Changeset 102624 in vbox for trunk/src

Timestamp:

Dec 16, 2023 3:15:54 AM (17 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

160779

Message:

VMM/IEM: BODY_CONSIDER_CS_LIM_CHECKING. bugref:10371

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veRecompiler.cpp (modified) (9 diffs)
• VMMAll/IEMAllThrdFuncsBltIn.cpp (modified) (2 diffs)
• VMMAll/IEMAllThrdPython.py (modified) (1 diff)
• include/IEMN8veRecompiler.h (modified) (1 diff)
• include/IEMN8veRecompilerEmit.h (modified) (4 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -1596 +1596 @@
 
 /**
- * Used by TB code when it wants to raise a \#GP(0).
+ * Used by TB code when detecting opcode changes.
  * @see iemThreadeFuncWorkerObsoleteTb
  */
@@ -1606 +1606 @@
        that return path codes via the native code generated for the TB. */
     iemThreadedTbObsolete(pVCpu, pVCpu->iem.s.pCurTbR3, false /*fSafeToFree*/);
+    return VINF_IEM_REEXEC_BREAK;
+}
+
+
+/**
+ * Used by TB code when we need to switch to a TB with CS.LIM checking.
+ */
+IEM_DECL_NATIVE_HLP_DEF(int, iemNativeHlpNeedCsLimChecking,(PVMCPUCC pVCpu))
+{
+    Log7(("TB need CS.LIM: %p at %04x:%08RX64; offFromLim=%#RX64 CS.LIM=%#RX32 CS.BASE=%#RX64\n",
+          pVCpu->iem.s.pCurTbR3, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
+          (int64_t)pVCpu->cpum.GstCtx.cs.u32Limit - (int64_t)pVCpu->cpum.GstCtx.rip,
+          pVCpu->cpum.GstCtx.cs.u32Limit, pVCpu->cpum.GstCtx.cs.u64Base));
+    STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckNeedCsLimChecking);
     return VINF_IEM_REEXEC_BREAK;
 }
@@ -2435 +2449 @@
     pReNative->Core.u64ArgVars             = UINT64_MAX;
 
-    AssertCompile(RT_ELEMENTS(pReNative->aidxUniqueLabels) == 7);
+    AssertCompile(RT_ELEMENTS(pReNative->aidxUniqueLabels) == 8);
     pReNative->aidxUniqueLabels[0]         = UINT32_MAX;
     pReNative->aidxUniqueLabels[1]         = UINT32_MAX;
@@ -2443 +2457 @@
     pReNative->aidxUniqueLabels[5]         = UINT32_MAX;
     pReNative->aidxUniqueLabels[6]         = UINT32_MAX;
+    pReNative->aidxUniqueLabels[7]         = UINT32_MAX;
 
     /* Full host register reinit: */
@@ -4830 +4845 @@
     off = iemNativeEmitCheckCallRetAndPassUp(pReNative, off, pCallEntry->idxInstr);
 
+    return off;
+}
+
+
+/**
+ * Emits the code at the NeedCsLimChecking label.
+ */
+static uint32_t iemNativeEmitNeedCsLimChecking(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxReturnLabel)
+{
+    uint32_t const idxLabel = iemNativeLabelFind(pReNative, kIemNativeLabelType_NeedCsLimChecking);
+    if (idxLabel != UINT32_MAX)
+    {
+        iemNativeLabelDefine(pReNative, idxLabel, off);
+
+        /* int iemNativeHlpNeedCsLimChecking(PVMCPUCC pVCpu) */
+        off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
+        off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpNeedCsLimChecking);
+
+        /* jump back to the return sequence. */
+        off = iemNativeEmitJmpToLabel(pReNative, off, idxReturnLabel);
+    }
     return off;
 }
@@ -11244 +11280 @@
 
 /**
+ * Macro that considers whether we need CS.LIM checking after a branch or
+ * crossing over to a new page.
+ */
+#define BODY_CONSIDER_CS_LIM_CHECKING(a_pTb, a_cbInstr) \
+    RT_NOREF(cbInstr); \
+    off = iemNativeEmitBltInConsiderLimChecking(pReNative, off)
+
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitBltInConsiderLimChecking(PIEMRECOMPILERSTATE pReNative, uint32_t off)
+{
+    /*
+     * This check must match the ones in the iem in iemGetTbFlagsForCurrentPc
+     * exactly:
+     *
+     *  int64_t const offFromLim = (int64_t)pVCpu->cpum.GstCtx.cs.u32Limit - (int64_t)pVCpu->cpum.GstCtx.eip;
+     *  if (offFromLim >= X86_PAGE_SIZE + 16 - (int32_t)(pVCpu->cpum.GstCtx.cs.u64Base & GUEST_PAGE_OFFSET_MASK))
+     *      return fRet;
+     *  return fRet | IEMTB_F_CS_LIM_CHECKS;
+     *
+     *
+     * We need EIP, CS.LIM and CS.BASE here.
+     */
+
+    /* Calculate the offFromLim first: */
+    uint8_t const  idxRegPc     = iemNativeRegAllocTmpForGuestReg(pReNative, &off, kIemNativeGstReg_Pc,
+                                                                  kIemNativeGstRegUse_ReadOnly);
+    uint8_t const  idxRegCsLim  = iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_LIMIT(X86_SREG_CS),
+                                                                  kIemNativeGstRegUse_ReadOnly);
+    uint8_t const  idxRegLeft   = iemNativeRegAllocTmp(pReNative, &off);
+
+#ifdef RT_ARCH_ARM64
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrSubReg(idxRegLeft, idxRegCsLim, idxRegPc);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+#else
+    off = iemNativeEmitLoadGprFromGpr(pReNative, off, idxRegLeft, idxRegCsLim);
+    off = iemNativeEmitSubTwoGprs(pReNative, off, idxRegLeft, idxRegPc);
+#endif
+
+    iemNativeRegFreeTmp(pReNative, idxRegCsLim);
+    iemNativeRegFreeTmp(pReNative, idxRegPc);
+
+    /* Calculate the threshold level (right side). */
+    uint8_t const  idxRegCsBase = iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_BASE(X86_SREG_CS),
+                                                                  kIemNativeGstRegUse_ReadOnly);
+    uint8_t const  idxRegRight  = iemNativeRegAllocTmp(pReNative, &off);
+
+#ifdef RT_ARCH_ARM64
+    pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
+    Assert(Armv8A64ConvertImmRImmS2Mask32(11, 0) == GUEST_PAGE_OFFSET_MASK);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAndImm(idxRegRight, idxRegCsBase, 11, 0, false /*f64Bit*/);
+    pu32CodeBuf[off++] = Armv8A64MkInstrNeg(idxRegRight);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAddUImm12(idxRegRight, idxRegRight, (X86_PAGE_SIZE + 16) / 2);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAddUImm12(idxRegRight, idxRegRight, (X86_PAGE_SIZE + 16) / 2);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+#else
+    off = iemNativeEmitLoadGprImm32(pReNative, off, idxRegRight, GUEST_PAGE_OFFSET_MASK);
+    off = iemNativeEmitAndGpr32ByGpr32(pReNative, off, idxRegRight, idxRegCsBase);
+    off = iemNativeEmitNegGpr(pReNative, off, idxRegRight);
+    off = iemNativeEmitAddGprImm(pReNative, off, idxRegRight, X86_PAGE_SIZE + 16);
+#endif
+
+    iemNativeRegFreeTmp(pReNative, idxRegCsBase);
+
+    /* Compare the two and jump out if we're too close to the limit. */
+    off = iemNativeEmitCmpGprWithGpr(pReNative, off, idxRegLeft, idxRegRight);
+    off = iemNativeEmitJlToNewLabel(pReNative, off, kIemNativeLabelType_NeedCsLimChecking);
+
+    iemNativeRegFreeTmp(pReNative, idxRegRight);
+    iemNativeRegFreeTmp(pReNative, idxRegLeft);
+    return off;
+}
+
+
+
+/**
  * Macro that implements opcode (re-)checking.
  */
 #define BODY_CHECK_OPCODES(a_pTb, a_idxRange, a_offRange, a_cbInstr) \
+    RT_NOREF(cbInstr); \
     off = iemNativeEmitBltInCheckOpcodes(pReNative, off, (a_pTb), (a_idxRange), (a_offRange))
 
@@ -11775 +11889 @@
 {
     PCIEMTB const  pTb      = pReNative->pTbOrg;
-    //uint32_t const cbInstr  = (uint32_t)pCallEntry->auParams[0];
+    uint32_t const cbInstr  = (uint32_t)pCallEntry->auParams[0];
     uint32_t const idxRange = (uint32_t)pCallEntry->auParams[1];
     uint32_t const offRange = (uint32_t)pCallEntry->auParams[2];
@@ -12523 +12637 @@
                                 case kIemNativeLabelType_ObsoleteTb:
                                     pszName = "ObsoleteTb";
+                                    break;
+                                case kIemNativeLabelType_NeedCsLimChecking:
+                                    pszName = "NeedCsLimChecking";
                                     break;
                                 case kIemNativeLabelType_If:
@@ -12924 +13041 @@
         if (pReNative->bmLabelTypes & RT_BIT_64(kIemNativeLabelType_ObsoleteTb))
             off = iemNativeEmitObsoleteTb(pReNative, off, idxReturnLabel);
+        if (pReNative->bmLabelTypes & RT_BIT_64(kIemNativeLabelType_NeedCsLimChecking))
+            off = iemNativeEmitNeedCsLimChecking(pReNative, off, idxReturnLabel);
     }
     IEMNATIVE_CATCH_LONGJMP_BEGIN(pReNative, rc);

trunk/src/VBox/VMM/VMMAll/IEMAllThrdFuncsBltIn.cpp

@@ -200 +200 @@
                   pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip, (a_cbInstr), pVCpu->cpum.GstCtx.cs.u32Limit)); \
             return iemRaiseGeneralProtectionFault0(pVCpu); \
+        } \
+    } while(0)
+
+/**
+ * Macro that considers whether we need CS.LIM checking after a branch or
+ * crossing over to a new page.
+ */
+#define BODY_CONSIDER_CS_LIM_CHECKING(a_pTb, a_cbInstr) do { \
+        int64_t const offFromLim = (int64_t)pVCpu->cpum.GstCtx.cs.u32Limit - (int64_t)pVCpu->cpum.GstCtx.eip; \
+        if (offFromLim >= GUEST_PAGE_SIZE + 16 - (int32_t)(pVCpu->cpum.GstCtx.cs.u64Base & GUEST_PAGE_OFFSET_MASK)) \
+        { /* likely */ } \
+        else \
+        { \
+            Log7(("TB need CS.LIM: %p at %04x:%08RX64 LB %u; #%u offFromLim=%#RX64 CS.LIM=%#RX32 CS.BASE=%#RX64\n", \
+                  (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), offFromLim, \
+                  pVCpu->cpum.GstCtx.cs.u32Limit, pVCpu->cpum.GstCtx.cs.u64Base, __LINE__)); \
+            RT_NOREF(a_pTb, a_cbInstr); \
+            STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckNeedCsLimChecking); \
+            return VINF_IEM_REEXEC_BREAK; \
         } \
     } while(0)
@@ -351 +370 @@
     } while(0)
 
-/**
- * Macro that considers whether we need CS.LIM checking after a branch or
- * crossing over to a new page.
- *
- * This may long jump if we're raising a \#PF, \#GP or similar trouble.
- */
-#define BODY_CONSIDER_CS_LIM_CHECKING(a_pTb, a_cbInstr) do { \
-        int64_t const offFromLim = (int64_t)pVCpu->cpum.GstCtx.cs.u32Limit - (int64_t)pVCpu->cpum.GstCtx.eip; \
-        if (offFromLim >= GUEST_PAGE_SIZE + 16 - (int32_t)(pVCpu->cpum.GstCtx.cs.u64Base & GUEST_PAGE_OFFSET_MASK)) \
-        { /* likely */ } \
-        else \
-        { \
-            Log7(("TB need CS.LIM: %p at %04x:%08RX64 LB %u; #%u offFromLim=%#RX64 CS.LIM=%#RX32 CS.BASE=%#RX64\n", \
-                  (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), offFromLim, \
-                  pVCpu->cpum.GstCtx.cs.u32Limit, pVCpu->cpum.GstCtx.cs.u64Base, __LINE__)); \
-            RT_NOREF(a_pTb, a_cbInstr); \
-            STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckNeedCsLimChecking); \
-            return VINF_IEM_REEXEC_BREAK; \
-        } \
-    } while(0)
-
 
 

trunk/src/VBox/VMM/VMMAll/IEMAllThrdPython.py

@@ -1968 +1968 @@
         ( 'CheckCsLimAndOpcodes',                               3, True  ),
         ( 'CheckOpcodes',                                       3, True  ),
-        ( 'CheckOpcodesConsiderCsLim',                          3, False ),
+        ( 'CheckOpcodesConsiderCsLim',                          3, True  ),
 
         ( 'CheckCsLimAndPcAndOpcodes',                          3, False ),

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -311 +311 @@
     kIemNativeLabelType_RaiseGp0,
     kIemNativeLabelType_ObsoleteTb,
+    kIemNativeLabelType_NeedCsLimChecking,
     /* Labels with data, potentially multiple instances per TB: */
     kIemNativeLabelType_FirstWithMultipleInstances,

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -1669 +1669 @@
 *********************************************************************************************************************************/
 
+/**
+ * Emits subtracting a 64-bit GPR from another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitSubTwoGprs(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSubtrahend)
+{
+#if defined(RT_ARCH_AMD64)
+    /* sub Gv,Ev */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    pbCodeBuf[off++] = (iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R)
+                     | (iGprSubtrahend < 8 ? 0 : X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x2b;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSubtrahend & 7);
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprSubtrahend);
+
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+
 
 #ifdef RT_ARCH_AMD64
@@ -1705 +1731 @@
 
 /**
- * Emits adding a 64-bit GPR to another, storing the result in the frist.
+ * Emits adding a 64-bit GPR to another, storing the result in the first.
  * @note The AMD64 version sets flags.
  */
@@ -1915 +1941 @@
         iemNativeRegFreeTmpImm(pReNative, iTmpReg);
     }
+
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+
+
+/*********************************************************************************************************************************
+*   Unary Operations                                                                                                             *
+*********************************************************************************************************************************/
+
+/**
+ * Emits code for clearing bits 16 thru 63 in the GPR.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitNegGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst)
+{
+#if defined(RT_ARCH_AMD64)
+    /* neg Ev */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    pbCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    pbCodeBuf[off++] = 0xf7;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 3, iGprDst & 7);
+
+#elif defined(RT_ARCH_ARM64)
+    /* sub dst, xzr, dst */
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrNeg(iGprDst);
 
 #else
@@ -2808 +2864 @@
 #elif defined(RT_ARCH_ARM64)
     return iemNativeEmitJccToNewLabel(pReNative, off, enmLabelType, uData, kArmv8InstrCond_Hi);
+#else
+# error "Port me!"
+#endif
+}
+
+
+/**
+ * Emits a JL/JNGE rel32 / B.LT imm19 to the given label.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJlToLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxLabel)
+{
+#ifdef RT_ARCH_AMD64
+    return iemNativeEmitJccToLabel(pReNative, off, idxLabel, kIemNativeInstrCond_l);
+#elif defined(RT_ARCH_ARM64)
+    return iemNativeEmitJccToLabel(pReNative, off, idxLabel, kArmv8InstrCond_Lt);
+#else
+# error "Port me!"
+#endif
+}
+
+/**
+ * Emits a JA/JNGE rel32 / B.HI imm19 to a new label.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJlToNewLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off,
+                                                      IEMNATIVELABELTYPE enmLabelType, uint16_t uData = 0)
+{
+#ifdef RT_ARCH_AMD64
+    return iemNativeEmitJccToNewLabel(pReNative, off, enmLabelType, uData, kIemNativeInstrCond_l);
+#elif defined(RT_ARCH_ARM64)
+    return iemNativeEmitJccToNewLabel(pReNative, off, enmLabelType, uData, kArmv8InstrCond_Lt);
 #else
 # error "Port me!"