Changeset 100709 in vbox

Timestamp:

Jul 26, 2023 1:33:34 PM (16 months ago)

Author:

vboxsync

Message:

VMM: Added missing splitlock handling for cmpxchg8b and cmpxchg16b, bugref:10052

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAllAImpl.asm (modified) (7 diffs)
• IEMAllInstructionsTwoByte0f.cpp.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllAImpl.asm

@@ -1404 +1404 @@
         mov     edx, [r11 + 4]
 
-        lock cmpxchg8b [r10]
+        cmpxchg8b [r10]
 
         mov     [r11], eax
@@ -1424 +1424 @@
         mov     edx, [rsi + 4]
 
-        lock cmpxchg8b [rdi]
+        cmpxchg8b [rdi]
 
         mov     [rsi], eax
@@ -1451 +1451 @@
         mov     edx, [esi + 4]
 
-        lock cmpxchg8b [edi]
+        cmpxchg8b [edi]
 
         mov     [esi], eax
@@ -1466 +1466 @@
 
 BEGINPROC_FASTCALL iemAImpl_cmpxchg8b_locked, 16
-        ; Lazy bird always lock prefixes cmpxchg8b.
-        jmp     NAME_FASTCALL(iemAImpl_cmpxchg8b,16,$@)
+%ifdef RT_ARCH_AMD64
+ %ifdef ASM_CALL64_MSC
+        push    rbx
+
+        mov     r11, rdx                ; pu64EaxEdx (is also T1)
+        mov     r10, rcx                ; pu64Dst
+
+        mov     ebx, [r8]
+        mov     ecx, [r8 + 4]
+        IEM_MAYBE_LOAD_FLAGS r9, (X86_EFL_ZF), 0 ; clobbers T0 (eax)
+        mov     eax, [r11]
+        mov     edx, [r11 + 4]
+
+        lock cmpxchg8b [r10]
+
+        mov     [r11], eax
+        mov     [r11 + 4], edx
+        IEM_SAVE_FLAGS       r9, (X86_EFL_ZF), 0 ; clobbers T0+T1 (eax, r11)
+
+        pop     rbx
+        ret
+ %else
+        push    rbx
+
+        mov     r10, rcx                ; pEFlags
+        mov     r11, rdx                ; pu64EbxEcx (is also T1)
+
+        mov     ebx, [r11]
+        mov     ecx, [r11 + 4]
+        IEM_MAYBE_LOAD_FLAGS r10, (X86_EFL_ZF), 0 ; clobbers T0 (eax)
+        mov     eax, [rsi]
+        mov     edx, [rsi + 4]
+
+        lock cmpxchg8b [rdi]
+
+        mov     [rsi], eax
+        mov     [rsi + 4], edx
+        IEM_SAVE_FLAGS       r10, (X86_EFL_ZF), 0 ; clobbers T0+T1 (eax, r11)
+
+        pop     rbx
+        ret
+
+ %endif
+%else
+        push    esi
+        push    edi
+        push    ebx
+        push    ebp
+
+        mov     edi, ecx                ; pu64Dst
+        mov     esi, edx                ; pu64EaxEdx
+        mov     ecx, [esp + 16 + 4 + 0] ; pu64EbxEcx
+        mov     ebp, [esp + 16 + 4 + 4] ; pEFlags
+
+        mov     ebx, [ecx]
+        mov     ecx, [ecx + 4]
+        IEM_MAYBE_LOAD_FLAGS ebp, (X86_EFL_ZF), 0  ; clobbers T0 (eax)
+        mov     eax, [esi]
+        mov     edx, [esi + 4]
+
+        lock cmpxchg8b [edi]
+
+        mov     [esi], eax
+        mov     [esi + 4], edx
+        IEM_SAVE_FLAGS       ebp, (X86_EFL_ZF), 0 ; clobbers T0+T1 (eax, edi)
+
+        pop     ebp
+        pop     ebx
+        pop     edi
+        pop     esi
+        ret     8
+%endif
 ENDPROC iemAImpl_cmpxchg8b_locked
 
@@ -1500 +1570 @@
         mov     rdx, [r11 + 8]
 
-        lock cmpxchg16b [r10]
+        cmpxchg16b [r10]
 
         mov     [r11], rax
@@ -1520 +1590 @@
         mov     rdx, [rsi + 8]
 
-        lock cmpxchg16b [rdi]
+        cmpxchg16b [rdi]
 
         mov     [rsi], rax
@@ -1533 +1603 @@
 
 BEGINPROC_FASTCALL iemAImpl_cmpxchg16b_locked, 16
-        ; Lazy bird always lock prefixes cmpxchg16b.
-        jmp     NAME_FASTCALL(iemAImpl_cmpxchg16b,16,$@)
+ %ifdef ASM_CALL64_MSC
+        push    rbx
+
+        mov     r11, rdx                ; pu64RaxRdx (is also T1)
+        mov     r10, rcx                ; pu64Dst
+
+        mov     rbx, [r8]
+        mov     rcx, [r8 + 8]
+        IEM_MAYBE_LOAD_FLAGS r9, (X86_EFL_ZF), 0 ; clobbers T0 (eax)
+        mov     rax, [r11]
+        mov     rdx, [r11 + 8]
+
+        lock cmpxchg16b [r10]
+
+        mov     [r11], rax
+        mov     [r11 + 8], rdx
+        IEM_SAVE_FLAGS       r9, (X86_EFL_ZF), 0 ; clobbers T0+T1 (eax, r11)
+
+        pop     rbx
+        ret
+ %else
+        push    rbx
+
+        mov     r10, rcx                ; pEFlags
+        mov     r11, rdx                ; pu64RbxRcx (is also T1)
+
+        mov     rbx, [r11]
+        mov     rcx, [r11 + 8]
+        IEM_MAYBE_LOAD_FLAGS r10, (X86_EFL_ZF), 0 ; clobbers T0 (eax)
+        mov     rax, [rsi]
+        mov     rdx, [rsi + 8]
+
+        lock cmpxchg16b [rdi]
+
+        mov     [rsi], rax
+        mov     [rsi + 8], rdx
+        IEM_SAVE_FLAGS       r10, (X86_EFL_ZF), 0 ; clobbers T0+T1 (eax, r11)
+
+        pop     rbx
+        ret
+
+ %endif
 ENDPROC iemAImpl_cmpxchg16b_locked
 

trunk/src/VBox/VMM/VMMAll/IEMAllInstructionsTwoByte0f.cpp.h

@@ -12194 +12194 @@
 
     IEM_MC_FETCH_EFLAGS(EFlags);
-    if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
+    if (   !(pVCpu->iem.s.fExec & IEM_F_X86_DISREGARD_LOCK)
+        && (pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
+        IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg8b_locked, pu64MemDst, pu64EaxEdx, pu64EbxEcx, pEFlags);
+    else
         IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg8b, pu64MemDst, pu64EaxEdx, pu64EbxEcx, pEFlags);
-    else
-        IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg8b_locked, pu64MemDst, pu64EaxEdx, pu64EbxEcx, pEFlags);
 
     IEM_MC_MEM_COMMIT_AND_UNMAP(pu64MemDst, IEM_ACCESS_DATA_RW);
@@ -12244 +12245 @@
         if (IEM_GET_HOST_CPU_FEATURES(pVCpu)->fMovCmpXchg16b)
         {
-            if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
+            if (   !(pVCpu->iem.s.fExec & IEM_F_X86_DISREGARD_LOCK)
+                && (pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
+                IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg16b_locked, pu128MemDst, pu128RaxRdx, pu128RbxRcx, pEFlags);
+            else
                 IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg16b, pu128MemDst, pu128RaxRdx, pu128RbxRcx, pEFlags);
-            else
-                IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg16b_locked, pu128MemDst, pu128RaxRdx, pu128RbxRcx, pEFlags);
         }
         else