memory usage.
114 *
115 * @section sec_dbgf_bp_ioport Handling I/O port breakpoints
116 *
117 * Because of the limited amount of I/O ports being available (65536) a single table with 65536 entries,
118 * each 4 byte big will be allocated. This amounts to 256KiB of memory being used additionally as soon as
119 * an I/O breakpoint is enabled. The entries contain the breakpoint handle directly allowing only one breakpoint
120 * per port right now, which is something we accept as a limitation right now to keep things relatively simple.
121 * When there is at least one I/O breakpoint active IOM will be notified and it will afterwards call the DBGF API
122 * whenever the guest does an I/O port access to decide whether a breakpoint was hit. This keeps the overhead small
123 * when there is no I/O port breakpoint enabled.
124 *
125 * @section sec_dbgf_bp_note Random thoughts and notes for the implementation
126 *
127 * - The assumption for this approach is that the lowest 16bits of the breakpoint address are
128 * hopefully the ones being the most varying ones across breakpoints so the traversal
129 * can skip the L2 table in most of the cases. Even if the L2 table must be taken the
130 * individual trees should be quite shallow resulting in low overhead when walking it
131 * (though only real world testing can assert this assumption).
132 * - Index based tables and trees are used instead of pointers because the tables
133 * are always mapped into ring-0 and ring-3 with different base addresses.
134 * - Efficent breakpoint allocation is done by having a global bitmap indicating free
135 * and occupied breakpoint entries. Same applies for the L2 BST table.
136 * - Special care must be taken when modifying the L1 and L2 tables as other EMTs
137 * might still access it (want to try a lockless approach first using
138 * atomic updates, have to resort to locking if that turns out to be too difficult).
139 * - Each BP entry is supposed to be 64 byte big and each chunk should contain 65536
140 * breakpoints which results in 4MiB for each chunk plus the allocation bitmap.
141 * - ring-0 has to take special care when traversing the L2 BST to not run into cycles
142 * and do strict bounds checking before accessing anything. The L1 and L2 table
143 * are written to from ring-3 only. Same goes for the breakpoint table with the
144 * exception being the opaque user argument for ring-0 which is stored in ring-0 only
145 * memory.
146 */
147
148
149/*********************************************************************************************************************************
150* Header Files *
151*********************************************************************************************************************************/
152#define LOG_GROUP LOG_GROUP_DBGF
153#define VMCPU_INCL_CPUM_GST_CTX
154#include <VBox/vmm/dbgf.h>
155#include <VBox/vmm/selm.h>
156#include <VBox/vmm/iem.h>
157#include <VBox/vmm/mm.h>
158#include <VBox/vmm/iom.h>
159#include <VBox/vmm/hm.h>
160#include "DBGFInternal.h"
161#include <VBox/vmm/vm.h>
162#include <VBox/vmm/uvm.h>
163
164#include <VBox/err.h>
165#include <VBox/log.h>
166#include <iprt/assert.h>
167#include <iprt/mem.h>
168
169#include "DBGFInline.h"
170
171
172/*********************************************************************************************************************************
173* Structures and Typedefs *
174*********************************************************************************************************************************/
175
176
177/*********************************************************************************************************************************
178* Internal Functions *
179*********************************************************************************************************************************/
180RT_C_DECLS_BEGIN
181RT_C_DECLS_END
182
183
184/**
185 * Initialize the breakpoint mangement.
186 *
187 * @returns VBox status code.
188 * @param pUVM The user mode VM handle.
189 */
190DECLHIDDEN(int) dbgfR3BpInit(PUVM pUVM)
191{
192 PVM pVM = pUVM->pVM;
193
194 //pUVM->dbgf.s.paBpOwnersR3 = NULL;
195 //pUVM->dbgf.s.pbmBpOwnersAllocR3 = NULL;
196
197 /* Init hardware breakpoint states. */
198 for (uint32_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
199 {
200 PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
201
202 AssertCompileSize(DBGFBP, sizeof(uint32_t));
203 pHwBp->hBp = NIL_DBGFBP;
204 //pHwBp->fEnabled = false;
205 }
206
207 /* Now the global breakpoint table chunks. */
208 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
209 {
210 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
211
212 //pBpChunk->pBpBaseR3 = NULL;
213 //pBpChunk->pbmAlloc = NULL;
214 //pBpChunk->cBpsFree = 0;
215 pBpChunk->idChunk = DBGF_BP_CHUNK_ID_INVALID; /* Not allocated. */
216 }
217
218 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpL2TblChunks); i++)
219 {
220 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[i];
221
222 //pL2Chunk->pL2BaseR3 = NULL;
223 //pL2Chunk->pbmAlloc = NULL;
224 //pL2Chunk->cFree = 0;
225 pL2Chunk->idChunk = DBGF_BP_CHUNK_ID_INVALID; /* Not allocated. */
226 }
227
228 //pUVM->dbgf.s.paBpLocL1R3 = NULL;
229 //pUVM->dbgf.s.paBpLocPortIoR3 = NULL;
230 pUVM->dbgf.s.hMtxBpL2Wr = NIL_RTSEMFASTMUTEX;
231 return RTSemFastMutexCreate(&pUVM->dbgf.s.hMtxBpL2Wr);
232}
233
234
235/**
236 * Terminates the breakpoint mangement.
237 *
238 * @returns VBox status code.
239 * @param pUVM The user mode VM handle.
240 */
241DECLHIDDEN(int) dbgfR3BpTerm(PUVM pUVM)
242{
243 if (pUVM->dbgf.s.pbmBpOwnersAllocR3)
244 {
245 RTMemFree((void *)pUVM->dbgf.s.pbmBpOwnersAllocR3);
246 pUVM->dbgf.s.pbmBpOwnersAllocR3 = NULL;
247 }
248
249 /* Free all allocated chunk bitmaps (the chunks itself are destroyed during ring-0 VM destruction). */
250 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
251 {
252 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
253
254 if (pBpChunk->idChunk != DBGF_BP_CHUNK_ID_INVALID)
255 {
256 AssertPtr(pBpChunk->pbmAlloc);
257 RTMemFree((void *)pBpChunk->pbmAlloc);
258 pBpChunk->pbmAlloc = NULL;
259 pBpChunk->idChunk = DBGF_BP_CHUNK_ID_INVALID;
260 }
261 }
262
263 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpL2TblChunks); i++)
264 {
265 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[i];
266
267 if (pL2Chunk->idChunk != DBGF_BP_CHUNK_ID_INVALID)
268 {
269 AssertPtr(pL2Chunk->pbmAlloc);
270 RTMemFree((void *)pL2Chunk->pbmAlloc);
271 pL2Chunk->pbmAlloc = NULL;
272 pL2Chunk->idChunk = DBGF_BP_CHUNK_ID_INVALID;
273 }
274 }
275
276 if (pUVM->dbgf.s.hMtxBpL2Wr != NIL_RTSEMFASTMUTEX)
277 {
278 RTSemFastMutexDestroy(pUVM->dbgf.s.hMtxBpL2Wr);
279 pUVM->dbgf.s.hMtxBpL2Wr = NIL_RTSEMFASTMUTEX;
280 }
281
282 return VINF_SUCCESS;
283}
284
285
286/**
287 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
288 */
289static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpInitEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
290{
291 RT_NOREF(pvUser);
292
293 VMCPU_ASSERT_EMT(pVCpu);
294 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
295
296 /*
297 * The initialization will be done on EMT(0). It is possible that multiple
298 * initialization attempts are done because dbgfR3BpEnsureInit() can be called
299 * from racing non EMT threads when trying to set a breakpoint for the first time.
300 * Just fake success if the L1 is already present which means that a previous rendezvous
301 * successfully initialized the breakpoint manager.
302 */
303 PUVM pUVM = pVM->pUVM;
304 if ( pVCpu->idCpu == 0
305 && !pUVM->dbgf.s.paBpLocL1R3)
306 {
307 DBGFBPINITREQ Req;
308 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
309 Req.Hdr.cbReq = sizeof(Req);
310 Req.paBpLocL1R3 = NULL;
311 int rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_INIT, 0 /*u64Arg*/, &Req.Hdr);
312 AssertLogRelMsgRCReturn(rc, ("VMMR0_DO_DBGF_BP_INIT failed: %Rrc\n", rc), rc);
313 pUVM->dbgf.s.paBpLocL1R3 = Req.paBpLocL1R3;
314 }
315
316 return VINF_SUCCESS;
317}
318
319
320/**
321 * Ensures that the breakpoint manager is fully initialized.
322 *
323 * @returns VBox status code.
324 * @param pUVM The user mode VM handle.
325 *
326 * @thread Any thread.
327 */
328static int dbgfR3BpEnsureInit(PUVM pUVM)
329{
330 /* If the L1 lookup table is allocated initialization succeeded before. */
331 if (RT_LIKELY(pUVM->dbgf.s.paBpLocL1R3))
332 return VINF_SUCCESS;
333
334 /* Gather all EMTs and call into ring-0 to initialize the breakpoint manager. */
335 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpInitEmtWorker, NULL /*pvUser*/);
336}
337
338
339/**
340 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
341 */
342static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpPortIoInitEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
343{
344 RT_NOREF(pvUser);
345
346 VMCPU_ASSERT_EMT(pVCpu);
347 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
348
349 /*
350 * The initialization will be done on EMT(0). It is possible that multiple
351 * initialization attempts are done because dbgfR3BpPortIoEnsureInit() can be called
352 * from racing non EMT threads when trying to set a breakpoint for the first time.
353 * Just fake success if the L1 is already present which means that a previous rendezvous
354 * successfully initialized the breakpoint manager.
355 */
356 PUVM pUVM = pVM->pUVM;
357 if ( pVCpu->idCpu == 0
358 && !pUVM->dbgf.s.paBpLocPortIoR3)
359 {
360 DBGFBPINITREQ Req;
361 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
362 Req.Hdr.cbReq = sizeof(Req);
363 Req.paBpLocL1R3 = NULL;
364 int rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_PORTIO_INIT, 0 /*u64Arg*/, &Req.Hdr);
365 AssertLogRelMsgRCReturn(rc, ("VMMR0_DO_DBGF_BP_PORTIO_INIT failed: %Rrc\n", rc), rc);
366 pUVM->dbgf.s.paBpLocPortIoR3 = Req.paBpLocL1R3;
367 }
368
369 return VINF_SUCCESS;
370}
371
372
373/**
374 * Ensures that the breakpoint manager is initialized to handle I/O port breakpoint.
375 *
376 * @returns VBox status code.
377 * @param pUVM The user mode VM handle.
378 *
379 * @thread Any thread.
380 */
381static int dbgfR3BpPortIoEnsureInit(PUVM pUVM)
382{
383 /* If the L1 lookup table is allocated initialization succeeded before. */
384 if (RT_LIKELY(pUVM->dbgf.s.paBpLocPortIoR3))
385 return VINF_SUCCESS;
386
387 /* Ensure that the breakpoint manager is initialized. */
388 int rc = dbgfR3BpEnsureInit(pUVM);
389 if (RT_FAILURE(rc))
390 return rc;
391
392 /* Gather all EMTs and call into ring-0 to initialize the breakpoint manager. */
393 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpPortIoInitEmtWorker, NULL /*pvUser*/);
394}
395
396
397/**
398 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
399 */
400static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpOwnerInitEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
401{
402 RT_NOREF(pvUser);
403
404 VMCPU_ASSERT_EMT(pVCpu);
405 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
406
407 /*
408 * The initialization will be done on EMT(0). It is possible that multiple
409 * initialization attempts are done because dbgfR3BpOwnerEnsureInit() can be called
410 * from racing non EMT threads when trying to create a breakpoint owner for the first time.
411 * Just fake success if the pointers are initialized already, meaning that a previous rendezvous
412 * successfully initialized the breakpoint owner table.
413 */
414 int rc = VINF_SUCCESS;
415 PUVM pUVM = pVM->pUVM;
416 if ( pVCpu->idCpu == 0
417 && !pUVM->dbgf.s.pbmBpOwnersAllocR3)
418 {
419 pUVM->dbgf.s.pbmBpOwnersAllocR3 = (volatile void *)RTMemAllocZ(DBGF_BP_OWNER_COUNT_MAX / 8);
420 if (pUVM->dbgf.s.pbmBpOwnersAllocR3)
421 {
422 DBGFBPOWNERINITREQ Req;
423 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
424 Req.Hdr.cbReq = sizeof(Req);
425 Req.paBpOwnerR3 = NULL;
426 rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_OWNER_INIT, 0 /*u64Arg*/, &Req.Hdr);
427 AssertLogRelMsgRC(rc, ("VMMR0_DO_DBGF_BP_OWNER_INIT failed: %Rrc\n", rc));
428 if (RT_SUCCESS(rc))
429 {
430 pUVM->dbgf.s.paBpOwnersR3 = (PDBGFBPOWNERINT)Req.paBpOwnerR3;
431 return VINF_SUCCESS;
432 }
433
434 RTMemFree((void *)pUVM->dbgf.s.pbmBpOwnersAllocR3);
435 pUVM->dbgf.s.pbmBpOwnersAllocR3 = NULL;
436 }
437 else
438 rc = VERR_NO_MEMORY;
439 }
440
441 return rc;
442}
443
444
445/**
446 * Ensures that the breakpoint manager is fully initialized.
447 *
448 * @returns VBox status code.
449 * @param pUVM The user mode VM handle.
450 *
451 * @thread Any thread.
452 */
453static int dbgfR3BpOwnerEnsureInit(PUVM pUVM)
454{
455 /* If the allocation bitmap is allocated initialization succeeded before. */
456 if (RT_LIKELY(pUVM->dbgf.s.pbmBpOwnersAllocR3))
457 return VINF_SUCCESS;
458
459 /* Gather all EMTs and call into ring-0 to initialize the breakpoint manager. */
460 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpOwnerInitEmtWorker, NULL /*pvUser*/);
461}
462
463
464/**
465 * Retains the given breakpoint owner handle for use.
466 *
467 * @returns VBox status code.
468 * @retval VERR_INVALID_HANDLE if the given breakpoint owner handle is invalid.
469 * @param pUVM The user mode VM handle.
470 * @param hBpOwner The breakpoint owner handle to retain, NIL_DBGFOWNER is accepted without doing anything.
471 * @param fIo Flag whether the owner must have the I/O handler set because it used by an I/O breakpoint.
472 */
473DECLINLINE(int) dbgfR3BpOwnerRetain(PUVM pUVM, DBGFBPOWNER hBpOwner, bool fIo)
474{
475 if (hBpOwner == NIL_DBGFBPOWNER)
476 return VINF_SUCCESS;
477
478 PDBGFBPOWNERINT pBpOwner = dbgfR3BpOwnerGetByHnd(pUVM, hBpOwner);
479 if (pBpOwner)
480 {
481 AssertReturn ( ( fIo
482 && pBpOwner->pfnBpIoHitR3)
483 || ( !fIo
484 && pBpOwner->pfnBpHitR3),
485 VERR_INVALID_HANDLE);
486 ASMAtomicIncU32(&pBpOwner->cRefs);
487 return VINF_SUCCESS;
488 }
489
490 return VERR_INVALID_HANDLE;
491}
492
493
494/**
495 * Releases the given breakpoint owner handle.
496 *
497 * @returns VBox status code.
498 * @retval VERR_INVALID_HANDLE if the given breakpoint owner handle is invalid.
499 * @param pUVM The user mode VM handle.
500 * @param hBpOwner The breakpoint owner handle to retain, NIL_DBGFOWNER is accepted without doing anything.
501 */
502DECLINLINE(int) dbgfR3BpOwnerRelease(PUVM pUVM, DBGFBPOWNER hBpOwner)
503{
504 if (hBpOwner == NIL_DBGFBPOWNER)
505 return VINF_SUCCESS;
506
507 PDBGFBPOWNERINT pBpOwner = dbgfR3BpOwnerGetByHnd(pUVM, hBpOwner);
508 if (pBpOwner)
509 {
510 Assert(pBpOwner->cRefs > 1);
511 ASMAtomicDecU32(&pBpOwner->cRefs);
512 return VINF_SUCCESS;
513 }
514
515 return VERR_INVALID_HANDLE;
516}
517
518
519/**
520 * Returns the internal breakpoint state for the given handle.
521 *
522 * @returns Pointer to the internal breakpoint state or NULL if the handle is invalid.
523 * @param pUVM The user mode VM handle.
524 * @param hBp The breakpoint handle to resolve.
525 */
526DECLINLINE(PDBGFBPINT) dbgfR3BpGetByHnd(PUVM pUVM, DBGFBP hBp)
527{
528 uint32_t idChunk = DBGF_BP_HND_GET_CHUNK_ID(hBp);
529 uint32_t idxEntry = DBGF_BP_HND_GET_ENTRY(hBp);
530
531 AssertReturn(idChunk < DBGF_BP_CHUNK_COUNT, NULL);
532 AssertReturn(idxEntry < DBGF_BP_COUNT_PER_CHUNK, NULL);
533
534 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
535 AssertReturn(pBpChunk->idChunk == idChunk, NULL);
536 AssertPtrReturn(pBpChunk->pbmAlloc, NULL);
537 AssertReturn(ASMBitTest(pBpChunk->pbmAlloc, idxEntry), NULL);
538
539 return &pBpChunk->pBpBaseR3[idxEntry];
540}
541
542
543/**
544 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
545 */
546static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpChunkAllocEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
547{
548 uint32_t idChunk = (uint32_t)(uintptr_t)pvUser;
549
550 VMCPU_ASSERT_EMT(pVCpu);
551 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
552
553 AssertReturn(idChunk < DBGF_BP_CHUNK_COUNT, VERR_DBGF_BP_IPE_1);
554
555 PUVM pUVM = pVM->pUVM;
556 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
557
558 AssertReturn( pBpChunk->idChunk == DBGF_BP_CHUNK_ID_INVALID
559 || pBpChunk->idChunk == idChunk,
560 VERR_DBGF_BP_IPE_2);
561
562 /*
563 * The initialization will be done on EMT(0). It is possible that multiple
564 * allocation attempts are done when multiple racing non EMT threads try to
565 * allocate a breakpoint and a new chunk needs to be allocated.
566 * Ignore the request and succeed if the chunk is allocated meaning that a
567 * previous rendezvous successfully allocated the chunk.
568 */
569 int rc = VINF_SUCCESS;
570 if ( pVCpu->idCpu == 0
571 && pBpChunk->idChunk == DBGF_BP_CHUNK_ID_INVALID)
572 {
573 /* Allocate the bitmap first so we can skip calling into VMMR0 if it fails. */
574 AssertCompile(!(DBGF_BP_COUNT_PER_CHUNK % 8));
575 volatile void *pbmAlloc = RTMemAllocZ(DBGF_BP_COUNT_PER_CHUNK / 8);
576 if (RT_LIKELY(pbmAlloc))
577 {
578 DBGFBPCHUNKALLOCREQ Req;
579 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
580 Req.Hdr.cbReq = sizeof(Req);
581 Req.idChunk = idChunk;
582 Req.pChunkBaseR3 = NULL;
583 rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_CHUNK_ALLOC, 0 /*u64Arg*/, &Req.Hdr);
584 AssertLogRelMsgRC(rc, ("VMMR0_DO_DBGF_BP_CHUNK_ALLOC failed: %Rrc\n", rc));
585 if (RT_SUCCESS(rc))
586 {
587 pBpChunk->pBpBaseR3 = (PDBGFBPINT)Req.pChunkBaseR3;
588 pBpChunk->pbmAlloc = pbmAlloc;
589 pBpChunk->cBpsFree = DBGF_BP_COUNT_PER_CHUNK;
590 pBpChunk->idChunk = idChunk;
591 return VINF_SUCCESS;
592 }
593
594 RTMemFree((void *)pbmAlloc);
595 }
596 else
597 rc = VERR_NO_MEMORY;
598 }
599
600 return rc;
601}
602
603
604/**
605 * Tries to allocate the given chunk which requires an EMT rendezvous.
606 *
607 * @returns VBox status code.
608 * @param pUVM The user mode VM handle.
609 * @param idChunk The chunk to allocate.
610 *
611 * @thread Any thread.
612 */
613DECLINLINE(int) dbgfR3BpChunkAlloc(PUVM pUVM, uint32_t idChunk)
614{
615 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpChunkAllocEmtWorker, (void *)(uintptr_t)idChunk);
616}
617
618
619/**
620 * Tries to allocate a new breakpoint of the given type.
621 *
622 * @returns VBox status code.
623 * @param pUVM The user mode VM handle.
624 * @param hOwner The owner handle, NIL_DBGFBPOWNER if none assigned.
625 * @param pvUser Opaque user data passed in the owner callback.
626 * @param enmType Breakpoint type to allocate.
627 * @param fFlags Flags assoicated with the allocated breakpoint.
628 * @param iHitTrigger The hit count at which the breakpoint start triggering.
629 * Use 0 (or 1) if it's gonna trigger at once.
630 * @param iHitDisable The hit count which disables the breakpoint.
631 * Use ~(uint64_t) if it's never gonna be disabled.
632 * @param phBp Where to return the opaque breakpoint handle on success.
633 * @param ppBp Where to return the pointer to the internal breakpoint state on success.
634 *
635 * @thread Any thread.
636 */
637static int dbgfR3BpAlloc(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser, DBGFBPTYPE enmType,
638 uint16_t fFlags, uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp,
639 PDBGFBPINT *ppBp)
640{
641 bool fIo = enmType == DBGFBPTYPE_PORT_IO
642 || enmType == DBGFBPTYPE_MMIO;
643 int rc = dbgfR3BpOwnerRetain(pUVM, hOwner, fIo);
644 if (RT_FAILURE(rc))
645 return rc;
646
647 /*
648 * Search for a chunk having a free entry, allocating new chunks
649 * if the encountered ones are full.
650 *
651 * This can be called from multiple threads at the same time so special care
652 * has to be taken to not require any locking here.
653 */
654 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
655 {
656 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
657
658 uint32_t idChunk = ASMAtomicReadU32(&pBpChunk->idChunk);
659 if (idChunk == DBGF_BP_CHUNK_ID_INVALID)
660 {
661 rc = dbgfR3BpChunkAlloc(pUVM, i);
662 if (RT_FAILURE(rc))
663 {
664 LogRel(("DBGF/Bp: Allocating new breakpoint table chunk failed with %Rrc\n", rc));
665 break;
666 }
667
668 idChunk = ASMAtomicReadU32(&pBpChunk->idChunk);
669 Assert(idChunk == i);
670 }
671
672 /** @todo Optimize with some hinting if this turns out to be too slow. */
673 for (;;)
674 {
675 uint32_t cBpsFree = ASMAtomicReadU32(&pBpChunk->cBpsFree);
676 if (cBpsFree)
677 {
678 /*
679 * Scan the associated bitmap for a free entry, if none can be found another thread
680 * raced us and we go to the next chunk.
681 */
682 int32_t iClr = ASMBitFirstClear(pBpChunk->pbmAlloc, DBGF_BP_COUNT_PER_CHUNK);
683 if (iClr != -1)
684 {
685 /*
686 * Try to allocate, we could get raced here as well. In that case
687 * we try again.
688 */
689 if (!ASMAtomicBitTestAndSet(pBpChunk->pbmAlloc, iClr))
690 {
691 /* Success, immediately mark as allocated, initialize the breakpoint state and return. */
692 ASMAtomicDecU32(&pBpChunk->cBpsFree);
693
694 PDBGFBPINT pBp = &pBpChunk->pBpBaseR3[iClr];
695 pBp->Pub.cHits = 0;
696 pBp->Pub.iHitTrigger = iHitTrigger;
697 pBp->Pub.iHitDisable = iHitDisable;
698 pBp->Pub.hOwner = hOwner;
699 pBp->Pub.u16Type = DBGF_BP_PUB_MAKE_TYPE(enmType);
700 pBp->Pub.fFlags = fFlags & ~DBGF_BP_F_ENABLED; /* The enabled flag is handled in the respective APIs. */
701 pBp->pvUserR3 = pvUser;
702
703 /** @todo Owner handling (reference and call ring-0 if it has an ring-0 callback). */
704
705 *phBp = DBGF_BP_HND_CREATE(idChunk, iClr);
706 *ppBp = pBp;
707 return VINF_SUCCESS;
708 }
709 /* else Retry with another spot. */
710 }
711 else /* no free entry in bitmap, go to the next chunk */
712 break;
713 }
714 else /* !cBpsFree, go to the next chunk */
715 break;
716 }
717 }
718
719 rc = dbgfR3BpOwnerRelease(pUVM, hOwner); AssertRC(rc);
720 return VERR_DBGF_NO_MORE_BP_SLOTS;
721}
722
723
724/**
725 * Frees the given breakpoint handle.
726 *
727 * @returns nothing.
728 * @param pUVM The user mode VM handle.
729 * @param hBp The breakpoint handle to free.
730 * @param pBp The internal breakpoint state pointer.
731 */
732static void dbgfR3BpFree(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
733{
734 uint32_t idChunk = DBGF_BP_HND_GET_CHUNK_ID(hBp);
735 uint32_t idxEntry = DBGF_BP_HND_GET_ENTRY(hBp);
736
737 AssertReturnVoid(idChunk < DBGF_BP_CHUNK_COUNT);
738 AssertReturnVoid(idxEntry < DBGF_BP_COUNT_PER_CHUNK);
739
740 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
741 AssertPtrReturnVoid(pBpChunk->pbmAlloc);
742 AssertReturnVoid(ASMBitTest(pBpChunk->pbmAlloc, idxEntry));
743
744 /** @todo Need a trip to Ring-0 if an owner is assigned with a Ring-0 part to clear the breakpoint. */
745 int rc = dbgfR3BpOwnerRelease(pUVM, pBp->Pub.hOwner); AssertRC(rc); RT_NOREF(rc);
746 memset(pBp, 0, sizeof(*pBp));
747
748 ASMAtomicBitClear(pBpChunk->pbmAlloc, idxEntry);
749 ASMAtomicIncU32(&pBpChunk->cBpsFree);
750}
751
752
753/**
754 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
755 */
756static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpL2TblChunkAllocEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
757{
758 uint32_t idChunk = (uint32_t)(uintptr_t)pvUser;
759
760 VMCPU_ASSERT_EMT(pVCpu);
761 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
762
763 AssertReturn(idChunk < DBGF_BP_L2_TBL_CHUNK_COUNT, VERR_DBGF_BP_IPE_1);
764
765 PUVM pUVM = pVM->pUVM;
766 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[idChunk];
767
768 AssertReturn( pL2Chunk->idChunk == DBGF_BP_L2_IDX_CHUNK_ID_INVALID
769 || pL2Chunk->idChunk == idChunk,
770 VERR_DBGF_BP_IPE_2);
771
772 /*
773 * The initialization will be done on EMT(0). It is possible that multiple
774 * allocation attempts are done when multiple racing non EMT threads try to
775 * allocate a breakpoint and a new chunk needs to be allocated.
776 * Ignore the request and succeed if the chunk is allocated meaning that a
777 * previous rendezvous successfully allocated the chunk.
778 */
779 int rc = VINF_SUCCESS;
780 if ( pVCpu->idCpu == 0
781 && pL2Chunk->idChunk == DBGF_BP_L2_IDX_CHUNK_ID_INVALID)
782 {
783 /* Allocate the bitmap first so we can skip calling into VMMR0 if it fails. */
784 AssertCompile(!(DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK % 8));
785 volatile void *pbmAlloc = RTMemAllocZ(DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK / 8);
786 if (RT_LIKELY(pbmAlloc))
787 {
788 DBGFBPL2TBLCHUNKALLOCREQ Req;
789 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
790 Req.Hdr.cbReq = sizeof(Req);
791 Req.idChunk = idChunk;
792 Req.pChunkBaseR3 = NULL;
793 rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_L2_TBL_CHUNK_ALLOC, 0 /*u64Arg*/, &Req.Hdr);
794 AssertLogRelMsgRC(rc, ("VMMR0_DO_DBGF_BP_L2_TBL_CHUNK_ALLOC failed: %Rrc\n", rc));
795 if (RT_SUCCESS(rc))
796 {
797 pL2Chunk->pL2BaseR3 = (PDBGFBPL2ENTRY)Req.pChunkBaseR3;
798 pL2Chunk->pbmAlloc = pbmAlloc;
799 pL2Chunk->cFree = DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK;
800 pL2Chunk->idChunk = idChunk;
801 return VINF_SUCCESS;
802 }
803
804 RTMemFree((void *)pbmAlloc);
805 }
806 else
807 rc = VERR_NO_MEMORY;
808 }
809
810 return rc;
811}
812
813
814/**
815 * Tries to allocate the given L2 table chunk which requires an EMT rendezvous.
816 *
817 * @returns VBox status code.
818 * @param pUVM The user mode VM handle.
819 * @param idChunk The chunk to allocate.
820 *
821 * @thread Any thread.
822 */
823DECLINLINE(int) dbgfR3BpL2TblChunkAlloc(PUVM pUVM, uint32_t idChunk)
824{
825 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpL2TblChunkAllocEmtWorker, (void *)(uintptr_t)idChunk);
826}
827
828
829/**
830 * Tries to allocate a new breakpoint of the given type.
831 *
832 * @returns VBox status code.
833 * @param pUVM The user mode VM handle.
834 * @param pidxL2Tbl Where to return the L2 table entry index on success.
835 * @param ppL2TblEntry Where to return the pointer to the L2 table entry on success.
836 *
837 * @thread Any thread.
838 */
839static int dbgfR3BpL2TblEntryAlloc(PUVM pUVM, uint32_t *pidxL2Tbl, PDBGFBPL2ENTRY *ppL2TblEntry)
840{
841 /*
842 * Search for a chunk having a free entry, allocating new chunks
843 * if the encountered ones are full.
844 *
845 * This can be called from multiple threads at the same time so special care
846 * has to be taken to not require any locking here.
847 */
848 for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpL2TblChunks); i++)
849 {
850 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[i];
851
852 uint32_t idChunk = ASMAtomicReadU32(&pL2Chunk->idChunk);
853 if (idChunk == DBGF_BP_L2_IDX_CHUNK_ID_INVALID)
854 {
855 int rc = dbgfR3BpL2TblChunkAlloc(pUVM, i);
856 if (RT_FAILURE(rc))
857 {
858 LogRel(("DBGF/Bp: Allocating new breakpoint L2 lookup table chunk failed with %Rrc\n", rc));
859 break;
860 }
861
862 idChunk = ASMAtomicReadU32(&pL2Chunk->idChunk);
863 Assert(idChunk == i);
864 }
865
866 /** @todo Optimize with some hinting if this turns out to be too slow. */
867 for (;;)
868 {
869 uint32_t cFree = ASMAtomicReadU32(&pL2Chunk->cFree);
870 if (cFree)
871 {
872 /*
873 * Scan the associated bitmap for a free entry, if none can be found another thread
874 * raced us and we go to the next chunk.
875 */
876 int32_t iClr = ASMBitFirstClear(pL2Chunk->pbmAlloc, DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK);
877 if (iClr != -1)
878 {
879 /*
880 * Try to allocate, we could get raced here as well. In that case
881 * we try again.
882 */
883 if (!ASMAtomicBitTestAndSet(pL2Chunk->pbmAlloc, iClr))
884 {
885 /* Success, immediately mark as allocated, initialize the breakpoint state and return. */
886 ASMAtomicDecU32(&pL2Chunk->cFree);
887
888 PDBGFBPL2ENTRY pL2Entry = &pL2Chunk->pL2BaseR3[iClr];
889
890 *pidxL2Tbl = DBGF_BP_L2_IDX_CREATE(idChunk, iClr);
891 *ppL2TblEntry = pL2Entry;
892 return VINF_SUCCESS;
893 }
894 /* else Retry with another spot. */
895 }
896 else /* no free entry in bitmap, go to the next chunk */
897 break;
898 }
899 else /* !cFree, go to the next chunk */
900 break;
901 }
902 }
903
904 return VERR_DBGF_NO_MORE_BP_SLOTS;
905}
906
907
908/**
909 * Frees the given breakpoint handle.
910 *
911 * @returns nothing.
912 * @param pUVM The user mode VM handle.
913 * @param idxL2Tbl The L2 table index to free.
914 * @param pL2TblEntry The L2 table entry pointer to free.
915 */
916static void dbgfR3BpL2TblEntryFree(PUVM pUVM, uint32_t idxL2Tbl, PDBGFBPL2ENTRY pL2TblEntry)
917{
918 uint32_t idChunk = DBGF_BP_L2_IDX_GET_CHUNK_ID(idxL2Tbl);
919 uint32_t idxEntry = DBGF_BP_L2_IDX_GET_ENTRY(idxL2Tbl);
920
921 AssertReturnVoid(idChunk < DBGF_BP_L2_TBL_CHUNK_COUNT);
922 AssertReturnVoid(idxEntry < DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK);
923
924 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[idChunk];
925 AssertPtrReturnVoid(pL2Chunk->pbmAlloc);
926 AssertReturnVoid(ASMBitTest(pL2Chunk->pbmAlloc, idxEntry));
927
928 memset(pL2TblEntry, 0, sizeof(*pL2TblEntry));
929
930 ASMAtomicBitClear(pL2Chunk->pbmAlloc, idxEntry);
931 ASMAtomicIncU32(&pL2Chunk->cFree);
932}
933
934
935/**
936 * Sets the enabled flag of the given breakpoint to the given value.
937 *
938 * @returns nothing.
939 * @param pBp The breakpoint to set the state.
940 * @param fEnabled Enabled status.
941 */
942DECLINLINE(void) dbgfR3BpSetEnabled(PDBGFBPINT pBp, bool fEnabled)
943{
944 if (fEnabled)
945 pBp->Pub.fFlags |= DBGF_BP_F_ENABLED;
946 else
947 pBp->Pub.fFlags &= ~DBGF_BP_F_ENABLED;
948}
949
950
951/**
952 * Assigns a hardware breakpoint state to the given register breakpoint.
953 *
954 * @returns VBox status code.
955 * @param pVM The cross-context VM structure pointer.
956 * @param hBp The breakpoint handle to assign.
957 * @param pBp The internal breakpoint state.
958 *
959 * @thread Any thread.
960 */
961static int dbgfR3BpRegAssign(PVM pVM, DBGFBP hBp, PDBGFBPINT pBp)
962{
963 AssertReturn(pBp->Pub.u.Reg.iReg == UINT8_MAX, VERR_DBGF_BP_IPE_3);
964
965 for (uint8_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
966 {
967 PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
968
969 AssertCompileSize(DBGFBP, sizeof(uint32_t));
970 if (ASMAtomicCmpXchgU32(&pHwBp->hBp, hBp, NIL_DBGFBP))
971 {
972 pHwBp->GCPtr = pBp->Pub.u.Reg.GCPtr;
973 pHwBp->fType = pBp->Pub.u.Reg.fType;
974 pHwBp->cb = pBp->Pub.u.Reg.cb;
975 pHwBp->fEnabled = DBGF_BP_PUB_IS_ENABLED(&pBp->Pub);
976
977 pBp->Pub.u.Reg.iReg = i;
978 return VINF_SUCCESS;
979 }
980 }
981
982 return VERR_DBGF_NO_MORE_BP_SLOTS;
983}
984
985
986/**
987 * Removes the assigned hardware breakpoint state from the given register breakpoint.
988 *
989 * @returns VBox status code.
990 * @param pVM The cross-context VM structure pointer.
991 * @param hBp The breakpoint handle to remove.
992 * @param pBp The internal breakpoint state.
993 *
994 * @thread Any thread.
995 */
996static int dbgfR3BpRegRemove(PVM pVM, DBGFBP hBp, PDBGFBPINT pBp)
997{
998 AssertReturn(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints), VERR_DBGF_BP_IPE_3);
999
1000 PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
1001 AssertReturn(pHwBp->hBp == hBp, VERR_DBGF_BP_IPE_4);
1002 AssertReturn(!pHwBp->fEnabled, VERR_DBGF_BP_IPE_5);
1003
1004 pHwBp->GCPtr = 0;
1005 pHwBp->fType = 0;
1006 pHwBp->cb = 0;
1007 ASMCompilerBarrier();
1008
1009 ASMAtomicWriteU32(&pHwBp->hBp, NIL_DBGFBP);
1010 return VINF_SUCCESS;
1011}
1012
1013
1014/**
1015 * Returns the pointer to the L2 table entry from the given index.
1016 *
1017 * @returns Current context pointer to the L2 table entry or NULL if the provided index value is invalid.
1018 * @param pUVM The user mode VM handle.
1019 * @param idxL2 The L2 table index to resolve.
1020 *
1021 * @note The content of the resolved L2 table entry is not validated!.
1022 */
1023DECLINLINE(PDBGFBPL2ENTRY) dbgfR3BpL2GetByIdx(PUVM pUVM, uint32_t idxL2)
1024{
1025 uint32_t idChunk = DBGF_BP_L2_IDX_GET_CHUNK_ID(idxL2);
1026 uint32_t idxEntry = DBGF_BP_L2_IDX_GET_ENTRY(idxL2);
1027
1028 AssertReturn(idChunk < DBGF_BP_L2_TBL_CHUNK_COUNT, NULL);
1029 AssertReturn(idxEntry < DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK, NULL);
1030
1031 PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[idChunk];
1032 AssertPtrReturn(pL2Chunk->pbmAlloc, NULL);
1033 AssertReturn(ASMBitTest(pL2Chunk->pbmAlloc, idxEntry), NULL);
1034
1035 return &pL2Chunk->CTX_SUFF(pL2Base)[idxEntry];
1036}
1037
1038
1039/**
1040 * Creates a binary search tree with the given root and leaf nodes.
1041 *
1042 * @returns VBox status code.
1043 * @param pUVM The user mode VM handle.
1044 * @param idxL1 The index into the L1 table where the created tree should be linked into.
1045 * @param u32EntryOld The old entry in the L1 table used to compare with in the atomic update.
1046 * @param hBpRoot The root node DBGF handle to assign.
1047 * @param GCPtrRoot The root nodes GC pointer to use as a key.
1048 * @param hBpLeaf The leafs node DBGF handle to assign.
1049 * @param GCPtrLeaf The leafs node GC pointer to use as a key.
1050 */
1051static int dbgfR3BpInt3L2BstCreate(PUVM pUVM, uint32_t idxL1, uint32_t u32EntryOld,
1052 DBGFBP hBpRoot, RTGCUINTPTR GCPtrRoot,
1053 DBGFBP hBpLeaf, RTGCUINTPTR GCPtrLeaf)
1054{
1055 AssertReturn(GCPtrRoot != GCPtrLeaf, VERR_DBGF_BP_IPE_9);
1056 Assert(DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(GCPtrRoot) == DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(GCPtrLeaf));
1057
1058 /* Allocate two nodes. */
1059 uint32_t idxL2Root = 0;
1060 PDBGFBPL2ENTRY pL2Root = NULL;
1061 int rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Root, &pL2Root);
1062 if (RT_SUCCESS(rc))
1063 {
1064 uint32_t idxL2Leaf = 0;
1065 PDBGFBPL2ENTRY pL2Leaf = NULL;
1066 rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Leaf, &pL2Leaf);
1067 if (RT_SUCCESS(rc))
1068 {
1069 dbgfBpL2TblEntryInit(pL2Leaf, hBpLeaf, GCPtrLeaf, DBGF_BP_L2_ENTRY_IDX_END, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
1070 if (GCPtrLeaf < GCPtrRoot)
1071 dbgfBpL2TblEntryInit(pL2Root, hBpRoot, GCPtrRoot, idxL2Leaf, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
1072 else
1073 dbgfBpL2TblEntryInit(pL2Root, hBpRoot, GCPtrRoot, DBGF_BP_L2_ENTRY_IDX_END, idxL2Leaf, 0 /*iDepth*/);
1074
1075 uint32_t const u32Entry = DBGF_BP_INT3_L1_ENTRY_CREATE_L2_IDX(idxL2Root);
1076 if (ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], u32Entry, u32EntryOld))
1077 return VINF_SUCCESS;
1078
1079 /* The L1 entry has changed due to another thread racing us during insertion, free nodes and try again. */
1080 rc = VINF_TRY_AGAIN;
1081 dbgfR3BpL2TblEntryFree(pUVM, idxL2Leaf, pL2Leaf);
1082 }
1083
1084 dbgfR3BpL2TblEntryFree(pUVM, idxL2Root, pL2Root);
1085 }
1086
1087 return rc;
1088}
1089
1090
1091/**
1092 * Inserts the given breakpoint handle into an existing binary search tree.
1093 *
1094 * @returns VBox status code.
1095 * @param pUVM The user mode VM handle.
1096 * @param idxL2Root The index of the tree root in the L2 table.
1097 * @param hBp The node DBGF handle to insert.
1098 * @param GCPtr The nodes GC pointer to use as a key.
1099 */
1100static int dbgfR3BpInt2L2BstNodeInsert(PUVM pUVM, uint32_t idxL2Root, DBGFBP hBp, RTGCUINTPTR GCPtr)
1101{
1102 GCPtr = DBGF_BP_INT3_L2_KEY_EXTRACT_FROM_ADDR(GCPtr);
1103
1104 /* Allocate a new node first. */
1105 uint32_t idxL2Nd = 0;
1106 PDBGFBPL2ENTRY pL2Nd = NULL;
1107 int rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Nd, &pL2Nd);
1108 if (RT_SUCCESS(rc))
1109 {
1110 /* Walk the tree and find the correct node to insert to. */
1111 PDBGFBPL2ENTRY pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Root);
1112 while (RT_LIKELY(pL2Entry))
1113 {
1114 /* Make a copy of the entry. */
1115 DBGFBPL2ENTRY L2Entry;
1116 L2Entry.u64GCPtrKeyAndBpHnd1 = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64GCPtrKeyAndBpHnd1);
1117 L2Entry.u64LeftRightIdxDepthBpHnd2 = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64LeftRightIdxDepthBpHnd2);
1118
1119 RTGCUINTPTR GCPtrL2Entry = DBGF_BP_L2_ENTRY_GET_GCPTR(L2Entry.u64GCPtrKeyAndBpHnd1);
1120 AssertBreak(GCPtr != GCPtrL2Entry);
1121
1122 /* Not found, get to the next level. */
1123 uint32_t idxL2Next = (GCPtr < GCPtrL2Entry)
1124 ? DBGF_BP_L2_ENTRY_GET_IDX_LEFT(L2Entry.u64LeftRightIdxDepthBpHnd2)
1125 : DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(L2Entry.u64LeftRightIdxDepthBpHnd2);
1126 if (idxL2Next == DBGF_BP_L2_ENTRY_IDX_END)
1127 {
1128 /* Insert the new node here. */
1129 dbgfBpL2TblEntryInit(pL2Nd, hBp, GCPtr, DBGF_BP_L2_ENTRY_IDX_END, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
1130 if (GCPtr < GCPtrL2Entry)
1131 dbgfBpL2TblEntryUpdateLeft(pL2Entry, idxL2Next, 0 /*iDepth*/);
1132 else
1133 dbgfBpL2TblEntryUpdateRight(pL2Entry, idxL2Next, 0 /*iDepth*/);
1134 return VINF_SUCCESS;
1135 }
1136
1137 pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Next);
1138 }
1139
1140 rc = VERR_DBGF_BP_L2_LOOKUP_FAILED;
1141 dbgfR3BpL2TblEntryFree(pUVM, idxL2Nd, pL2Nd);
1142 }
1143
1144 return rc;
1145}
1146
1147
1148/**
1149 * Adds the given breakpoint handle keyed with the GC pointer to the proper L2 binary search tree
1150 * possibly creating a new tree.
1151 *
1152 * @returns VBox status code.
1153 * @param pUVM The user mode VM handle.
1154 * @param idxL1 The index into the L1 table the breakpoint uses.
1155 * @param hBp The breakpoint handle which is to be added.
1156 * @param GCPtr The GC pointer the breakpoint is keyed with.
1157 */
1158static int dbgfR3BpInt3L2BstNodeAdd(PUVM pUVM, uint32_t idxL1, DBGFBP hBp, RTGCUINTPTR GCPtr)
1159{
1160 int rc = RTSemFastMutexRequest(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc);
1161
1162 uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]); /* Re-read, could get raced by a remove operation. */
1163 uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
1164 if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
1165 {
1166 /* Create a new search tree, gather the necessary information first. */
1167 DBGFBP hBp2 = DBGF_BP_INT3_L1_ENTRY_GET_BP_HND(u32Entry);
1168 PDBGFBPINT pBp2 = dbgfR3BpGetByHnd(pUVM, hBp2);
1169 AssertStmt(RT_VALID_PTR(pBp2), rc = VERR_DBGF_BP_IPE_7);
1170 if (RT_SUCCESS(rc))
1171 rc = dbgfR3BpInt3L2BstCreate(pUVM, idxL1, u32Entry, hBp, GCPtr, hBp2, pBp2->Pub.u.Int3.GCPtr);
1172 }
1173 else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
1174 rc = dbgfR3BpInt2L2BstNodeInsert(pUVM, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry), hBp, GCPtr);
1175
1176 int rc2 = RTSemFastMutexRelease(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc2);
1177 return rc;
1178}
1179
1180
1181/**
1182 * Gets the leftmost from the given tree node start index.
1183 *
1184 * @returns VBox status code.
1185 * @param pUVM The user mode VM handle.
1186 * @param idxL2Start The start index to walk from.
1187 * @param pidxL2Leftmost Where to store the L2 table index of the leftmost entry.
1188 * @param ppL2NdLeftmost Where to store the pointer to the leftmost L2 table entry.
1189 * @param pidxL2NdLeftParent Where to store the L2 table index of the leftmost entries parent.
1190 * @param ppL2NdLeftParent Where to store the pointer to the leftmost L2 table entries parent.
1191 */
1192static int dbgfR33BpInt3BstGetLeftmostEntryFromNode(PUVM pUVM, uint32_t idxL2Start,
1193 uint32_t *pidxL2Leftmost, PDBGFBPL2ENTRY *ppL2NdLeftmost,
1194 uint32_t *pidxL2NdLeftParent, PDBGFBPL2ENTRY *ppL2NdLeftParent)
1195{
1196 uint32_t idxL2Parent = DBGF_BP_L2_ENTRY_IDX_END;
1197 PDBGFBPL2ENTRY pL2NdParent = NULL;
1198
1199 for (;;)
1200 {
1201 PDBGFBPL2ENTRY pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Start);
1202 AssertPtr(pL2Entry);
1203
1204 uint32_t idxL2Left = DBGF_BP_L2_ENTRY_GET_IDX_LEFT(pL2Entry->u64LeftRightIdxDepthBpHnd2);
1205 if (idxL2Start == DBGF_BP_L2_ENTRY_IDX_END)
1206 {
1207 *pidxL2Leftmost = idxL2Start;
1208 *ppL2NdLeftmost = pL2Entry;
1209 *pidxL2NdLeftParent = idxL2Parent;
1210 *ppL2NdLeftParent = pL2NdParent;
1211 break;
1212 }
1213
1214 idxL2Parent = idxL2Start;
1215 idxL2Start = idxL2Left;
1216 pL2NdParent = pL2Entry;
1217 }
1218
1219 return VINF_SUCCESS;
1220}
1221
1222
1223/**
1224 * Removes the given node rearranging the tree.
1225 *
1226 * @returns VBox status code.
1227 * @param pUVM The user mode VM handle.
1228 * @param idxL1 The index into the L1 table pointing to the binary search tree containing the node.
1229 * @param idxL2Root The L2 table index where the tree root is located.
1230 * @param idxL2Nd The node index to remove.
1231 * @param pL2Nd The L2 table entry to remove.
1232 * @param idxL2NdParent The parents index, can be DBGF_BP_L2_ENTRY_IDX_END if the root is about to be removed.
1233 * @param pL2NdParent The parents L2 table entry, can be NULL if the root is about to be removed.
1234 * @param fLeftChild Flag whether the node is the left child of the parent or the right one.
1235 */
1236static int dbgfR3BpInt3BstNodeRemove(PUVM pUVM, uint32_t idxL1, uint32_t idxL2Root,
1237 uint32_t idxL2Nd, PDBGFBPL2ENTRY pL2Nd,
1238 uint32_t idxL2NdParent, PDBGFBPL2ENTRY pL2NdParent,
1239 bool fLeftChild)
1240{
1241 /*
1242 * If there are only two nodes remaining the tree will get destroyed and the
1243 * L1 entry will be converted to the direct handle type.
1244 */
1245 uint32_t idxL2Left = DBGF_BP_L2_ENTRY_GET_IDX_LEFT(pL2Nd->u64LeftRightIdxDepthBpHnd2);
1246 uint32_t idxL2Right = DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(pL2Nd->u64LeftRightIdxDepthBpHnd2);
1247
1248 Assert(idxL2NdParent != DBGF_BP_L2_ENTRY_IDX_END || !pL2NdParent); RT_NOREF(idxL2NdParent);
1249 uint32_t idxL2ParentNew = DBGF_BP_L2_ENTRY_IDX_END;
1250 if (idxL2Right == DBGF_BP_L2_ENTRY_IDX_END)
1251 idxL2ParentNew = idxL2Left;
1252 else
1253 {
1254 /* Find the leftmost entry of the right subtree and move it to the to be removed nodes location in the tree. */
1255 PDBGFBPL2ENTRY pL2NdLeftmostParent = NULL;
1256 PDBGFBPL2ENTRY pL2NdLeftmost = NULL;
1257 uint32_t idxL2NdLeftmostParent = DBGF_BP_L2_ENTRY_IDX_END;
1258 uint32_t idxL2Leftmost = DBGF_BP_L2_ENTRY_IDX_END;
1259 int rc = dbgfR33BpInt3BstGetLeftmostEntryFromNode(pUVM, idxL2Right, &idxL2Leftmost ,&pL2NdLeftmost,
1260 &idxL2NdLeftmostParent, &pL2NdLeftmostParent);
1261 AssertRCReturn(rc, rc);
1262
1263 if (pL2NdLeftmostParent)
1264 {
1265 /* Rearrange the leftmost entries parents pointer. */
1266 dbgfBpL2TblEntryUpdateLeft(pL2NdLeftmostParent, DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(pL2NdLeftmost->u64LeftRightIdxDepthBpHnd2), 0 /*iDepth*/);
1267 dbgfBpL2TblEntryUpdateRight(pL2NdLeftmost, idxL2Right, 0 /*iDepth*/);
1268 }
1269
1270 dbgfBpL2TblEntryUpdateLeft(pL2NdLeftmost, idxL2Left, 0 /*iDepth*/);
1271
1272 /* Update the remove nodes parent to point to the new node. */
1273 idxL2ParentNew = idxL2Leftmost;
1274 }
1275
1276 if (pL2NdParent)
1277 {
1278 /* Asssign the new L2 index to proper parents left or right pointer. */
1279 if (fLeftChild)
1280 dbgfBpL2TblEntryUpdateLeft(pL2NdParent, idxL2ParentNew, 0 /*iDepth*/);
1281 else
1282 dbgfBpL2TblEntryUpdateRight(pL2NdParent, idxL2ParentNew, 0 /*iDepth*/);
1283 }
1284 else
1285 {
1286 /* The root node is removed, set the new root in the L1 table. */
1287 Assert(idxL2ParentNew != DBGF_BP_L2_ENTRY_IDX_END);
1288 idxL2Root = idxL2ParentNew;
1289 ASMAtomicXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], DBGF_BP_INT3_L1_ENTRY_CREATE_L2_IDX(idxL2Left));
1290 }
1291
1292 /* Free the node. */
1293 dbgfR3BpL2TblEntryFree(pUVM, idxL2Nd, pL2Nd);
1294
1295 /*
1296 * Check whether the old/new root is the only node remaining and convert the L1
1297 * table entry to a direct breakpoint handle one in that case.
1298 */
1299 pL2Nd = dbgfR3BpL2GetByIdx(pUVM, idxL2Root);
1300 AssertPtr(pL2Nd);
1301 if ( DBGF_BP_L2_ENTRY_GET_IDX_LEFT(pL2Nd->u64LeftRightIdxDepthBpHnd2) == DBGF_BP_L2_ENTRY_IDX_END
1302 && DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(pL2Nd->u64LeftRightIdxDepthBpHnd2) == DBGF_BP_L2_ENTRY_IDX_END)
1303 {
1304 DBGFBP hBp = DBGF_BP_L2_ENTRY_GET_BP_HND(pL2Nd->u64GCPtrKeyAndBpHnd1, pL2Nd->u64LeftRightIdxDepthBpHnd2);
1305 dbgfR3BpL2TblEntryFree(pUVM, idxL2Root, pL2Nd);
1306 ASMAtomicXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], DBGF_BP_INT3_L1_ENTRY_CREATE_BP_HND(hBp));
1307 }
1308
1309 return VINF_SUCCESS;
1310}
1311
1312
1313/**
1314 * Removes the given breakpoint handle keyed with the GC pointer from the L2 binary search tree
1315 * pointed to by the given L2 root index.
1316 *
1317 * @returns VBox status code.
1318 * @param pUVM The user mode VM handle.
1319 * @param idxL1 The index into the L1 table pointing to the binary search tree.
1320 * @param idxL2Root The L2 table index where the tree root is located.
1321 * @param hBp The breakpoint handle which is to be removed.
1322 * @param GCPtr The GC pointer the breakpoint is keyed with.
1323 */
1324static int dbgfR3BpInt3L2BstRemove(PUVM pUVM, uint32_t idxL1, uint32_t idxL2Root, DBGFBP hBp, RTGCUINTPTR GCPtr)
1325{
1326 GCPtr = DBGF_BP_INT3_L2_KEY_EXTRACT_FROM_ADDR(GCPtr);
1327
1328 int rc = RTSemFastMutexRequest(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc);
1329
1330 uint32_t idxL2Cur = idxL2Root;
1331 uint32_t idxL2Parent = DBGF_BP_L2_ENTRY_IDX_END;
1332 bool fLeftChild = false;
1333 PDBGFBPL2ENTRY pL2EntryParent = NULL;
1334 for (;;)
1335 {
1336 PDBGFBPL2ENTRY pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Cur);
1337 AssertPtr(pL2Entry);
1338
1339 /* Check whether this node is to be removed.. */
1340 RTGCUINTPTR GCPtrL2Entry = DBGF_BP_L2_ENTRY_GET_GCPTR(pL2Entry->u64GCPtrKeyAndBpHnd1);
1341 if (GCPtrL2Entry == GCPtr)
1342 {
1343 Assert(DBGF_BP_L2_ENTRY_GET_BP_HND(pL2Entry->u64GCPtrKeyAndBpHnd1, pL2Entry->u64LeftRightIdxDepthBpHnd2) == hBp); RT_NOREF(hBp);
1344
1345 rc = dbgfR3BpInt3BstNodeRemove(pUVM, idxL1, idxL2Root, idxL2Cur, pL2Entry,
1346 idxL2Parent, pL2EntryParent, fLeftChild);
1347 break;
1348 }
1349
1350 pL2EntryParent = pL2Entry;
1351 idxL2Parent = idxL2Cur;
1352
1353 if (GCPtrL2Entry < GCPtr)
1354 {
1355 fLeftChild = true;
1356 idxL2Cur = DBGF_BP_L2_ENTRY_GET_IDX_LEFT(pL2Entry->u64LeftRightIdxDepthBpHnd2);
1357 }
1358 else
1359 {
1360 fLeftChild = false;
1361 idxL2Cur = DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(pL2Entry->u64LeftRightIdxDepthBpHnd2);
1362 }
1363
1364 AssertBreakStmt(idxL2Cur != DBGF_BP_L2_ENTRY_IDX_END, rc = VERR_DBGF_BP_L2_LOOKUP_FAILED);
1365 }
1366
1367 int rc2 = RTSemFastMutexRelease(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc2);
1368
1369 return rc;
1370}
1371
1372
1373/**
1374 * Adds the given int3 breakpoint to the appropriate lookup tables.
1375 *
1376 * @returns VBox status code.
1377 * @param pUVM The user mode VM handle.
1378 * @param hBp The breakpoint handle to add.
1379 * @param pBp The internal breakpoint state.
1380 */
1381static int dbgfR3BpInt3Add(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1382{
1383 AssertReturn(DBGF_BP_PUB_GET_TYPE(&pBp->Pub) == DBGFBPTYPE_INT3, VERR_DBGF_BP_IPE_3);
1384
1385 int rc = VINF_SUCCESS;
1386 uint16_t idxL1 = DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(pBp->Pub.u.Int3.GCPtr);
1387 uint8_t cTries = 16;
1388
1389 while (cTries--)
1390 {
1391 uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
1392 if (u32Entry == DBGF_BP_INT3_L1_ENTRY_TYPE_NULL)
1393 {
1394 /*
1395 * No breakpoint assigned so far for this entry, create an entry containing
1396 * the direct breakpoint handle and try to exchange it atomically.
1397 */
1398 u32Entry = DBGF_BP_INT3_L1_ENTRY_CREATE_BP_HND(hBp);
1399 if (ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], u32Entry, DBGF_BP_INT3_L1_ENTRY_TYPE_NULL))
1400 break;
1401 }
1402 else
1403 {
1404 rc = dbgfR3BpInt3L2BstNodeAdd(pUVM, idxL1, hBp, pBp->Pub.u.Int3.GCPtr);
1405 if (rc != VINF_TRY_AGAIN)
1406 break;
1407 }
1408 }
1409
1410 if ( RT_SUCCESS(rc)
1411 && !cTries) /* Too much contention, abort with an error. */
1412 rc = VERR_DBGF_BP_INT3_ADD_TRIES_REACHED;
1413
1414 return rc;
1415}
1416
1417
1418/**
1419 * Adds the given port I/O breakpoint to the appropriate lookup tables.
1420 *
1421 * @returns VBox status code.
1422 * @param pUVM The user mode VM handle.
1423 * @param hBp The breakpoint handle to add.
1424 * @param pBp The internal breakpoint state.
1425 */
1426static int dbgfR3BpPortIoAdd(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1427{
1428 AssertReturn(DBGF_BP_PUB_GET_TYPE(&pBp->Pub) == DBGFBPTYPE_PORT_IO, VERR_DBGF_BP_IPE_3);
1429
1430 uint16_t uPortExcl = pBp->Pub.u.PortIo.uPort + pBp->Pub.u.PortIo.cPorts;
1431 uint32_t u32Entry = DBGF_BP_INT3_L1_ENTRY_CREATE_BP_HND(hBp);
1432 for (uint16_t idxPort = pBp->Pub.u.PortIo.uPort; idxPort < uPortExcl; idxPort++)
1433 {
1434 bool fXchg = ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocPortIoR3[idxPort], u32Entry, DBGF_BP_INT3_L1_ENTRY_TYPE_NULL);
1435 if (!fXchg)
1436 {
1437 /* Something raced us, so roll back the other registrations. */
1438 while (idxPort > pBp->Pub.u.PortIo.uPort)
1439 {
1440 fXchg = ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocPortIoR3[idxPort], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry);
1441 Assert(fXchg); RT_NOREF(fXchg);
1442 }
1443
1444 return VERR_DBGF_BP_INT3_ADD_TRIES_REACHED; /** @todo New status code */
1445 }
1446 }
1447
1448 return VINF_SUCCESS;
1449}
1450
1451
1452/**
1453 * Get a breakpoint give by address.
1454 *
1455 * @returns The breakpoint handle on success or NIL_DBGF if not found.
1456 * @param pUVM The user mode VM handle.
1457 * @param enmType The breakpoint type.
1458 * @param GCPtr The breakpoint address.
1459 * @param ppBp Where to store the pointer to the internal breakpoint state on success, optional.
1460 */
1461static DBGFBP dbgfR3BpGetByAddr(PUVM pUVM, DBGFBPTYPE enmType, RTGCUINTPTR GCPtr, PDBGFBPINT *ppBp)
1462{
1463 DBGFBP hBp = NIL_DBGFBP;
1464
1465 switch (enmType)
1466 {
1467 case DBGFBPTYPE_REG:
1468 {
1469 PVM pVM = pUVM->pVM;
1470 VM_ASSERT_VALID_EXT_RETURN(pVM, NIL_DBGFBP);
1471
1472 for (uint32_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
1473 {
1474 PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
1475
1476 AssertCompileSize(DBGFBP, sizeof(uint32_t));
1477 DBGFBP hBpTmp = ASMAtomicReadU32(&pHwBp->hBp);
1478 if ( pHwBp->GCPtr == GCPtr
1479 && hBpTmp != NIL_DBGFBP)
1480 {
1481 hBp = hBpTmp;
1482 break;
1483 }
1484 }
1485
1486 break;
1487 }
1488
1489 case DBGFBPTYPE_INT3:
1490 {
1491 const uint16_t idxL1 = DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(GCPtr);
1492 const uint32_t u32L1Entry = ASMAtomicReadU32(&pUVM->dbgf.s.CTX_SUFF(paBpLocL1)[idxL1]);
1493
1494 if (u32L1Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL)
1495 {
1496 uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32L1Entry);
1497 if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
1498 hBp = DBGF_BP_INT3_L1_ENTRY_GET_BP_HND(u32L1Entry);
1499 else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
1500 {
1501 RTGCUINTPTR GCPtrKey = DBGF_BP_INT3_L2_KEY_EXTRACT_FROM_ADDR(GCPtr);
1502 PDBGFBPL2ENTRY pL2Nd = dbgfR3BpL2GetByIdx(pUVM, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32L1Entry));
1503
1504 for (;;)
1505 {
1506 AssertPtr(pL2Nd);
1507
1508 RTGCUINTPTR GCPtrL2Entry = DBGF_BP_L2_ENTRY_GET_GCPTR(pL2Nd->u64GCPtrKeyAndBpHnd1);
1509 if (GCPtrKey == GCPtrL2Entry)
1510 {
1511 hBp = DBGF_BP_L2_ENTRY_GET_BP_HND(pL2Nd->u64GCPtrKeyAndBpHnd1, pL2Nd->u64LeftRightIdxDepthBpHnd2);
1512 break;
1513 }
1514
1515 /* Not found, get to the next level. */
1516 uint32_t idxL2Next = (GCPtrKey < GCPtrL2Entry)
1517 ? DBGF_BP_L2_ENTRY_GET_IDX_LEFT(pL2Nd->u64LeftRightIdxDepthBpHnd2)
1518 : DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(pL2Nd->u64LeftRightIdxDepthBpHnd2);
1519 /* Address not found if the entry denotes the end. */
1520 if (idxL2Next == DBGF_BP_L2_ENTRY_IDX_END)
1521 break;
1522
1523 pL2Nd = dbgfR3BpL2GetByIdx(pUVM, idxL2Next);
1524 }
1525 }
1526 }
1527 break;
1528 }
1529
1530 default:
1531 AssertMsgFailed(("enmType=%d\n", enmType));
1532 break;
1533 }
1534
1535 if ( hBp != NIL_DBGFBP
1536 && ppBp)
1537 *ppBp = dbgfR3BpGetByHnd(pUVM, hBp);
1538 return hBp;
1539}
1540
1541
1542/**
1543 * Get a port I/O breakpoint given by the range.
1544 *
1545 * @returns The breakpoint handle on success or NIL_DBGF if not found.
1546 * @param pUVM The user mode VM handle.
1547 * @param uPort First port in the range.
1548 * @param cPorts Number of ports in the range.
1549 * @param ppBp Where to store the pointer to the internal breakpoint state on success, optional.
1550 */
1551static DBGFBP dbgfR3BpPortIoGetByRange(PUVM pUVM, RTIOPORT uPort, RTIOPORT cPorts, PDBGFBPINT *ppBp)
1552{
1553 DBGFBP hBp = NIL_DBGFBP;
1554
1555 for (RTIOPORT idxPort = uPort; idxPort < uPort + cPorts; idxPort++)
1556 {
1557 const uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.CTX_SUFF(paBpLocPortIo)[idxPort]);
1558 if (u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL)
1559 {
1560 hBp = DBGF_BP_INT3_L1_ENTRY_GET_BP_HND(u32Entry);
1561 break;
1562 }
1563 }
1564
1565 if ( hBp != NIL_DBGFBP
1566 && ppBp)
1567 *ppBp = dbgfR3BpGetByHnd(pUVM, hBp);
1568 return hBp;
1569}
1570
1571
1572/**
1573 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
1574 */
1575static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpInt3RemoveEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
1576{
1577 DBGFBP hBp = (DBGFBP)(uintptr_t)pvUser;
1578
1579 VMCPU_ASSERT_EMT(pVCpu);
1580 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
1581
1582 PUVM pUVM = pVM->pUVM;
1583 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
1584 AssertPtrReturn(pBp, VERR_DBGF_BP_IPE_8);
1585
1586 int rc = VINF_SUCCESS;
1587 if (pVCpu->idCpu == 0)
1588 {
1589 uint16_t idxL1 = DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(pBp->Pub.u.Int3.GCPtr);
1590 uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
1591 AssertReturn(u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, VERR_DBGF_BP_IPE_6);
1592
1593 uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
1594 if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
1595 {
1596 /* Single breakpoint, just exchange atomically with the null value. */
1597 if (!ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry))
1598 {
1599 /*
1600 * A breakpoint addition must have raced us converting the L1 entry to an L2 index type, re-read
1601 * and remove the node from the created binary search tree.
1602 *
1603 * This works because after the entry was converted to an L2 index it can only be converted back
1604 * to a direct handle by removing one or more nodes which always goes through the fast mutex
1605 * protecting the L2 table. Likewise adding a new breakpoint requires grabbing the mutex as well
1606 * so there is serialization here and the node can be removed safely without having to worry about
1607 * concurrent tree modifications.
1608 */
1609 u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
1610 AssertReturn(DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry) == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX, VERR_DBGF_BP_IPE_9);
1611
1612 rc = dbgfR3BpInt3L2BstRemove(pUVM, idxL1, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry),
1613 hBp, pBp->Pub.u.Int3.GCPtr);
1614 }
1615 }
1616 else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
1617 rc = dbgfR3BpInt3L2BstRemove(pUVM, idxL1, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry),
1618 hBp, pBp->Pub.u.Int3.GCPtr);
1619 }
1620
1621 return rc;
1622}
1623
1624
1625/**
1626 * Removes the given int3 breakpoint from all lookup tables.
1627 *
1628 * @returns VBox status code.
1629 * @param pUVM The user mode VM handle.
1630 * @param hBp The breakpoint handle to remove.
1631 * @param pBp The internal breakpoint state.
1632 */
1633static int dbgfR3BpInt3Remove(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1634{
1635 AssertReturn(DBGF_BP_PUB_GET_TYPE(&pBp->Pub) == DBGFBPTYPE_INT3, VERR_DBGF_BP_IPE_3);
1636
1637 /*
1638 * This has to be done by an EMT rendezvous in order to not have an EMT traversing
1639 * any L2 trees while it is being removed.
1640 */
1641 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpInt3RemoveEmtWorker, (void *)(uintptr_t)hBp);
1642}
1643
1644
1645/**
1646 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
1647 */
1648static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpPortIoRemoveEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
1649{
1650 DBGFBP hBp = (DBGFBP)(uintptr_t)pvUser;
1651
1652 VMCPU_ASSERT_EMT(pVCpu);
1653 VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
1654
1655 PUVM pUVM = pVM->pUVM;
1656 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
1657 AssertPtrReturn(pBp, VERR_DBGF_BP_IPE_8);
1658
1659 int rc = VINF_SUCCESS;
1660 if (pVCpu->idCpu == 0)
1661 {
1662 /*
1663 * Remove the whole range, there shouldn't be any other breakpoint configured for this range as this is not
1664 * allowed right now.
1665 */
1666 uint16_t uPortExcl = pBp->Pub.u.PortIo.uPort + pBp->Pub.u.PortIo.cPorts;
1667 for (uint16_t idxPort = pBp->Pub.u.PortIo.uPort; idxPort < uPortExcl; idxPort++)
1668 {
1669 uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocPortIoR3[idxPort]);
1670 AssertReturn(u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, VERR_DBGF_BP_IPE_6);
1671
1672 uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
1673 AssertReturn(u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND, VERR_DBGF_BP_IPE_7);
1674
1675 bool fXchg = ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocPortIoR3[idxPort], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry);
1676 Assert(fXchg); RT_NOREF(fXchg);
1677 }
1678 }
1679
1680 return rc;
1681}
1682
1683
1684/**
1685 * Removes the given port I/O breakpoint from all lookup tables.
1686 *
1687 * @returns VBox status code.
1688 * @param pUVM The user mode VM handle.
1689 * @param hBp The breakpoint handle to remove.
1690 * @param pBp The internal breakpoint state.
1691 */
1692static int dbgfR3BpPortIoRemove(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1693{
1694 AssertReturn(DBGF_BP_PUB_GET_TYPE(&pBp->Pub) == DBGFBPTYPE_PORT_IO, VERR_DBGF_BP_IPE_3);
1695
1696 /*
1697 * This has to be done by an EMT rendezvous in order to not have an EMT accessing
1698 * the breakpoint while it is removed.
1699 */
1700 return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpPortIoRemoveEmtWorker, (void *)(uintptr_t)hBp);
1701}
1702
1703
1704/**
1705 * @callback_method_impl{FNVMMEMTRENDEZVOUS}
1706 */
1707static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpRegRecalcOnCpu(PVM pVM, PVMCPU pVCpu, void *pvUser)
1708{
1709 RT_NOREF(pvUser);
1710
1711 /*
1712 * CPU 0 updates the enabled hardware breakpoint counts.
1713 */
1714 if (pVCpu->idCpu == 0)
1715 {
1716 pVM->dbgf.s.cEnabledHwBreakpoints = 0;
1717 pVM->dbgf.s.cEnabledHwIoBreakpoints = 0;
1718
1719 for (uint32_t iBp = 0; iBp < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); iBp++)
1720 {
1721 if (pVM->dbgf.s.aHwBreakpoints[iBp].fEnabled)
1722 {
1723 pVM->dbgf.s.cEnabledHwBreakpoints += 1;
1724 pVM->dbgf.s.cEnabledHwIoBreakpoints += pVM->dbgf.s.aHwBreakpoints[iBp].fType == X86_DR7_RW_IO;
1725 }
1726 }
1727 }
1728
1729 return CPUMRecalcHyperDRx(pVCpu, UINT8_MAX);
1730}
1731
1732
1733/**
1734 * Arms the given breakpoint.
1735 *
1736 * @returns VBox status code.
1737 * @param pUVM The user mode VM handle.
1738 * @param hBp The breakpoint handle to arm.
1739 * @param pBp The internal breakpoint state pointer for the handle.
1740 *
1741 * @thread Any thread.
1742 */
1743static int dbgfR3BpArm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1744{
1745 int rc = VINF_SUCCESS;
1746 PVM pVM = pUVM->pVM;
1747
1748 Assert(!DBGF_BP_PUB_IS_ENABLED(&pBp->Pub));
1749 switch (DBGF_BP_PUB_GET_TYPE(&pBp->Pub))
1750 {
1751 case DBGFBPTYPE_REG:
1752 {
1753 Assert(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints));
1754 PDBGFBPHW pBpHw = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
1755 Assert(pBpHw->hBp == hBp); RT_NOREF(hBp);
1756
1757 dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
1758 ASMAtomicWriteBool(&pBpHw->fEnabled, true);
1759 rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpRegRecalcOnCpu, NULL);
1760 if (RT_FAILURE(rc))
1761 {
1762 ASMAtomicWriteBool(&pBpHw->fEnabled, false);
1763 dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
1764 }
1765 break;
1766 }
1767 case DBGFBPTYPE_INT3:
1768 {
1769 dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
1770
1771 /** @todo When we enable the first int3 breakpoint we should do this in an EMT rendezvous
1772 * as the VMX code intercepts #BP only when at least one int3 breakpoint is enabled.
1773 * A racing vCPU might trigger it and forward it to the guest causing panics/crashes/havoc. */
1774 /*
1775 * Save current byte and write the int3 instruction byte.
1776 */
1777 rc = PGMPhysSimpleReadGCPhys(pVM, &pBp->Pub.u.Int3.bOrg, pBp->Pub.u.Int3.PhysAddr, sizeof(pBp->Pub.u.Int3.bOrg));
1778 if (RT_SUCCESS(rc))
1779 {
1780 static const uint8_t s_bInt3 = 0xcc;
1781 rc = PGMPhysSimpleWriteGCPhys(pVM, pBp->Pub.u.Int3.PhysAddr, &s_bInt3, sizeof(s_bInt3));
1782 if (RT_SUCCESS(rc))
1783 {
1784 ASMAtomicIncU32(&pVM->dbgf.s.cEnabledInt3Breakpoints);
1785 Log(("DBGF: Set breakpoint at %RGv (Phys %RGp)\n", pBp->Pub.u.Int3.GCPtr, pBp->Pub.u.Int3.PhysAddr));
1786 }
1787 }
1788
1789 if (RT_FAILURE(rc))
1790 dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
1791
1792 break;
1793 }
1794 case DBGFBPTYPE_PORT_IO:
1795 {
1796 dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
1797 ASMAtomicIncU32(&pUVM->dbgf.s.cPortIoBps);
1798 IOMR3NotifyBreakpointCountChange(pVM, true /*fPortIo*/, false /*fMmio*/);
1799 break;
1800 }
1801 case DBGFBPTYPE_MMIO:
1802 rc = VERR_NOT_IMPLEMENTED;
1803 break;
1804 default:
1805 AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(&pBp->Pub)),
1806 VERR_IPE_NOT_REACHED_DEFAULT_CASE);
1807 }
1808
1809 return rc;
1810}
1811
1812
1813/**
1814 * Disarms the given breakpoint.
1815 *
1816 * @returns VBox status code.
1817 * @param pUVM The user mode VM handle.
1818 * @param hBp The breakpoint handle to disarm.
1819 * @param pBp The internal breakpoint state pointer for the handle.
1820 *
1821 * @thread Any thread.
1822 */
1823static int dbgfR3BpDisarm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
1824{
1825 int rc = VINF_SUCCESS;
1826 PVM pVM = pUVM->pVM;
1827
1828 Assert(DBGF_BP_PUB_IS_ENABLED(&pBp->Pub));
1829 switch (DBGF_BP_PUB_GET_TYPE(&pBp->Pub))
1830 {
1831 case DBGFBPTYPE_REG:
1832 {
1833 Assert(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints));
1834 PDBGFBPHW pBpHw = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
1835 Assert(pBpHw->hBp == hBp); RT_NOREF(hBp);
1836
1837 dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
1838 ASMAtomicWriteBool(&pBpHw->fEnabled, false);
1839 rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpRegRecalcOnCpu, NULL);
1840 if (RT_FAILURE(rc))
1841 {
1842 ASMAtomicWriteBool(&pBpHw->fEnabled, true);
1843 dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
1844 }
1845 break;
1846 }
1847 case DBGFBPTYPE_INT3:
1848 {
1849 /*
1850 * Check that the current byte is the int3 instruction, and restore the original one.
1851 * We currently ignore invalid bytes.
1852 */
1853 uint8_t bCurrent = 0;
1854 rc = PGMPhysSimpleReadGCPhys(pVM, &bCurrent, pBp->Pub.u.Int3.PhysAddr, sizeof(bCurrent));
1855 if ( RT_SUCCESS(rc)
1856 && bCurrent == 0xcc)
1857 {
1858 rc = PGMPhysSimpleWriteGCPhys(pVM, pBp->Pub.u.Int3.PhysAddr, &pBp->Pub.u.Int3.bOrg, sizeof(pBp->Pub.u.Int3.bOrg));
1859 if (RT_SUCCESS(rc))
1860 {
1861 ASMAtomicDecU32(&pVM->dbgf.s.cEnabledInt3Breakpoints);
1862 dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
1863 Log(("DBGF: Removed breakpoint at %RGv (Phys %RGp)\n", pBp->Pub.u.Int3.GCPtr, pBp->Pub.u.Int3.PhysAddr));
1864 }
1865 }
1866 break;
1867 }
1868 case DBGFBPTYPE_PORT_IO:
1869 {
1870 dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
1871 uint32_t cPortIoBps = ASMAtomicDecU32(&pUVM->dbgf.s.cPortIoBps);
1872 if (!cPortIoBps) /** @todo Need to gather all EMTs to not have a stray EMT accessing BP data when it might go away. */
1873 IOMR3NotifyBreakpointCountChange(pVM, false /*fPortIo*/, false /*fMmio*/);
1874 break;
1875 }
1876 case DBGFBPTYPE_MMIO:
1877 rc = VERR_NOT_IMPLEMENTED;
1878 break;
1879 default:
1880 AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(&pBp->Pub)),
1881 VERR_IPE_NOT_REACHED_DEFAULT_CASE);
1882 }
1883
1884 return rc;
1885}
1886
1887
1888/**
1889 * Worker for DBGFR3BpHit() differnetiating on the breakpoint type.
1890 *
1891 * @returns Strict VBox status code.
1892 * @param pVM The cross context VM structure.
1893 * @param pVCpu The vCPU the breakpoint event happened on.
1894 * @param hBp The breakpoint handle.
1895 * @param pBp The breakpoint data.
1896 * @param pBpOwner The breakpoint owner data.
1897 *
1898 * @thread EMT
1899 */
1900static VBOXSTRICTRC dbgfR3BpHit(PVM pVM, PVMCPU pVCpu, DBGFBP hBp, PDBGFBPINT pBp, PCDBGFBPOWNERINT pBpOwner)
1901{
1902 VBOXSTRICTRC rcStrict = VINF_SUCCESS;
1903
1904 switch (DBGF_BP_PUB_GET_TYPE(&pBp->Pub))
1905 {
1906 case DBGFBPTYPE_REG:
1907 case DBGFBPTYPE_INT3:
1908 {
1909 if (DBGF_BP_PUB_IS_EXEC_BEFORE(&pBp->Pub))
1910 rcStrict = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_BEFORE);
1911 if (rcStrict == VINF_SUCCESS)
1912 {
1913 uint8_t abInstr[DBGF_BP_INSN_MAX];
1914 RTGCPTR const GCPtrInstr = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base;
1915 int rc = PGMPhysSimpleReadGCPtr(pVCpu, &abInstr[0], GCPtrInstr, sizeof(abInstr));
1916 AssertRC(rc);
1917 if (RT_SUCCESS(rc))
1918 {
1919 /* Replace the int3 with the original instruction byte. */
1920 abInstr[0] = pBp->Pub.u.Int3.bOrg;
1921 rcStrict = IEMExecOneWithPrefetchedByPC(pVCpu, CPUMCTX2CORE(&pVCpu->cpum.GstCtx), GCPtrInstr, &abInstr[0], sizeof(abInstr));
1922 if ( rcStrict == VINF_SUCCESS
1923 && DBGF_BP_PUB_IS_EXEC_AFTER(&pBp->Pub))
1924 {
1925 VBOXSTRICTRC rcStrict2 = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_AFTER);
1926 if (rcStrict2 == VINF_SUCCESS)
1927 return VBOXSTRICTRC_VAL(rcStrict);
1928 else if (rcStrict2 != VINF_DBGF_BP_HALT)
1929 return VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS;
1930 }
1931 else
1932 return VBOXSTRICTRC_VAL(rcStrict);
1933 }
1934 }
1935 break;
1936 }
1937 case DBGFBPTYPE_PORT_IO:
1938 case DBGFBPTYPE_MMIO:
1939 {
1940 pVCpu->dbgf.s.fBpIoActive = false;
1941 rcStrict = pBpOwner->pfnBpIoHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub,
1942 pVCpu->dbgf.s.fBpIoBefore
1943 ? DBGF_BP_F_HIT_EXEC_BEFORE
1944 : DBGF_BP_F_HIT_EXEC_AFTER,
1945 pVCpu->dbgf.s.fBpIoAccess, pVCpu->dbgf.s.uBpIoAddress,
1946 pVCpu->dbgf.s.uBpIoValue);
1947
1948 break;
1949 }
1950 default:
1951 AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(&pBp->Pub)),
1952 VERR_IPE_NOT_REACHED_DEFAULT_CASE);
1953 }
1954
1955 return rcStrict;
1956}
1957
1958
1959/**
1960 * Creates a new breakpoint owner returning a handle which can be used when setting breakpoints.
1961 *
1962 * @returns VBox status code.
1963 * @retval VERR_DBGF_BP_OWNER_NO_MORE_HANDLES if there are no more free owner handles available.
1964 * @param pUVM The user mode VM handle.
1965 * @param pfnBpHit The R3 callback which is called when a breakpoint with the owner handle is hit.
1966 * @param pfnBpIoHit The R3 callback which is called when a I/O breakpoint with the owner handle is hit.
1967 * @param phBpOwner Where to store the owner handle on success.
1968 *
1969 * @thread Any thread but might defer work to EMT on the first call.
1970 */
1971VMMR3DECL(int) DBGFR3BpOwnerCreate(PUVM pUVM, PFNDBGFBPHIT pfnBpHit, PFNDBGFBPIOHIT pfnBpIoHit, PDBGFBPOWNER phBpOwner)
1972{
1973 /*
1974 * Validate the input.
1975 */
1976 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
1977 AssertReturn(pfnBpHit || pfnBpIoHit, VERR_INVALID_PARAMETER);
1978 AssertPtrReturn(phBpOwner, VERR_INVALID_POINTER);
1979
1980 int rc = dbgfR3BpOwnerEnsureInit(pUVM);
1981 AssertRCReturn(rc ,rc);
1982
1983 /* Try to find a free entry in the owner table. */
1984 for (;;)
1985 {
1986 /* Scan the associated bitmap for a free entry. */
1987 int32_t iClr = ASMBitFirstClear(pUVM->dbgf.s.pbmBpOwnersAllocR3, DBGF_BP_OWNER_COUNT_MAX);
1988 if (iClr != -1)
1989 {
1990 /*
1991 * Try to allocate, we could get raced here as well. In that case
1992 * we try again.
1993 */
1994 if (!ASMAtomicBitTestAndSet(pUVM->dbgf.s.pbmBpOwnersAllocR3, iClr))
1995 {
1996 PDBGFBPOWNERINT pBpOwner = &pUVM->dbgf.s.paBpOwnersR3[iClr];
1997 pBpOwner->cRefs = 1;
1998 pBpOwner->pfnBpHitR3 = pfnBpHit;
1999 pBpOwner->pfnBpIoHitR3 = pfnBpIoHit;
2000
2001 *phBpOwner = (DBGFBPOWNER)iClr;
2002 return VINF_SUCCESS;
2003 }
2004 /* else Retry with another spot. */
2005 }
2006 else /* no free entry in bitmap, out of entries. */
2007 {
2008 rc = VERR_DBGF_BP_OWNER_NO_MORE_HANDLES;
2009 break;
2010 }
2011 }
2012
2013 return rc;
2014}
2015
2016
2017/**
2018 * Destroys the owner identified by the given handle.
2019 *
2020 * @returns VBox status code.
2021 * @retval VERR_INVALID_HANDLE if the given owner handle is invalid.
2022 * @retval VERR_DBGF_OWNER_BUSY if there are still breakpoints set with the given owner handle.
2023 * @param pUVM The user mode VM handle.
2024 * @param hBpOwner The breakpoint owner handle to destroy.
2025 */
2026VMMR3DECL(int) DBGFR3BpOwnerDestroy(PUVM pUVM, DBGFBPOWNER hBpOwner)
2027{
2028 /*
2029 * Validate the input.
2030 */
2031 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2032 AssertReturn(hBpOwner != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
2033
2034 int rc = dbgfR3BpOwnerEnsureInit(pUVM);
2035 AssertRCReturn(rc ,rc);
2036
2037 PDBGFBPOWNERINT pBpOwner = dbgfR3BpOwnerGetByHnd(pUVM, hBpOwner);
2038 if (RT_LIKELY(pBpOwner))
2039 {
2040 if (ASMAtomicReadU32(&pBpOwner->cRefs) == 1)
2041 {
2042 pBpOwner->pfnBpHitR3 = NULL;
2043 ASMAtomicDecU32(&pBpOwner->cRefs);
2044 ASMAtomicBitClear(pUVM->dbgf.s.pbmBpOwnersAllocR3, hBpOwner);
2045 }
2046 else
2047 rc = VERR_DBGF_OWNER_BUSY;
2048 }
2049 else
2050 rc = VERR_INVALID_HANDLE;
2051
2052 return rc;
2053}
2054
2055
2056/**
2057 * Sets a breakpoint (int 3 based).
2058 *
2059 * @returns VBox status code.
2060 * @param pUVM The user mode VM handle.
2061 * @param idSrcCpu The ID of the virtual CPU used for the
2062 * breakpoint address resolution.
2063 * @param pAddress The address of the breakpoint.
2064 * @param iHitTrigger The hit count at which the breakpoint start triggering.
2065 * Use 0 (or 1) if it's gonna trigger at once.
2066 * @param iHitDisable The hit count which disables the breakpoint.
2067 * Use ~(uint64_t) if it's never gonna be disabled.
2068 * @param phBp Where to store the breakpoint handle on success.
2069 *
2070 * @thread Any thread.
2071 */
2072VMMR3DECL(int) DBGFR3BpSetInt3(PUVM pUVM, VMCPUID idSrcCpu, PCDBGFADDRESS pAddress,
2073 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2074{
2075 return DBGFR3BpSetInt3Ex(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, idSrcCpu, pAddress,
2076 DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, phBp);
2077}
2078
2079
2080/**
2081 * Sets a breakpoint (int 3 based) - extended version.
2082 *
2083 * @returns VBox status code.
2084 * @param pUVM The user mode VM handle.
2085 * @param hOwner The owner handle, use NIL_DBGFBPOWNER if no special owner attached.
2086 * @param pvUser Opaque user data to pass in the owner callback.
2087 * @param idSrcCpu The ID of the virtual CPU used for the
2088 * breakpoint address resolution.
2089 * @param pAddress The address of the breakpoint.
2090 * @param fFlags Combination of DBGF_BP_F_XXX.
2091 * @param iHitTrigger The hit count at which the breakpoint start triggering.
2092 * Use 0 (or 1) if it's gonna trigger at once.
2093 * @param iHitDisable The hit count which disables the breakpoint.
2094 * Use ~(uint64_t) if it's never gonna be disabled.
2095 * @param phBp Where to store the breakpoint handle on success.
2096 *
2097 * @thread Any thread.
2098 */
2099VMMR3DECL(int) DBGFR3BpSetInt3Ex(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
2100 VMCPUID idSrcCpu, PCDBGFADDRESS pAddress, uint16_t fFlags,
2101 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2102{
2103 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2104 AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
2105 AssertReturn(DBGFR3AddrIsValid(pUVM, pAddress), VERR_INVALID_PARAMETER);
2106 AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
2107 AssertPtrReturn(phBp, VERR_INVALID_POINTER);
2108
2109 int rc = dbgfR3BpEnsureInit(pUVM);
2110 AssertRCReturn(rc, rc);
2111
2112 /*
2113 * Translate & save the breakpoint address into a guest-physical address.
2114 */
2115 RTGCPHYS GCPhysBpAddr = NIL_RTGCPHYS;
2116 rc = DBGFR3AddrToPhys(pUVM, idSrcCpu, pAddress, &GCPhysBpAddr);
2117 if (RT_SUCCESS(rc))
2118 {
2119 /*
2120 * The physical address from DBGFR3AddrToPhys() is the start of the page,
2121 * we need the exact byte offset into the page while writing to it in dbgfR3BpInt3Arm().
2122 */
2123 GCPhysBpAddr |= (pAddress->FlatPtr & X86_PAGE_OFFSET_MASK);
2124
2125 PDBGFBPINT pBp = NULL;
2126 DBGFBP hBp = dbgfR3BpGetByAddr(pUVM, DBGFBPTYPE_INT3, pAddress->FlatPtr, &pBp);
2127 if ( hBp != NIL_DBGFBP
2128 && pBp->Pub.u.Int3.PhysAddr == GCPhysBpAddr)
2129 {
2130 rc = VINF_SUCCESS;
2131 if (!DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2132 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2133 if (RT_SUCCESS(rc))
2134 {
2135 rc = VINF_DBGF_BP_ALREADY_EXIST;
2136 if (phBp)
2137 *phBp = hBp;
2138 }
2139 return rc;
2140 }
2141
2142 rc = dbgfR3BpAlloc(pUVM, hOwner, pvUser, DBGFBPTYPE_INT3, fFlags, iHitTrigger, iHitDisable, &hBp, &pBp);
2143 if (RT_SUCCESS(rc))
2144 {
2145 pBp->Pub.u.Int3.PhysAddr = GCPhysBpAddr;
2146 pBp->Pub.u.Int3.GCPtr = pAddress->FlatPtr;
2147
2148 /* Add the breakpoint to the lookup tables. */
2149 rc = dbgfR3BpInt3Add(pUVM, hBp, pBp);
2150 if (RT_SUCCESS(rc))
2151 {
2152 /* Enable the breakpoint if requested. */
2153 if (fFlags & DBGF_BP_F_ENABLED)
2154 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2155 if (RT_SUCCESS(rc))
2156 {
2157 *phBp = hBp;
2158 return VINF_SUCCESS;
2159 }
2160
2161 int rc2 = dbgfR3BpInt3Remove(pUVM, hBp, pBp); AssertRC(rc2);
2162 }
2163
2164 dbgfR3BpFree(pUVM, hBp, pBp);
2165 }
2166 }
2167
2168 return rc;
2169}
2170
2171
2172/**
2173 * Sets a register breakpoint.
2174 *
2175 * @returns VBox status code.
2176 * @param pUVM The user mode VM handle.
2177 * @param pAddress The address of the breakpoint.
2178 * @param iHitTrigger The hit count at which the breakpoint start triggering.
2179 * Use 0 (or 1) if it's gonna trigger at once.
2180 * @param iHitDisable The hit count which disables the breakpoint.
2181 * Use ~(uint64_t) if it's never gonna be disabled.
2182 * @param fType The access type (one of the X86_DR7_RW_* defines).
2183 * @param cb The access size - 1,2,4 or 8 (the latter is AMD64 long mode only.
2184 * Must be 1 if fType is X86_DR7_RW_EO.
2185 * @param phBp Where to store the breakpoint handle.
2186 *
2187 * @thread Any thread.
2188 */
2189VMMR3DECL(int) DBGFR3BpSetReg(PUVM pUVM, PCDBGFADDRESS pAddress, uint64_t iHitTrigger,
2190 uint64_t iHitDisable, uint8_t fType, uint8_t cb, PDBGFBP phBp)
2191{
2192 return DBGFR3BpSetRegEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, pAddress,
2193 DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, fType, cb, phBp);
2194}
2195
2196
2197/**
2198 * Sets a register breakpoint - extended version.
2199 *
2200 * @returns VBox status code.
2201 * @param pUVM The user mode VM handle.
2202 * @param hOwner The owner handle, use NIL_DBGFBPOWNER if no special owner attached.
2203 * @param pvUser Opaque user data to pass in the owner callback.
2204 * @param pAddress The address of the breakpoint.
2205 * @param fFlags Combination of DBGF_BP_F_XXX.
2206 * @param iHitTrigger The hit count at which the breakpoint start triggering.
2207 * Use 0 (or 1) if it's gonna trigger at once.
2208 * @param iHitDisable The hit count which disables the breakpoint.
2209 * Use ~(uint64_t) if it's never gonna be disabled.
2210 * @param fType The access type (one of the X86_DR7_RW_* defines).
2211 * @param cb The access size - 1,2,4 or 8 (the latter is AMD64 long mode only.
2212 * Must be 1 if fType is X86_DR7_RW_EO.
2213 * @param phBp Where to store the breakpoint handle.
2214 *
2215 * @thread Any thread.
2216 */
2217VMMR3DECL(int) DBGFR3BpSetRegEx(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
2218 PCDBGFADDRESS pAddress, uint16_t fFlags,
2219 uint64_t iHitTrigger, uint64_t iHitDisable,
2220 uint8_t fType, uint8_t cb, PDBGFBP phBp)
2221{
2222 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2223 AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
2224 AssertReturn(DBGFR3AddrIsValid(pUVM, pAddress), VERR_INVALID_PARAMETER);
2225 AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
2226 AssertReturn(cb > 0 && cb <= 8 && RT_IS_POWER_OF_TWO(cb), VERR_INVALID_PARAMETER);
2227 AssertPtrReturn(phBp, VERR_INVALID_POINTER);
2228 switch (fType)
2229 {
2230 case X86_DR7_RW_EO:
2231 if (cb == 1)
2232 break;
2233 AssertMsgFailedReturn(("fType=%#x cb=%d != 1\n", fType, cb), VERR_INVALID_PARAMETER);
2234 case X86_DR7_RW_IO:
2235 case X86_DR7_RW_RW:
2236 case X86_DR7_RW_WO:
2237 break;
2238 default:
2239 AssertMsgFailedReturn(("fType=%#x\n", fType), VERR_INVALID_PARAMETER);
2240 }
2241
2242 int rc = dbgfR3BpEnsureInit(pUVM);
2243 AssertRCReturn(rc, rc);
2244
2245 PDBGFBPINT pBp = NULL;
2246 DBGFBP hBp = dbgfR3BpGetByAddr(pUVM, DBGFBPTYPE_REG, pAddress->FlatPtr, &pBp);
2247 if ( hBp != NIL_DBGFBP
2248 && pBp->Pub.u.Reg.cb == cb
2249 && pBp->Pub.u.Reg.fType == fType)
2250 {
2251 rc = VINF_SUCCESS;
2252 if (!DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2253 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2254 if (RT_SUCCESS(rc))
2255 {
2256 rc = VINF_DBGF_BP_ALREADY_EXIST;
2257 if (phBp)
2258 *phBp = hBp;
2259 }
2260 return rc;
2261 }
2262
2263 /* Allocate new breakpoint. */
2264 rc = dbgfR3BpAlloc(pUVM, hOwner, pvUser, DBGFBPTYPE_REG, fFlags,
2265 iHitTrigger, iHitDisable, &hBp, &pBp);
2266 if (RT_SUCCESS(rc))
2267 {
2268 pBp->Pub.u.Reg.GCPtr = pAddress->FlatPtr;
2269 pBp->Pub.u.Reg.fType = fType;
2270 pBp->Pub.u.Reg.cb = cb;
2271 pBp->Pub.u.Reg.iReg = UINT8_MAX;
2272 ASMCompilerBarrier();
2273
2274 /* Assign the proper hardware breakpoint. */
2275 rc = dbgfR3BpRegAssign(pUVM->pVM, hBp, pBp);
2276 if (RT_SUCCESS(rc))
2277 {
2278 /* Arm the breakpoint. */
2279 if (fFlags & DBGF_BP_F_ENABLED)
2280 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2281 if (RT_SUCCESS(rc))
2282 {
2283 if (phBp)
2284 *phBp = hBp;
2285 return VINF_SUCCESS;
2286 }
2287
2288 int rc2 = dbgfR3BpRegRemove(pUVM->pVM, hBp, pBp);
2289 AssertRC(rc2); RT_NOREF(rc2);
2290 }
2291
2292 dbgfR3BpFree(pUVM, hBp, pBp);
2293 }
2294
2295 return rc;
2296}
2297
2298
2299/**
2300 * This is only kept for now to not mess with the debugger implementation at this point,
2301 * recompiler breakpoints are not supported anymore (IEM has some API but it isn't implemented
2302 * and should probably be merged with the DBGF breakpoints).
2303 */
2304VMMR3DECL(int) DBGFR3BpSetREM(PUVM pUVM, PCDBGFADDRESS pAddress, uint64_t iHitTrigger,
2305 uint64_t iHitDisable, PDBGFBP phBp)
2306{
2307 RT_NOREF(pUVM, pAddress, iHitTrigger, iHitDisable, phBp);
2308 return VERR_NOT_SUPPORTED;
2309}
2310
2311
2312/**
2313 * Sets an I/O port breakpoint.
2314 *
2315 * @returns VBox status code.
2316 * @param pUVM The user mode VM handle.
2317 * @param uPort The first I/O port.
2318 * @param cPorts The number of I/O ports, see DBGFBPIOACCESS_XXX.
2319 * @param fAccess The access we want to break on.
2320 * @param iHitTrigger The hit count at which the breakpoint start
2321 * triggering. Use 0 (or 1) if it's gonna trigger at
2322 * once.
2323 * @param iHitDisable The hit count which disables the breakpoint.
2324 * Use ~(uint64_t) if it's never gonna be disabled.
2325 * @param phBp Where to store the breakpoint handle.
2326 *
2327 * @thread Any thread.
2328 */
2329VMMR3DECL(int) DBGFR3BpSetPortIo(PUVM pUVM, RTIOPORT uPort, RTIOPORT cPorts, uint32_t fAccess,
2330 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2331{
2332 return DBGFR3BpSetPortIoEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, uPort, cPorts, fAccess,
2333 DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, phBp);
2334}
2335
2336
2337/**
2338 * Sets an I/O port breakpoint - extended version.
2339 *
2340 * @returns VBox status code.
2341 * @param pUVM The user mode VM handle.
2342 * @param hOwner The owner handle, use NIL_DBGFBPOWNER if no special owner attached.
2343 * @param pvUser Opaque user data to pass in the owner callback.
2344 * @param uPort The first I/O port.
2345 * @param cPorts The number of I/O ports, see DBGFBPIOACCESS_XXX.
2346 * @param fAccess The access we want to break on.
2347 * @param fFlags Combination of DBGF_BP_F_XXX.
2348 * @param iHitTrigger The hit count at which the breakpoint start
2349 * triggering. Use 0 (or 1) if it's gonna trigger at
2350 * once.
2351 * @param iHitDisable The hit count which disables the breakpoint.
2352 * Use ~(uint64_t) if it's never gonna be disabled.
2353 * @param phBp Where to store the breakpoint handle.
2354 *
2355 * @thread Any thread.
2356 */
2357VMMR3DECL(int) DBGFR3BpSetPortIoEx(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
2358 RTIOPORT uPort, RTIOPORT cPorts, uint32_t fAccess,
2359 uint32_t fFlags, uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2360{
2361 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2362 AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
2363 AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_PORT_IO), VERR_INVALID_FLAGS);
2364 AssertReturn(fAccess, VERR_INVALID_FLAGS);
2365 AssertReturn(!(fFlags & ~DBGF_BP_F_VALID_MASK), VERR_INVALID_FLAGS);
2366 AssertReturn(fFlags, VERR_INVALID_FLAGS);
2367 AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
2368 AssertPtrReturn(phBp, VERR_INVALID_POINTER);
2369 AssertReturn(cPorts > 0, VERR_OUT_OF_RANGE);
2370 AssertReturn((RTIOPORT)(uPort + (cPorts - 1)) >= uPort, VERR_OUT_OF_RANGE);
2371
2372 int rc = dbgfR3BpPortIoEnsureInit(pUVM);
2373 AssertRCReturn(rc, rc);
2374
2375 PDBGFBPINT pBp = NULL;
2376 DBGFBP hBp = dbgfR3BpPortIoGetByRange(pUVM, uPort, cPorts, &pBp);
2377 if ( hBp != NIL_DBGFBP
2378 && pBp->Pub.u.PortIo.uPort == uPort
2379 && pBp->Pub.u.PortIo.cPorts == cPorts
2380 && pBp->Pub.u.PortIo.fAccess == fAccess)
2381 {
2382 rc = VINF_SUCCESS;
2383 if (!DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2384 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2385 if (RT_SUCCESS(rc))
2386 {
2387 rc = VINF_DBGF_BP_ALREADY_EXIST;
2388 if (phBp)
2389 *phBp = hBp;
2390 }
2391 return rc;
2392 }
2393
2394 rc = dbgfR3BpAlloc(pUVM, hOwner, pvUser, DBGFBPTYPE_PORT_IO, fFlags, iHitTrigger, iHitDisable, &hBp, &pBp);
2395 if (RT_SUCCESS(rc))
2396 {
2397 pBp->Pub.u.PortIo.uPort = uPort;
2398 pBp->Pub.u.PortIo.cPorts = cPorts;
2399 pBp->Pub.u.PortIo.fAccess = fAccess;
2400
2401 /* Add the breakpoint to the lookup tables. */
2402 rc = dbgfR3BpPortIoAdd(pUVM, hBp, pBp);
2403 if (RT_SUCCESS(rc))
2404 {
2405 /* Enable the breakpoint if requested. */
2406 if (fFlags & DBGF_BP_F_ENABLED)
2407 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2408 if (RT_SUCCESS(rc))
2409 {
2410 *phBp = hBp;
2411 return VINF_SUCCESS;
2412 }
2413
2414 int rc2 = dbgfR3BpPortIoRemove(pUVM, hBp, pBp); AssertRC(rc2);
2415 }
2416
2417 dbgfR3BpFree(pUVM, hBp, pBp);
2418 }
2419
2420 return rc;
2421}
2422
2423
2424/**
2425 * Sets a memory mapped I/O breakpoint.
2426 *
2427 * @returns VBox status code.
2428 * @param pUVM The user mode VM handle.
2429 * @param GCPhys The first MMIO address.
2430 * @param cb The size of the MMIO range to break on.
2431 * @param fAccess The access we want to break on.
2432 * @param iHitTrigger The hit count at which the breakpoint start
2433 * triggering. Use 0 (or 1) if it's gonna trigger at
2434 * once.
2435 * @param iHitDisable The hit count which disables the breakpoint.
2436 * Use ~(uint64_t) if it's never gonna be disabled.
2437 * @param phBp Where to store the breakpoint handle.
2438 *
2439 * @thread Any thread.
2440 */
2441VMMR3DECL(int) DBGFR3BpSetMmio(PUVM pUVM, RTGCPHYS GCPhys, uint32_t cb, uint32_t fAccess,
2442 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2443{
2444 return DBGFR3BpSetMmioEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, GCPhys, cb, fAccess,
2445 DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, phBp);
2446}
2447
2448
2449/**
2450 * Sets a memory mapped I/O breakpoint - extended version.
2451 *
2452 * @returns VBox status code.
2453 * @param pUVM The user mode VM handle.
2454 * @param hOwner The owner handle, use NIL_DBGFBPOWNER if no special owner attached.
2455 * @param pvUser Opaque user data to pass in the owner callback.
2456 * @param GCPhys The first MMIO address.
2457 * @param cb The size of the MMIO range to break on.
2458 * @param fAccess The access we want to break on.
2459 * @param fFlags Combination of DBGF_BP_F_XXX.
2460 * @param iHitTrigger The hit count at which the breakpoint start
2461 * triggering. Use 0 (or 1) if it's gonna trigger at
2462 * once.
2463 * @param iHitDisable The hit count which disables the breakpoint.
2464 * Use ~(uint64_t) if it's never gonna be disabled.
2465 * @param phBp Where to store the breakpoint handle.
2466 *
2467 * @thread Any thread.
2468 */
2469VMMR3DECL(int) DBGFR3BpSetMmioEx(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
2470 RTGCPHYS GCPhys, uint32_t cb, uint32_t fAccess,
2471 uint32_t fFlags, uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
2472{
2473 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2474 AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
2475 AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_MMIO), VERR_INVALID_FLAGS);
2476 AssertReturn(fAccess, VERR_INVALID_FLAGS);
2477 AssertReturn(!(fFlags & ~DBGF_BP_F_VALID_MASK), VERR_INVALID_FLAGS);
2478 AssertReturn(fFlags, VERR_INVALID_FLAGS);
2479 AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
2480 AssertPtrReturn(phBp, VERR_INVALID_POINTER);
2481 AssertReturn(cb, VERR_OUT_OF_RANGE);
2482 AssertReturn(GCPhys + cb < GCPhys, VERR_OUT_OF_RANGE);
2483
2484 int rc = dbgfR3BpEnsureInit(pUVM);
2485 AssertRCReturn(rc, rc);
2486
2487 return VERR_NOT_IMPLEMENTED;
2488}
2489
2490
2491/**
2492 * Clears a breakpoint.
2493 *
2494 * @returns VBox status code.
2495 * @param pUVM The user mode VM handle.
2496 * @param hBp The handle of the breakpoint which should be removed (cleared).
2497 *
2498 * @thread Any thread.
2499 */
2500VMMR3DECL(int) DBGFR3BpClear(PUVM pUVM, DBGFBP hBp)
2501{
2502 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2503 AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
2504
2505 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
2506 AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
2507
2508 /* Disarm the breakpoint when it is enabled. */
2509 if (DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2510 {
2511 int rc = dbgfR3BpDisarm(pUVM, hBp, pBp);
2512 AssertRC(rc);
2513 }
2514
2515 switch (DBGF_BP_PUB_GET_TYPE(&pBp->Pub))
2516 {
2517 case DBGFBPTYPE_REG:
2518 {
2519 int rc = dbgfR3BpRegRemove(pUVM->pVM, hBp, pBp);
2520 AssertRC(rc);
2521 break;
2522 }
2523 case DBGFBPTYPE_INT3:
2524 {
2525 int rc = dbgfR3BpInt3Remove(pUVM, hBp, pBp);
2526 AssertRC(rc);
2527 break;
2528 }
2529 case DBGFBPTYPE_PORT_IO:
2530 {
2531 int rc = dbgfR3BpPortIoRemove(pUVM, hBp, pBp);
2532 AssertRC(rc);
2533 break;
2534 }
2535 default:
2536 break;
2537 }
2538
2539 dbgfR3BpFree(pUVM, hBp, pBp);
2540 return VINF_SUCCESS;
2541}
2542
2543
2544/**
2545 * Enables a breakpoint.
2546 *
2547 * @returns VBox status code.
2548 * @param pUVM The user mode VM handle.
2549 * @param hBp The handle of the breakpoint which should be enabled.
2550 *
2551 * @thread Any thread.
2552 */
2553VMMR3DECL(int) DBGFR3BpEnable(PUVM pUVM, DBGFBP hBp)
2554{
2555 /*
2556 * Validate the input.
2557 */
2558 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2559 AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
2560
2561 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
2562 AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
2563
2564 int rc;
2565 if (!DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2566 rc = dbgfR3BpArm(pUVM, hBp, pBp);
2567 else
2568 rc = VINF_DBGF_BP_ALREADY_ENABLED;
2569
2570 return rc;
2571}
2572
2573
2574/**
2575 * Disables a breakpoint.
2576 *
2577 * @returns VBox status code.
2578 * @param pUVM The user mode VM handle.
2579 * @param hBp The handle of the breakpoint which should be disabled.
2580 *
2581 * @thread Any thread.
2582 */
2583VMMR3DECL(int) DBGFR3BpDisable(PUVM pUVM, DBGFBP hBp)
2584{
2585 /*
2586 * Validate the input.
2587 */
2588 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2589 AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
2590
2591 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
2592 AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
2593
2594 int rc;
2595 if (DBGF_BP_PUB_IS_ENABLED(&pBp->Pub))
2596 rc = dbgfR3BpDisarm(pUVM, hBp, pBp);
2597 else
2598 rc = VINF_DBGF_BP_ALREADY_DISABLED;
2599
2600 return rc;
2601}
2602
2603
2604/**
2605 * Enumerate the breakpoints.
2606 *
2607 * @returns VBox status code.
2608 * @param pUVM The user mode VM handle.
2609 * @param pfnCallback The callback function.
2610 * @param pvUser The user argument to pass to the callback.
2611 *
2612 * @thread Any thread.
2613 */
2614VMMR3DECL(int) DBGFR3BpEnum(PUVM pUVM, PFNDBGFBPENUM pfnCallback, void *pvUser)
2615{
2616 UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
2617
2618 for (uint32_t idChunk = 0; idChunk < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); idChunk++)
2619 {
2620 PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
2621
2622 if (pBpChunk->idChunk == DBGF_BP_CHUNK_ID_INVALID)
2623 break; /* Stop here as the first non allocated chunk means there is no one allocated afterwards as well. */
2624
2625 if (pBpChunk->cBpsFree < DBGF_BP_COUNT_PER_CHUNK)
2626 {
2627 /* Scan the bitmap for allocated entries. */
2628 int32_t iAlloc = ASMBitFirstSet(pBpChunk->pbmAlloc, DBGF_BP_COUNT_PER_CHUNK);
2629 if (iAlloc != -1)
2630 {
2631 do
2632 {
2633 DBGFBP hBp = DBGF_BP_HND_CREATE(idChunk, (uint32_t)iAlloc);
2634 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
2635
2636 /* Make a copy of the breakpoints public data to have a consistent view. */
2637 DBGFBPPUB BpPub;
2638 BpPub.cHits = ASMAtomicReadU64((volatile uint64_t *)&pBp->Pub.cHits);
2639 BpPub.iHitTrigger = ASMAtomicReadU64((volatile uint64_t *)&pBp->Pub.iHitTrigger);
2640 BpPub.iHitDisable = ASMAtomicReadU64((volatile uint64_t *)&pBp->Pub.iHitDisable);
2641 BpPub.hOwner = ASMAtomicReadU32((volatile uint32_t *)&pBp->Pub.hOwner);
2642 BpPub.u16Type = ASMAtomicReadU16((volatile uint16_t *)&pBp->Pub.u16Type); /* Actually constant. */
2643 BpPub.fFlags = ASMAtomicReadU16((volatile uint16_t *)&pBp->Pub.fFlags);
2644 memcpy(&BpPub.u, &pBp->Pub.u, sizeof(pBp->Pub.u)); /* Is constant after allocation. */
2645
2646 /* Check if a removal raced us. */
2647 if (ASMBitTest(pBpChunk->pbmAlloc, iAlloc))
2648 {
2649 int rc = pfnCallback(pUVM, pvUser, hBp, &BpPub);
2650 if (RT_FAILURE(rc) || rc == VINF_CALLBACK_RETURN)
2651 return rc;
2652 }
2653
2654 iAlloc = ASMBitNextSet(pBpChunk->pbmAlloc, DBGF_BP_COUNT_PER_CHUNK, iAlloc);
2655 } while (iAlloc != -1);
2656 }
2657 }
2658 }
2659
2660 return VINF_SUCCESS;
2661}
2662
2663
2664/**
2665 * Called whenever a breakpoint event needs to be serviced in ring-3 to decide what to do.
2666 *
2667 * @returns VBox status code.
2668 * @param pVM The cross context VM structure.
2669 * @param pVCpu The vCPU the breakpoint event happened on.
2670 *
2671 * @thread EMT
2672 */
2673VMMR3_INT_DECL(int) DBGFR3BpHit(PVM pVM, PVMCPU pVCpu)
2674{
2675 /* Send it straight into the debugger?. */
2676 if (pVCpu->dbgf.s.fBpInvokeOwnerCallback)
2677 {
2678 DBGFBP hBp = pVCpu->dbgf.s.hBpActive;
2679 pVCpu->dbgf.s.fBpInvokeOwnerCallback = false;
2680
2681 PDBGFBPINT pBp = dbgfR3BpGetByHnd(pVM->pUVM, hBp);
2682 AssertReturn(pBp, VERR_DBGF_BP_IPE_9);
2683
2684 /* Resolve owner (can be NIL_DBGFBPOWNER) and invoke callback if there is one. */
2685 if (pBp->Pub.hOwner != NIL_DBGFBPOWNER)
2686 {
2687 PCDBGFBPOWNERINT pBpOwner = dbgfR3BpOwnerGetByHnd(pVM->pUVM, pBp->Pub.hOwner);
2688 if (pBpOwner)
2689 {
2690 VBOXSTRICTRC rcStrict = dbgfR3BpHit(pVM, pVCpu, hBp, pBp, pBpOwner);
2691 if (VBOXSTRICTRC_VAL(rcStrict) == VINF_SUCCESS)
2692 {
2693 pVCpu->dbgf.s.hBpActive = NIL_DBGFBP;
2694 return VINF_SUCCESS;
2695 }
2696 else if (VBOXSTRICTRC_VAL(rcStrict) != VINF_DBGF_BP_HALT) /* Guru meditation. */
2697 return VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS;
2698 /* else: Halt in the debugger. */
2699 }
2700 }
2701 }
2702
2703 return DBGFR3EventBreakpoint(pVM, DBGFEVENT_BREAKPOINT);
2704}
2705
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette