Changeset 105094 in vbox

Timestamp:

Jul 2, 2024 9:33:52 AM (10 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

163715

Message:

VMM/IEM,ValKit/bs3-cpu-weird-1: syscall TF & debug event fixes; extended bs3-cpu-weird-1 with syscall (only tested on intel). bugref:10715

Location:

trunk/src/VBox

Files:

• VMM/VMMAll/IEMAll.cpp (modified) (3 diffs)
• VMM/VMMAll/IEMAllCImpl.cpp (modified) (4 diffs)
• VMM/VMMAll/IEMAllInstTwoByte0f.cpp.h (modified) (1 diff)
• ValidationKit/bootsectors/bs3-cpu-weird-1-template.mac (modified) (1 diff)
• ValidationKit/bootsectors/bs3-cpu-weird-1-x0.c (modified) (17 diffs)
• ValidationKit/bootsectors/bs3-cpu-weird-1.c (modified) (2 diffs)
• ValidationKit/bootsectors/bs3kit/Makefile.kmk (modified) (1 diff)
• ValidationKit/bootsectors/bs3kit/bs3-c64-Syscall64Generic.asm (copied) (copied from trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-c64-Trap64Generic.asm ) (8 diffs)
• ValidationKit/bootsectors/bs3kit/bs3-cmn-TrapDefaultHandler.c (modified) (1 diff)
• ValidationKit/bootsectors/bs3kit/bs3kit-mangling-code-define.h (modified) (1 diff)
• ValidationKit/bootsectors/bs3kit/bs3kit-mangling-code-undef.h (modified) (1 diff)
• ValidationKit/bootsectors/bs3kit/bs3kit.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -3254 +3254 @@
 
     /*
-     * Hack alert! Convert incoming debug events to slient on Intel.
-     * See bs3-cpu-weird-1.
-     */
-    if (   !(fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
-        || !(pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK_NONSILENT)
-        || !IEM_IS_GUEST_CPU_INTEL(pVCpu))
-    { /* ignore */ }
-    else
-    {
-        Log(("iemRaiseXcptOrIntInProtMode: Converting pending %#x debug events to a silent one (intel hack)\n",
-             u8Vector, pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK));
-        pVCpu->cpum.GstCtx.eflags.uBoth = (pVCpu->cpum.GstCtx.eflags.uBoth & ~CPUMCTX_DBG_HIT_DRX_MASK)
-                                        | CPUMCTX_DBG_HIT_DRX_SILENT;
-    }
-
-    /*
      * Read the IDT entry.
      */
@@ -3769 +3753 @@
 {
     IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
-
-    /*
-     * Hack alert! Convert incoming debug events to slient on Intel.
-     * See bs3-cpu-weird-1.
-     */
-    if (   !(fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
-        || !(pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK_NONSILENT)
-        || !IEM_IS_GUEST_CPU_INTEL(pVCpu))
-    { /* ignore */ }
-    else
-    {
-        Log(("iemRaiseXcptOrIntInLongMode: Converting pending %#x debug events to a silent one (intel hack)\n",
-             u8Vector, pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK));
-        pVCpu->cpum.GstCtx.eflags.uBoth = (pVCpu->cpum.GstCtx.eflags.uBoth & ~CPUMCTX_DBG_HIT_DRX_MASK)
-                                        | CPUMCTX_DBG_HIT_DRX_SILENT;
-    }
 
     /*
@@ -4323 +4291 @@
         if (fFlags & IEM_XCPT_FLAGS_CR2)
             EMHistoryAddExit(pVCpu, EMEXIT_MAKE_FT(EMEXIT_F_KIND_XCPT, u8Vector | EMEXIT_F_XCPT_CR2), uCr2, uTimestamp);
+    }
+
+    /*
+     * Hack alert! Convert incoming debug events to slient on Intel.
+     * See the dbg+inhibit+ringxfer test in bs3-cpu-weird-1.
+     */
+    if (   !(fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
+        || !(pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK_NONSILENT)
+        || !IEM_IS_GUEST_CPU_INTEL(pVCpu))
+    { /* ignore */ }
+    else
+    {
+        Log(("iemRaiseXcptOrIntInLongMode: Converting pending %#x debug events to a silent one (intel hack)\n",
+             u8Vector, pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK));
+        pVCpu->cpum.GstCtx.eflags.uBoth = (pVCpu->cpum.GstCtx.eflags.uBoth & ~CPUMCTX_DBG_HIT_DRX_MASK)
+                                        | CPUMCTX_DBG_HIT_DRX_SILENT;
     }
 

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp

@@ -3992 +3992 @@
 IEM_CIMPL_DEF_0(iemCImpl_syscall)
 {
-    /** @todo hack, LOADALL should be decoded as such on a 286. */
-    if (RT_UNLIKELY(pVCpu->iem.s.uTargetCpu == IEMTARGETCPU_286))
-        return iemCImpl_loadall286(pVCpu, cbInstr);
+
 
     /*
@@ -4013 +4011 @@
         return iemRaiseGeneralProtectionFault0(pVCpu);
     }
-    if (IEM_IS_GUEST_CPU_INTEL(pVCpu) && !CPUMIsGuestInLongModeEx(IEM_GET_CTX(pVCpu)))
-    {
-        Log(("syscall: Only available in long mode on intel -> #UD\n"));
+    if (   IEM_IS_GUEST_CPU_INTEL(pVCpu)
+        && !IEM_IS_64BIT_CODE(pVCpu)) //&& !CPUMIsGuestInLongModeEx(IEM_GET_CTX(pVCpu)))
+    {
+        Log(("syscall: Only available in 64-bit mode on intel -> #UD\n"));
         return iemRaiseUndefinedOpcode(pVCpu);
     }
@@ -4032 +4031 @@
     }
 
-    /* Long mode and legacy mode differs. */
+    /*
+     * Hack alert! Convert incoming debug events to slient on Intel.
+     * See the dbg+inhibit+ringxfer test in bs3-cpu-weird-1.
+     */
+    if (   !(pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK_NONSILENT)
+        || !IEM_IS_GUEST_CPU_INTEL(pVCpu))
+    { /* ignore */ }
+    else
+    {
+        Log(("iemCImpl_syscall: Converting pending debug events to a silent one (intel hack)\n",
+             pVCpu->cpum.GstCtx.eflags.uBoth & CPUMCTX_DBG_HIT_DRX_MASK));
+        pVCpu->cpum.GstCtx.eflags.uBoth = (pVCpu->cpum.GstCtx.eflags.uBoth & ~CPUMCTX_DBG_HIT_DRX_MASK)
+                                        | CPUMCTX_DBG_HIT_DRX_SILENT;
+    }
+
+    /*
+     * Long mode and legacy mode differs.
+     */
     if (CPUMIsGuestInLongModeEx(IEM_GET_CTX(pVCpu)))
     {
@@ -4096 +4112 @@
     IEM_FLUSH_PREFETCH_HEAVY(pVCpu, cbInstr);
 
-/** @todo single step   */
-    return VINF_SUCCESS;
+    /*
+     * Handle debug events.
+     * If TF isn't masked, we're supposed to raise a single step #DB.
+     */
+    return iemRegFinishClearingRF(pVCpu, VINF_SUCCESS);
 }
 

trunk/src/VBox/VMM/VMMAll/IEMAllInstTwoByte0f.cpp.h

@@ -1857 +1857 @@
 FNIEMOP_DEF(iemOp_syscall)
 {
-    IEMOP_MNEMONIC(syscall, "syscall"); /** @todo 286 LOADALL   */
-    IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
-    /** @todo r=aeichner Clobbers cr0 only if this is a 286 LOADALL instruction. */
-    IEM_MC_DEFER_TO_CIMPL_0_RET(IEM_CIMPL_F_BRANCH_INDIRECT | IEM_CIMPL_F_BRANCH_FAR | IEM_CIMPL_F_BRANCH_STACK_FAR
-                                | IEM_CIMPL_F_MODE | IEM_CIMPL_F_RFLAGS | IEM_CIMPL_F_END_TB,
-                                RT_BIT_64(kIemNativeGstReg_Cr0), iemCImpl_syscall);
+    if (RT_LIKELY(pVCpu->iem.s.uTargetCpu != IEMTARGETCPU_286))
+    {
+        IEMOP_MNEMONIC(syscall, "syscall");
+        IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+        IEM_MC_DEFER_TO_CIMPL_0_RET(IEM_CIMPL_F_BRANCH_INDIRECT | IEM_CIMPL_F_BRANCH_FAR | IEM_CIMPL_F_BRANCH_STACK_FAR
+                                    | IEM_CIMPL_F_MODE | IEM_CIMPL_F_RFLAGS | IEM_CIMPL_F_END_TB, 0, iemCImpl_syscall);
+    }
+    else
+    {
+        IEMOP_MNEMONIC(loadall286, "loadall286");
+        IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX();
+        IEM_MC_DEFER_TO_CIMPL_0_RET(IEM_CIMPL_F_BRANCH_INDIRECT | IEM_CIMPL_F_BRANCH_FAR | IEM_CIMPL_F_BRANCH_STACK_FAR
+                                    | IEM_CIMPL_F_MODE | IEM_CIMPL_F_RFLAGS | IEM_CIMPL_F_END_TB,
+                                    RT_BIT_64(kIemNativeGstReg_Cr0), iemCImpl_loadall286);
+    }
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-weird-1-template.mac

@@ -55 +55 @@
 
 
+%if TMPL_BITS != 64
+
 ;
 ; Inhibited int 80h.
 ;
-BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedInt80, BS3_PBC_NEAR
-        ; Load SS from stack.  This instruction causes fusing.
-%if TMPL_BITS != 64
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedPopSsInt80, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
         pop     ss
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedPopSsInt80_int80), , 0
+        int     80h
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedPopSsInt80
+
+;
+; Inhibited int 3.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedPopSsInt3, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+        pop     ss
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedPopSsInt3_int3), , 0
+        int     3
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedPopSsInt3_int3) == 2)
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedPopSsInt3
+
+
+;
+; Inhibited int3.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedPopSsBp, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+        pop     ss
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedPopSsBp_int3), , 0
+        int3
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedPopSsBp_int3) == 1)
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedPopSsBp
+
+%endif ; TMPL_BITS != 64
+
+
+;
+; Inhibited int 80h.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedMovSsInt80, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+        mov     ss, [xBP]
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsInt80_int80), , 0
+        int     80h
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedMovSsInt80
+
+;
+; Inhibited int 3.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedMovSsInt3, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+        mov     ss, [xBP]
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsInt3_int3), , 0
+        int     3
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsInt3_int3) == 2)
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedMovSsInt3
+
+
+;
+; Inhibited int3.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedMovSsBp, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+        mov     ss, [xBP]
+        ; The ring transition instruction.
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsBp_int3), , 0
+        int3
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsBp_int3) == 1)
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedMovSsBp
+
+
+;
+; Inhibited syscall.
+;
+BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedMovSsSyscall, BS3_PBC_NEAR
+        ; Load SS from stack.  This instruction causes fusing.
+%if 1
+        mov     ss, [xBP]
 %else
-        mov     ss, [rsp]
+        pushf
+        or    word [xBP - xCB], X86_EFL_TF
+        popf
 %endif
         ; The ring transition instruction.
-BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedInt80_int80), , 0
-        int     80h
-        ; We shouldn't get here!
-.ud2_again:
-        ud2
-        jmp     .ud2_again
-BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedInt80
-
-;
-; Inhibited int 3.
-;
-BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedInt3, BS3_PBC_NEAR
-        ; Load SS from stack.  This instruction causes fusing.
-%if TMPL_BITS != 64
-        pop     ss
-%else
-        mov     ss, [rsp]
-%endif
-        ; The ring transition instruction.
-BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedInt3_int3), , 0
-        int     3
-        ; We shouldn't get here!
-.ud2_again:
-        ud2
-        jmp     .ud2_again
-AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedInt3_int3) == 2)
-BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedInt3
-
-
-;
-; Inhibited int3.
-;
-BS3_PROC_BEGIN_CMN bs3CpuWeird1_InhibitedBp, BS3_PBC_NEAR
-        ; Load SS from stack.  This instruction causes fusing.
-%if TMPL_BITS != 64
-        pop     ss
-%else
-        mov     ss, [rsp]
-%endif
-        ; The ring transition instruction.
-BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedBp_int3), , 0
-        int3
-        ; We shouldn't get here!
-.ud2_again:
-        ud2
-        jmp     .ud2_again
-AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedBp_int3) == 1)
-BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedBp
+BS3_GLOBAL_NAME_EX BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsSyscall_syscall), , 0
+        syscall
+        ; We shouldn't get here!
+.ud2_again:
+        ud2
+        jmp     .ud2_again
+AssertCompile(.ud2_again - BS3_CMN_NM(bs3CpuWeird1_InhibitedMovSsSyscall_syscall) == 2)
+BS3_PROC_END_CMN   bs3CpuWeird1_InhibitedMovSsSyscall
 
 

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-weird-1-x0.c

@@ -57 +57 @@
     } while (0)
 
+#define BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(a_Name, a_Label) \
+    extern FNBS3FAR a_Name##_c16, a_Name##_##a_Label##_c16; \
+    extern FNBS3FAR a_Name##_c32, a_Name##_##a_Label##_c32; \
+    extern FNBS3FAR a_Name##_c64, a_Name##_##a_Label##_c64
+
 
 /*********************************************************************************************************************************
 *   External Symbols                                                                                                             *
 *********************************************************************************************************************************/
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_c64;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_int80_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_int80_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt80_int80_c64;
-
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_c64;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_int3_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_int3_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedInt3_int3_c64;
-
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_c64;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_int3_c16;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_int3_c32;
-extern FNBS3FAR     bs3CpuWeird1_InhibitedBp_int3_c64;
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedMovSsInt80, int80);
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedPopSsInt80, int80);
+
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedMovSsInt3, int3);
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedPopSsInt3, int3);
+
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedMovSsBp, int3);
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedPopSsBp, int3);
+
+BS3_CPU_WEIRD_1_EXTERN_ASM_FN_VARS(bs3CpuWeird1_InhibitedMovSsSyscall, syscall);
 
 
@@ -150 +145 @@
                       uDr6, pTrapCtx->uHandlerCs, pTrapCtx->uHandlerSs, pTrapCtx->uHandlerRsp,
                       pTrapCtx->fHandlerRfl, pTrapCtx->cbIretFrame);
-#if 0
+#if 1
         Bs3TestPrintf("Halting in CompareIntCtx: bXcpt=%#x\n", bXcpt);
         ASMHalt();
@@ -174 +169 @@
 
 
+static void bs3RegCtxScramble(PBS3REGCTX pCtx, uint8_t bTestMode)
+{
+    if (BS3_MODE_IS_64BIT_SYS(bTestMode))
+    {
+        pCtx->r8.au32[0]  ^= UINT32_C(0x2f460cb9);
+        pCtx->r8.au32[1]  ^= UINT32_C(0x2dc346ff);
+        pCtx->r9.au32[0]  ^= UINT32_C(0x9c50d12e);
+        pCtx->r9.au32[1]  ^= UINT32_C(0x60be8859);
+        pCtx->r10.au32[0] ^= UINT32_C(0xa45fbe73);
+        pCtx->r10.au32[1] ^= UINT32_C(0x094140bf);
+        pCtx->r11.au32[0] ^= UINT32_C(0x8200148b);
+        pCtx->r11.au32[1] ^= UINT32_C(0x95dfc457);
+        pCtx->r12.au32[0] ^= UINT32_C(0xabc885f6);
+        pCtx->r12.au32[1] ^= UINT32_C(0xb9af126a);
+        pCtx->r13.au32[0] ^= UINT32_C(0xa2c4435c);
+        pCtx->r13.au32[1] ^= UINT32_C(0x1692b52e);
+        pCtx->r14.au32[0] ^= UINT32_C(0x85a56477);
+        pCtx->r14.au32[1] ^= UINT32_C(0x31a44a04);
+        pCtx->r15.au32[0] ^= UINT32_C(0x8d5b3072);
+        pCtx->r15.au32[1] ^= UINT32_C(0xc2ffce37);
+    }
+}
+
+
+typedef enum {
+    DbgInhibitRingXferType_SoftInt,
+    DbgInhibitRingXferType_Syscall
+} DBGINHIBITRINGXFERTYPE;
+
 static int bs3CpuWeird1_DbgInhibitRingXfer_Worker(uint8_t bTestMode, uint8_t bIntGate, uint8_t cbRingInstr, int8_t cbSpAdjust,
-                                                  FPFNBS3FAR pfnTestCode, FPFNBS3FAR pfnTestLabel)
+                                                  FPFNBS3FAR pfnTestCode, FPFNBS3FAR pfnTestLabel, DBGINHIBITRINGXFERTYPE enmType)
 {
+    BS3REGCTX               Ctx;
     BS3TRAPFRAME            TrapCtx;
-    BS3TRAPFRAME            TrapExpect;
-    BS3REGCTX               Ctx;
+    BS3TRAPFRAME            TrapExpectXfer;     /* Expected registers after transfer (no #DB). */
+    BS3TRAPFRAME            TrapExpectXferDb;   /* Expected registers after transfer followed by some #DB. */
     uint8_t                 bSavedDpl;
     uint8_t const           offTestLabel    = BS3_FP_OFF(pfnTestLabel) - BS3_FP_OFF(pfnTestCode);
-    //uint8_t const           cbIretFrameSame = BS3_MODE_IS_RM_SYS(bTestMode)    ? 6
-    //                                        : BS3_MODE_IS_16BIT_SYS(bTestMode) ? 12
-    //                                        : BS3_MODE_IS_64BIT_SYS(bTestMode) ? 40 : 12;
-    uint8_t                 cbIretFrameInt;
-    uint8_t                 cbIretFrameIntDb;
     uint8_t const           cbIretFrameSame = BS3_MODE_IS_16BIT_SYS(bTestMode) ? 6
                                             : BS3_MODE_IS_32BIT_SYS(bTestMode) ? 12 : 40;
+    uint8_t const           cbIretFrameRing = BS3_MODE_IS_16BIT_SYS(bTestMode) ? 10
+                                            : BS3_MODE_IS_32BIT_SYS(bTestMode) ? 20 : 40;
     uint8_t const           cbSpAdjSame     = BS3_MODE_IS_64BIT_SYS(bTestMode) ? 48 : cbIretFrameSame;
-    uint8_t                 bVmeMethod = 0;
-    uint64_t                uHandlerRspInt;
-    uint64_t                uHandlerRspIntDb;
+    bool const              fAlwaysUd       = enmType == DbgInhibitRingXferType_Syscall && bTestMode != BS3_MODE_LM64;
+    uint8_t                 bVmeMethod      = 0;
+    uint8_t                 cbIretFrameDb;      /* #DB before xfer */
+    uint64_t                uHandlerRspDb;      /* #DB before xfer */
     BS3_XPTR_AUTO(uint32_t, StackXptr);
+
+    if (fAlwaysUd)
+        bIntGate = X86_XCPT_UD;
 
     /* make sure they're allocated  */
     Bs3MemZero(&Ctx, sizeof(Ctx));
     Bs3MemZero(&TrapCtx, sizeof(TrapCtx));
-    Bs3MemZero(&TrapExpect, sizeof(TrapExpect));
+    Bs3MemZero(&TrapExpectXfer, sizeof(TrapExpectXfer));
+    Bs3MemZero(&TrapExpectXferDb, sizeof(TrapExpectXferDb));
 
     /*
@@ -206 +233 @@
 
     Bs3RegCtxSaveEx(&Ctx, bTestMode, 1024);
+    bs3RegCtxScramble(&Ctx, bTestMode);
     Bs3RegCtxSetRipCsFromLnkPtr(&Ctx, pfnTestCode);
     if (BS3_MODE_IS_16BIT_SYS(bTestMode))
@@ -225 +253 @@
 
     /* V8086: Set IOPL to 3. */
-    if (BS3_MODE_IS_V86(bTestMode))
+    if (BS3_MODE_IS_V86(bTestMode) && enmType != DbgInhibitRingXferType_Syscall)
     {
         Ctx.rflags.u32 |= X86_EFL_IOPL;
@@ -243 +271 @@
     }
 
+    /* Make BP = SP since 16-bit can't use SP for addressing. */
+    Ctx.rbp = Ctx.rsp;
+
     /*
      * Test #0: Test run.  Calc expected delayed #DB from it.
@@ -252 +283 @@
     }
     *BS3_XPTR_GET(uint32_t, StackXptr) = Ctx.ss;
-    Bs3TrapSetJmpAndRestore(&Ctx, &TrapExpect);
-    if (TrapExpect.bXcpt != bIntGate)
-    {
-
-        Bs3TestFailedF("%u: bXcpt is %#x, expected %#x!\n", g_usBs3TestStep, TrapExpect.bXcpt, bIntGate);
-        Bs3TrapPrintFrame(&TrapExpect);
+    Bs3TrapSetJmpAndRestore(&Ctx, &TrapExpectXfer);
+    if (TrapExpectXfer.bXcpt != bIntGate)
+    {
+        Bs3TestFailedF("%u: bXcpt is %#x, expected %#x!\n", g_usBs3TestStep, TrapExpectXfer.bXcpt, bIntGate);
+        Bs3TrapPrintFrame(&TrapExpectXfer);
         return 1;
     }
-
-    cbIretFrameInt   = TrapExpect.cbIretFrame;
-    cbIretFrameIntDb = cbIretFrameInt + cbIretFrameSame;
-    uHandlerRspInt   = TrapExpect.uHandlerRsp;
-    uHandlerRspIntDb = uHandlerRspInt - cbSpAdjSame;
-
-    TrapExpect.Ctx.bCpl         = 0;
-    TrapExpect.Ctx.cs           = TrapExpect.uHandlerCs;
-    TrapExpect.Ctx.ss           = TrapExpect.uHandlerSs;
-    TrapExpect.Ctx.rsp.u64      = TrapExpect.uHandlerRsp;
-    TrapExpect.Ctx.rflags.u64   = TrapExpect.fHandlerRfl;
-    if (BS3_MODE_IS_V86(bTestMode))
-    {
-        if (bVmeMethod >= 5)
+    Bs3MemCpy(&TrapExpectXferDb, &TrapExpectXfer, sizeof(TrapExpectXferDb));
+
+    if (!fAlwaysUd)
+    {
+        TrapExpectXferDb.Ctx.bCpl         = 0;
+        TrapExpectXferDb.Ctx.cs           = TrapExpectXfer.uHandlerCs;
+        TrapExpectXferDb.Ctx.ss           = TrapExpectXfer.uHandlerSs;
+        TrapExpectXferDb.Ctx.rsp.u64      = TrapExpectXfer.uHandlerRsp;
+        TrapExpectXferDb.Ctx.rflags.u64   = TrapExpectXfer.fHandlerRfl;
+
+        if (enmType != DbgInhibitRingXferType_Syscall)
         {
-            TrapExpect.Ctx.rflags.u32 |= X86_EFL_VM;
-            TrapExpect.Ctx.bCpl = 3;
-            TrapExpect.Ctx.rip.u64 = bs3CpuWeird1_GetTrapHandlerEIP(bIntGate, bTestMode, true);
-            cbIretFrameIntDb = 36;
-            if (BS3_MODE_IS_16BIT_SYS(bTestMode))
-                uHandlerRspIntDb = Bs3Tss16.sp0  - cbIretFrameIntDb;
-            else
-                uHandlerRspIntDb = Bs3Tss32.esp0 - cbIretFrameIntDb;
+            TrapExpectXferDb.cbIretFrame  = TrapExpectXfer.cbIretFrame + cbIretFrameSame;
+            TrapExpectXferDb.uHandlerRsp  = TrapExpectXfer.uHandlerRsp - cbSpAdjSame;
         }
         else
         {
-            TrapExpect.Ctx.ds   = 0;
-            TrapExpect.Ctx.es   = 0;
-            TrapExpect.Ctx.fs   = 0;
-            TrapExpect.Ctx.gs   = 0;
+            TrapExpectXfer.cbIretFrame    = 0xff;
+            TrapExpectXferDb.cbIretFrame  = cbIretFrameSame;
+            TrapExpectXfer.uHandlerRsp    = Ctx.rsp.u - cbSpAdjust;
+            TrapExpectXferDb.uHandlerRsp  = (TrapExpectXfer.uHandlerRsp & ~(uint64_t)15) - cbIretFrameSame;
         }
-    }
+        if (BS3_MODE_IS_V86(bTestMode))
+        {
+            if (bVmeMethod >= 5)
+            {
+                TrapExpectXferDb.Ctx.rflags.u32 |= X86_EFL_VM;
+                TrapExpectXferDb.Ctx.bCpl = 3;
+                TrapExpectXferDb.Ctx.rip.u64 = bs3CpuWeird1_GetTrapHandlerEIP(bIntGate, bTestMode, true);
+                TrapExpectXferDb.cbIretFrame = 36;
+                if (BS3_MODE_IS_16BIT_SYS(bTestMode))
+                    TrapExpectXferDb.uHandlerRsp = Bs3Tss16.sp0  - TrapExpectXferDb.cbIretFrame;
+                else
+                    TrapExpectXferDb.uHandlerRsp = Bs3Tss32.esp0 - TrapExpectXferDb.cbIretFrame;
+            }
+            else
+            {
+                TrapExpectXferDb.Ctx.ds   = 0;
+                TrapExpectXferDb.Ctx.es   = 0;
+                TrapExpectXferDb.Ctx.fs   = 0;
+                TrapExpectXferDb.Ctx.gs   = 0;
+            }
+        }
+    }
+
+    if (enmType != DbgInhibitRingXferType_Syscall)
+    {
+        cbIretFrameDb = TrapExpectXfer.cbIretFrame;
+        uHandlerRspDb = TrapExpectXfer.uHandlerRsp;
+    }
+    else
+    {
+        cbIretFrameDb = cbIretFrameRing;
+        uHandlerRspDb = BS3_ADDR_STACK_R0 - cbIretFrameRing;
+    }
+
 
     /*
@@ -303 +357 @@
     }
     *BS3_XPTR_GET(uint32_t, StackXptr) = Ctx.ss;
-    Ctx.rflags.u32 |= X86_EFL_TF;
+//    Ctx.rflags.u32 |= X86_EFL_TF;
 
     Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
     if (   !BS3_MODE_IS_V86(bTestMode)
-        || bVmeMethod < 5)
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, bIntGate, offTestLabel + cbRingInstr, cbSpAdjust,
-                                               X86_DR6_INIT_VAL, cbIretFrameInt, uHandlerRspInt);
+             || bVmeMethod < 5)
+        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, bIntGate, 0, 0, X86_DR6_INIT_VAL,
+                                               TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
     else
     {
-        TrapExpect.Ctx.rflags.u32 |= X86_EFL_TF;
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpect.Ctx, X86_XCPT_DB, offTestLabel, -2,
-                                               X86_DR6_INIT_VAL | X86_DR6_BS, cbIretFrameIntDb, uHandlerRspIntDb);
-        TrapExpect.Ctx.rflags.u32 &= ~X86_EFL_TF;
+        TrapExpectXferDb.Ctx.rflags.u32 |= X86_EFL_TF;
+        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXferDb.Ctx, X86_XCPT_DB, offTestLabel, -2,
+                                               X86_DR6_INIT_VAL | X86_DR6_BS,
+                                               TrapExpectXferDb.cbIretFrame, TrapExpectXferDb.uHandlerRsp);
+        TrapExpectXferDb.Ctx.rflags.u32 &= ~X86_EFL_TF;
     }
 
@@ -337 +392 @@
         if (g_enmCpuVendor == BS3CPUVENDOR_AMD || g_enmCpuVendor == BS3CPUVENDOR_HYGON)
             bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, offTestLabel, cbSpAdjust,
-                                                   X86_DR6_INIT_VAL | X86_DR6_B0, cbIretFrameInt, uHandlerRspInt);
+                                                   X86_DR6_INIT_VAL | X86_DR6_B0, TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
         else
-            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, bIntGate, offTestLabel + cbRingInstr, cbSpAdjust,
-                                                   X86_DR6_INIT_VAL, cbIretFrameInt, uHandlerRspInt);
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, bIntGate, 0, 0, X86_DR6_INIT_VAL,
+                                                   TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
 
         /*
@@ -354 +409 @@
         if (g_enmCpuVendor == BS3CPUVENDOR_AMD || g_enmCpuVendor ==  BS3CPUVENDOR_HYGON)
             bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, offTestLabel, cbSpAdjust,
-                                                   X86_DR6_INIT_VAL | X86_DR6_B0, cbIretFrameInt, uHandlerRspInt);
+                                                   X86_DR6_INIT_VAL | X86_DR6_B0, TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
         else
-            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, bIntGate, offTestLabel + cbRingInstr, cbSpAdjust,
-                                                   X86_DR6_INIT_VAL, cbIretFrameInt, uHandlerRspInt);
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, bIntGate, 0, 0, X86_DR6_INIT_VAL,
+                                                   TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
 
         /*
          * Test #4: Execution breakpoint on pop ss / mov ss.  Hits.
+         *
          * Note! In real mode AMD-V updates the stack pointer, or something else is busted. Totally weird!
+         *
+         *       Update: see Test #6 update.
          */
         g_usBs3TestStep++;
@@ -370 +428 @@
 
         Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, 0, 0, X86_DR6_INIT_VAL | X86_DR6_B0,
-                                               cbIretFrameInt,
-                                               uHandlerRspInt - (BS3_MODE_IS_RM_SYS(bTestMode) ? 2 : 0) );
+        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, 0, 0, X86_DR6_INIT_VAL | X86_DR6_B0, cbIretFrameDb,
+                                               uHandlerRspDb - (BS3_MODE_IS_RM_SYS(bTestMode) ? cbSpAdjust : 0) );
 
         /*
@@ -384 +441 @@
 
         Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, 0, 0, X86_DR6_INIT_VAL | X86_DR6_B0,
-                                               cbIretFrameInt,
-                                               uHandlerRspInt - (BS3_MODE_IS_RM_SYS(bTestMode) ? 2 : 0) );
+        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &Ctx, X86_XCPT_DB, 0, 0, X86_DR6_INIT_VAL | X86_DR6_B0, cbIretFrameDb,
+                                               uHandlerRspDb - (BS3_MODE_IS_RM_SYS(bTestMode) ? cbSpAdjust : 0) );
+        Bs3RegSetDr7(0);
 
         /*
@@ -406 +463 @@
 
         Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-        TrapExpect.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
+        Bs3RegSetDr7(0);
+        TrapExpectXferDb.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
         Bs3RegSetDr7(0);
         uDr6Expect = X86_DR6_INIT_VAL | X86_DR6_B0;
-        if (g_enmCpuVendor == BS3CPUVENDOR_INTEL && bTestMode != BS3_MODE_RM)
+        if (g_enmCpuVendor == BS3CPUVENDOR_INTEL && (bTestMode != BS3_MODE_RM || cbSpAdjust == 0))
             uDr6Expect = X86_DR6_INIT_VAL;
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpect.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
-                                               cbIretFrameSame, uHandlerRspIntDb);
+        if (!fAlwaysUd)
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXferDb.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
+                                                   cbIretFrameSame, TrapExpectXferDb.uHandlerRsp);
+        else
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, X86_XCPT_UD, 0, 0, uDr6Expect,
+                                                   TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
 
         /*
@@ -424 +486 @@
 
         Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-        TrapExpect.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
+        TrapExpectXferDb.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
         Bs3RegSetDr7(0);
         uDr6Expect = X86_DR6_INIT_VAL | X86_DR6_B0;
-        if (g_enmCpuVendor == BS3CPUVENDOR_INTEL && bTestMode != BS3_MODE_RM)
+        if (g_enmCpuVendor == BS3CPUVENDOR_INTEL && (bTestMode != BS3_MODE_RM || cbSpAdjust == 0))
             uDr6Expect = X86_DR6_INIT_VAL;
-        bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpect.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
-                                               cbIretFrameSame, uHandlerRspIntDb);
+        if (!fAlwaysUd)
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXferDb.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
+                                                   cbIretFrameSame, TrapExpectXferDb.uHandlerRsp);
+        else
+            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, X86_XCPT_UD, 0, 0, uDr6Expect,
+                                                   TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
 
         if (!BS3_MODE_IS_RM_OR_V86(bTestMode))
@@ -447 +513 @@
 
             Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-            TrapExpect.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
+            TrapExpectXferDb.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
             Bs3RegSetDr7(0);
             uDr6Expect = g_enmCpuVendor == BS3CPUVENDOR_INTEL ? X86_DR6_INIT_VAL : X86_DR6_INIT_VAL | X86_DR6_B1;
-            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpect.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
-                                                   cbIretFrameSame, uHandlerRspIntDb);
+            if (!fAlwaysUd)
+                bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXferDb.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
+                                                       cbIretFrameSame, TrapExpectXferDb.uHandlerRsp);
+            else
+                bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, X86_XCPT_UD, 0, 0, uDr6Expect,
+                                                       TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
 
             /*
@@ -465 +535 @@
 
             Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
-            TrapExpect.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
+            TrapExpectXferDb.Ctx.rip = TrapCtx.Ctx.rip; /// @todo fixme
             Bs3RegSetDr7(0);
             uDr6Expect = g_enmCpuVendor == BS3CPUVENDOR_INTEL ? X86_DR6_INIT_VAL : X86_DR6_INIT_VAL | X86_DR6_B1;
-            bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpect.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
-                                                   cbIretFrameSame, uHandlerRspIntDb);
+            if (!fAlwaysUd)
+                bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXferDb.Ctx, X86_XCPT_DB, 0, 0, uDr6Expect,
+                                                       cbIretFrameSame, TrapExpectXferDb.uHandlerRsp);
+            else
+                bs3CpuWeird1_CompareDbgInhibitRingXfer(&TrapCtx, &TrapExpectXfer.Ctx, X86_XCPT_UD, 0, 0, uDr6Expect,
+                                                       TrapExpectXfer.cbIretFrame, TrapExpectXfer.uHandlerRsp);
         }
 
@@ -508 +582 @@
     /** @todo test all V8086 software INT delivery modes (currently only 4 and 1). */
 
+#define ASM_FN_ARGS(a_Name, a_Label, a_ModeSuff, a_Type) \
+        bs3CpuWeird1_##a_Name##_##a_ModeSuff, bs3CpuWeird1_##a_Name##_##a_Label##_##a_ModeSuff, DbgInhibitRingXferType_##a_Type
+
     /* Note! Both ICEBP and BOUND has be checked cursorily and found not to be affected. */
     if (BS3_MODE_IS_16BIT_CODE(bMode))
     {
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 2, bs3CpuWeird1_InhibitedInt80_c16, bs3CpuWeird1_InhibitedInt80_int80_c16);
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 2, ASM_FN_ARGS(InhibitedPopSsInt80, int80, c16, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt80, int80, c16, SoftInt));
         if (!BS3_MODE_IS_V86(bMode) || !g_fVME)
         {
             /** @todo explain why these GURU     */
-            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 2, bs3CpuWeird1_InhibitedInt3_c16,  bs3CpuWeird1_InhibitedInt3_int3_c16);
-            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 2, bs3CpuWeird1_InhibitedBp_c16,    bs3CpuWeird1_InhibitedBp_int3_c16);
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 2, ASM_FN_ARGS(InhibitedPopSsInt3, int3, c16, SoftInt));
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt3, int3, c16, SoftInt));
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 2, ASM_FN_ARGS(InhibitedPopSsBp,   int3, c16, SoftInt));
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 0, ASM_FN_ARGS(InhibitedMovSsBp,   int3, c16, SoftInt));
         }
     }
     else if (BS3_MODE_IS_32BIT_CODE(bMode))
     {
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 4, bs3CpuWeird1_InhibitedInt80_c32, bs3CpuWeird1_InhibitedInt80_int80_c32);
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 4, bs3CpuWeird1_InhibitedInt3_c32,  bs3CpuWeird1_InhibitedInt3_int3_c32);
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 4, bs3CpuWeird1_InhibitedBp_c32,    bs3CpuWeird1_InhibitedBp_int3_c32);
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 4, ASM_FN_ARGS(InhibitedPopSsInt80, int80, c32, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt80, int80, c32, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 4, ASM_FN_ARGS(InhibitedPopSsInt3,  int3,  c32, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt3,  int3,  c32, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 4, ASM_FN_ARGS(InhibitedPopSsBp,    int3,  c32, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 0, ASM_FN_ARGS(InhibitedMovSsBp,    int3,  c32, SoftInt));
     }
     else
     {
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 0, bs3CpuWeird1_InhibitedInt80_c64, bs3CpuWeird1_InhibitedInt80_int80_c64);
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 0, bs3CpuWeird1_InhibitedInt3_c64,  bs3CpuWeird1_InhibitedInt3_int3_c64);
-        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 0, bs3CpuWeird1_InhibitedBp_c64,    bs3CpuWeird1_InhibitedBp_int3_c64);
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x80, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt80, int80, c64, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 2, 0, ASM_FN_ARGS(InhibitedMovSsInt3,  int3,  c64, SoftInt));
+        bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0x03, 1, 0, ASM_FN_ARGS(InhibitedMovSsBp,    int3,  c64, SoftInt));
+    }
+
+    /* On intel, syscall only works in long mode. */
+/** @todo test this on AMD and extend it to non-64-bit modes */
+    if (BS3_MODE_IS_64BIT_SYS(bMode))
+    {
+        uint64_t const fSavedEfer = ASMRdMsr(MSR_K6_EFER);
+        ASMWrMsr(MSR_K8_SF_MASK, X86_EFL_TF);
+        ASMWrMsr(MSR_K8_LSTAR, g_pfnBs3Syscall64GenericFlat);
+        ASMWrMsr(MSR_K8_CSTAR, g_pfnBs3Syscall64GenericCompatibilityFlat);
+        ASMWrMsr(MSR_K6_STAR, (uint64_t)BS3_SEL_R0_CS64 << MSR_K6_STAR_SYSCALL_CS_SS_SHIFT);
+        ASMWrMsr(MSR_K6_EFER, fSavedEfer | MSR_K6_EFER_SCE);
+
+        if (BS3_MODE_IS_16BIT_CODE(bMode))
+        {
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0xfe, 2, 0, ASM_FN_ARGS(InhibitedMovSsSyscall, syscall, c16, Syscall));
+        }
+        else if (BS3_MODE_IS_32BIT_CODE(bMode))
+        {
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0xfe, 2, 0, ASM_FN_ARGS(InhibitedMovSsSyscall, syscall, c32, Syscall));
+        }
+        else
+        {
+            bs3CpuWeird1_DbgInhibitRingXfer_Worker(bMode, 0xff, 2, 0, ASM_FN_ARGS(InhibitedMovSsSyscall, syscall, c64, Syscall));
+        }
+
+        ASMWrMsr(MSR_K6_EFER, fSavedEfer);
+        ASMWrMsr(MSR_K6_STAR, 0);
+        ASMWrMsr(MSR_K8_LSTAR, 0);
+        ASMWrMsr(MSR_K8_CSTAR, 0);
+        ASMWrMsr(MSR_K8_SF_MASK, 0);
     }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-weird-1.c

@@ -57 +57 @@
 static const BS3TESTMODEBYONEENTRY g_aModeByOneTests[] =
 {
-#if 1/** @todo asserts in ring-0 on VT-x! */
+#if 1/** @todo asserts in ring-0 on VT-x!  (It works when run directly on intel 6700K hardware.) */
     { "dbg+inhibit+ringxfer", BS3_CMN_FAR_NM(bs3CpuWeird1_DbgInhibitRingXfer), 0 },
 #endif
+#if 0
 #if 1
     { "pc wrapping", BS3_CMN_FAR_NM(bs3CpuWeird1_PcWrapping), 0 },
@@ -65 +66 @@
 //    { "push/pop", BS3_CMN_FAR_NM(bs3CpuWeird1_PushPop), 0 },
     { "push/pop sreg", BS3_CMN_FAR_NM(bs3CpuWeird1_PushPopSReg), 0 },
+#endif
 };
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/Makefile.kmk

@@ -372 +372 @@
         bs3-cmn-PagingMapRamAbove4GForLM.c \
         bs3-cmn-SwitchHlpConvFlatRetToRetfProtMode.asm \
+        bs3-c64-Syscall64Generic.asm \
         bs3-c64-Trap64Generic.asm \
         ../../../Runtime/common/asm/ASMGetIDTR.asm \

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-c64-Syscall64Generic.asm

@@ -1 +1 @@
 ; $Id$
 ;; @file
-; BS3Kit - Trap, 64-bit assembly handlers.
-;
-
-;
-; Copyright (C) 2007-2023 Oracle and/or its affiliates.
+; BS3Kit - Syscall, 64-bit assembly handlers.
+;
+
+;
+; Copyright (C) 2007-2024 Oracle and/or its affiliates.
 ;
 ; This file is part of VirtualBox base platform packages, as
@@ -49 +49 @@
 ;*********************************************************************************************************************************
 BS3_EXTERN_DATA16 g_bBs3CurrentMode
-BS3_EXTERN_DATA16 g_apfnBs3TrapHandlers_c64
 TMPL_BEGIN_TEXT
 BS3_EXTERN_CMN Bs3TrapDefaultHandler
 BS3_EXTERN_CMN Bs3RegCtxRestore
+
+
+;*********************************************************************************************************************************
+;*  Global Variables                                                                                                             *
+;*********************************************************************************************************************************
+BS3_BEGIN_DATA16
+;; Easy to access flat address of Bs3Syscall64Generic.
+BS3_GLOBAL_DATA g_pfnBs3Syscall64GenericFlat, 4
+        dd Bs3Syscall64Generic wrt FLAT
+;; Easy to access flat address of Bs3Syscall64Generic.
+BS3_GLOBAL_DATA g_pfnBs3Syscall64GenericCompatibilityFlat, 4
+        dd Bs3Syscall64GenericCompatibility wrt FLAT
+
+
 TMPL_BEGIN_TEXT
 
-
-;*********************************************************************************************************************************
-;*  Global Variables                                                                                                             *
-;*********************************************************************************************************************************
-BS3_BEGIN_DATA16
-;; Easy to access flat address of Bs3Trap64GenericEntries.
-BS3_GLOBAL_DATA g_Bs3Trap64GenericEntriesFlatAddr, 4
-        dd Bs3Trap64GenericEntries wrt FLAT
-
-
-TMPL_BEGIN_TEXT
-
 ;;
-; Generic entry points for IDT handlers, 8 byte spacing.
-;
-BS3_PROC_BEGIN Bs3Trap64GenericEntries
-%macro Bs3Trap64GenericEntry 1
-        db      06ah, i                 ; push imm8 - note that this is a signextended value.
-        jmp     %1
-        ALIGNCODE(8)
-%assign i i+1
-%endmacro
-
-%assign i 0                             ; start counter.
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 0
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 2
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 3
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 4
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 5
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 6
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 7
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; 8
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 9
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; a
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; b
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; c
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; d
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; e
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; f  (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 10
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; 11
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 12
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 13
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 14
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 15 (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 16 (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 17 (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 18 (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 19 (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1a (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1b (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1c (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1d (reserved)
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapErrCode ; 1e
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt   ; 1f (reserved)
-%rep 224
-        Bs3Trap64GenericEntry Bs3Trap64GenericTrapOrInt
-%endrep
-BS3_PROC_END  Bs3Trap64GenericEntries
-
-
+; Generic function to load into LSTAR
+;
+; This will just skip 20h on the stack and set up a flat call frame there.
+;
+BS3_PROC_BEGIN Bs3Syscall64Generic
+        lea     rsp, [rsp - 20h]
+        push    rcx                         ; fake return address
+        push    rbp                         ; 0
+        mov     rbp, rsp
+        push    0xffff                      ; rbp-08h: bXpct+cbIretFrame values
+        jmp     Bs3Syscall64GenericCommon
+BS3_PROC_END   Bs3Syscall64Generic
 
 
 ;;
-; Trap or interrupt (no error code).
-;
-BS3_PROC_BEGIN Bs3Trap64GenericTrapOrInt
-        push    rbp                     ; 0
+; Generic function to load into CSTAR.
+;
+; Companion to Bs3Syscall64Generic.
+;
+BS3_PROC_BEGIN Bs3Syscall64GenericCompatibility
+        lea     rsp, [rsp - 20h]
+        push    rcx                         ; fake return address
+        push    rbp                         ; 0
         mov     rbp, rsp
-        pushfq                          ; -08h
+        push    0xfffe                      ; rbp-08h: bXpct+cbIretFrame values
+        jmp     Bs3Syscall64GenericCommon
+BS3_PROC_END   Bs3Syscall64GenericCompatibility
+
+
+;;
+; Common context saving code and dispatching.
+;
+; @param    rbp     Pointer to fake RBP frame.
+;
+BS3_PROC_BEGIN Bs3Syscall64GenericCommon
+        pushfq                              ; rbp-10h
         cld
-        push    rdi
-
-        ; Reserve space for the register and trap frame.
+        push    rdi                         ; rbp-10h
+        mov     di, ds
+        push    rdi                         ; rbp-20h
+        mov     di, ss
+        mov     ds, di                      ; ds := ss
+
+        ;
+        ; Align the stack and reserve space for the register and trap frame.
+        ;
+        and     rsp, ~0xf
         mov     edi, (BS3TRAPFRAME_size + 15) / 16
 .more_zeroed_space:
@@ -136 +122 @@
         dec     edi
         jnz     .more_zeroed_space
-        mov     rdi, rsp                ; rdi points to trapframe structure.
-
-        ; Free up rax.
-        mov     [edi + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], rax
-
+        mov     rdi, rsp                    ; rdi points to trapframe structure.
+
+        ;
+        ; Save rax so we can use it.
+        ;
+        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], rax
+
+        ;
+        ; Mark the trap frame as a special one.
+        ;
+        mov     ax, [rbp - 08h]
+        mov     word [rdi + BS3TRAPFRAME.bXcpt], ax ; Also sets cbIretFrame
+
+        mov     word [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], 0   ; We cannot tell.
+        mov     word [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], 0   ; We cannot tell.
+        mov     byte [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], 3 ; We cannot tell.
+
+        mov     [rdi + BS3TRAPFRAME.uHandlerCs], cs
+        mov     [rdi + BS3TRAPFRAME.uHandlerSs], ss
+
+        ;
         ; Copy stuff from the stack over.
-        mov     al, [rbp + 08h]
-        mov     [rdi + BS3TRAPFRAME.bXcpt], al
+        ;
         mov     rax, [rbp]
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], rax
-        mov     rax, [rbp - 08h]
+
+        mov     rax, [rbp - 10h]
         mov     [rdi + BS3TRAPFRAME.fHandlerRfl], rax
-        mov     rax, [rbp - 10h]
+        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], r11 ; with RF cleared
+
+        mov     rax, [rbp - 18h]
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], rax
 
-        lea     rbp, [rbp + 08h]        ; iret - 8 (i.e. rbp frame chain location)
-        jmp     Bs3Trap64GenericCommon
-BS3_PROC_END   Bs3Trap64GenericTrapOrInt
-
-
-;;
-; Trap with error code.
-;
-BS3_PROC_BEGIN Bs3Trap64GenericTrapErrCode
-        push    rbp                     ; 0
-        mov     rbp, rsp
-        pushfq                          ; -08h
-        cld
-        push    rdi
-
-        ; Reserve space for the register and trap frame.
-        mov     edi, (BS3TRAPFRAME_size + 15) / 16
-.more_zeroed_space:
-        push    qword 0
-        push    qword 0
-        dec     edi
-        jnz     .more_zeroed_space
-        mov     rdi, rsp                ; rdi points to trapframe structure.
-
-        ; Free up rax.
-        mov     [edi + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], rax
-
-        ; Copy stuff from the stack over.
-        mov     rax, [rbp + 10h]
-        mov     [rdi + BS3TRAPFRAME.uErrCd], rax
-        mov     al, [rbp + 08h]
-        mov     [rdi + BS3TRAPFRAME.bXcpt], al
-        mov     rax, [rbp]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], rax
-        mov     rax, [rbp - 08h]
-        mov     [rdi + BS3TRAPFRAME.fHandlerRfl], rax
-        mov     rax, [rbp - 10h]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], rax
-
-        lea     rbp, [rbp + 10h]        ; iret - 8 (i.e. rbp frame chain location)
-        jmp     Bs3Trap64GenericCommon
-BS3_PROC_END   Bs3Trap64GenericTrapErrCode
-
-
-;;
-; Common context saving code and dispatching.
-;
-; @param    rdi     Pointer to the trap frame.  The following members have been
-;                   filled in by the previous code:
-;                       - bXcpt
-;                       - uErrCd
-;                       - fHandlerRfl
-;                       - Ctx.rax
-;                       - Ctx.rbp
-;                       - Ctx.rdi
-;
-; @param    rbp     Pointer to the dword before the iret frame, i.e. where rbp
-;                   would be saved if this was a normal call.
-;
-BS3_PROC_BEGIN Bs3Trap64GenericCommon
-        ;
-        ; Fake RBP frame.
-        ;
-        mov     rax, [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp]
-        mov     [rbp], rax
+        lea     rax, [rbp + 20h + 8 + 8]
+        mov     [rdi + BS3TRAPFRAME.uHandlerRsp], rax
+        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], rax
+
+        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], rcx
+
+        mov     ax, [rbp - 20h]
+        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], ax
+
+        mov     [rdi + BS3TRAPFRAME.uHandlerSs], ss
 
         ;
@@ -232 +181 @@
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.r14], r14
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.r15], r15
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], ds
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.es], es
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], fs
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], gs
-        lea     rax, [rbp + 8h]
-        mov     [rdi + BS3TRAPFRAME.uHandlerRsp], rax
-        mov     [rdi + BS3TRAPFRAME.uHandlerSs], ss
-
-        ;
-        ; Load 32-bit data selector for the DPL we're executing at into DS, ES and SS.
-        ; Save the handler CS value first.
-        ;
-        mov     ax, cs
-        mov     [rdi + BS3TRAPFRAME.uHandlerCs], ax
-        AssertCompile(BS3_SEL_RING_SHIFT == 8)
-        and     al, 3
-        mov     ah, al
-        add     ax, BS3_SEL_R0_DS64
-        mov     ds, ax
+
+        ;
+        ; Load the SS selector into ES.
+        ;
+        mov     ax, ss
         mov     es, ax
-        mov     ss, ax
 
         ;
@@ -259 +196 @@
         mov     al, [BS3_DATA16_WRT(g_bBs3CurrentMode)]
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], al
-        and     al, ~BS3_MODE_CODE_MASK
-        or      al, BS3_MODE_CODE_64
-        mov     [BS3_DATA16_WRT(g_bBs3CurrentMode)], al
-
-        ;
-        ; Copy iret info.  Bless AMD for only doing one 64-bit iret frame layout.
-        ;
-        mov     rcx, [rbp + 08]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], rcx
-        mov     cx,  [rbp + 10h]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], cx
-        and     cl, 3
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], cl
-        mov     rcx, [rbp + 18h]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], rcx
-        mov     rcx, [rbp + 20h]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], rcx
-        mov     cx,  [rbp + 28h]
-        mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        mov     byte [rdi + BS3TRAPFRAME.cbIretFrame], 5*8
+        mov     byte [BS3_DATA16_WRT(g_bBs3CurrentMode)], BS3_MODE_LM64
 
         ;
@@ -287 +205 @@
         sldt    ax
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.ldtr], ax
-
-        mov     ax, ss
-        test    al, 3
-        jnz     .skip_crX_because_cpl_not_0
 
         mov     rax, cr0
@@ -300 +214 @@
         mov     rax, cr4
         mov     [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4], rax
-        jmp     .dispatch_to_handler
-
-.skip_crX_because_cpl_not_0:
-        or      byte [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.fbFlags], \
-                BS3REG_CTX_F_NO_CR0_IS_MSW | BS3REG_CTX_F_NO_CR2_CR3 | BS3REG_CTX_F_NO_CR4
-        smsw    [rdi + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0]
-
-        ;
-        ; Dispatch it to C code.
-        ;
-.dispatch_to_handler:                   ; The double fault code joins us here.
-        movzx   ebx, byte [rdi + BS3TRAPFRAME.bXcpt]
-        lea     rax, [BS3_DATA16_WRT(_g_apfnBs3TrapHandlers_c64)]
-        mov     rax, [rax + rbx * 8]
-        or      rax, rax
-        jnz     .call_handler
-        lea     rax, [BS3_WRT_RIP(Bs3TrapDefaultHandler)]
-.call_handler:
+
+        ;
+        ; There are no _g_apfnBs3TrapHandlers_c64 entries for syscalls, but call
+        ; Bs3TrapDefaultHandler to get the g_pBs3TrapSetJmpFrame handling & panic.
+        ;
         sub     rsp, 20h
         mov     [rsp], rdi
         mov     rcx, rdi
-        call    rax
+        call    Bs3TrapDefaultHandler
 
         ;
@@ -334 +235 @@
         hlt
         jmp     .panic
-BS3_PROC_END   Bs3Trap64GenericCommon
-
+BS3_PROC_END   Bs3Syscall64GenericCommon
+

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-TrapDefaultHandler.c

@@ -324 +324 @@
     /*
      * Fatal.
+     *
+     * Special case for #DB so we can get at the DRx values before we print anything,
+     * as a aid for debugging VT-x/AMD-V code getting these out of sync.
      */
-    Bs3TestPrintf("*** GURU ***\n");
-    Bs3TrapPrintFrame(pTrapFrame);
+    if (pTrapFrame->bXcpt != X86_XCPT_DB)
+    {
+        Bs3TestPrintf("*** GURU ***\n");
+        Bs3TrapPrintFrame(pTrapFrame);
+    }
+    else
+    {
+        Bs3TestPrintf("*** GURU ***\n"
+#if ARCH_BITS == 64
+                      "dr6=%08RX32 dr7=%08RX32 dr0=%08RX64\n"
+                      "dr1=%08RX64 dr2=%08RX64 dr3=%08RX64\n"
+#else
+                      "dr6=%08RX32 dr7=%08RX32 dr0=%08RX32 dr1=%08RX32 dr2=%08RX32 dr3=%08RX32\n"
+#endif
+                      , (uint32_t)Bs3RegGetDr6(), (uint32_t)Bs3RegGetDr7(),
+                      Bs3RegGetDr0(), Bs3RegGetDr1(), Bs3RegGetDr2(), Bs3RegGetDr3());
+        Bs3TrapPrintFrame(pTrapFrame);
+    }
     Bs3Panic();
 }

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit-mangling-code-define.h

@@ -196 +196 @@
 #define Bs3StrPrintfV BS3_CMN_MANGLER(Bs3StrPrintfV)
 #define Bs3SwitchFromV86To16BitAndCallC BS3_CMN_MANGLER(Bs3SwitchFromV86To16BitAndCallC)
+#define Bs3Syscall64Generic BS3_CMN_MANGLER(Bs3Syscall64Generic)
+#define Bs3Syscall64GenericCompatibility BS3_CMN_MANGLER(Bs3Syscall64GenericCompatibility)
 #define Bs3TestCheckExtCtx BS3_CMN_MANGLER(Bs3TestCheckExtCtx)
 #define Bs3TestCheckRegCtxEx BS3_CMN_MANGLER(Bs3TestCheckRegCtxEx)

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit-mangling-code-undef.h

@@ -196 +196 @@
 #undef Bs3StrPrintfV
 #undef Bs3SwitchFromV86To16BitAndCallC
+#undef Bs3Syscall64Generic
+#undef Bs3Syscall64GenericCompatibility
 #undef Bs3TestCheckExtCtx
 #undef Bs3TestCheckRegCtxEx

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit.h

@@ -3608 +3608 @@
 BS3_CMN_PROTO_STUB(void, Bs3TrapUnsetJmp,(void));
 
+/** Entry point for MSR_K8_LSTAR (64-bit).
+ * This hooks into the default Bs3TrapSetJmp logic. */
+BS3_CMN_PROTO_NOSB(void, Bs3Syscall64Generic,(void));
+/** The 32-bit FLAT address of Bs3Syscall64Generic (for 16-bit code). */
+extern uint32_t g_pfnBs3Syscall64GenericFlat;
+
+/** Entry point for MSR_K8_CSTAR (64-bit).
+ * This hooks into the default Bs3TrapSetJmp logic. */
+BS3_CMN_PROTO_NOSB(void, Bs3Syscall64GenericCompatibility,(void));
+/** The 32-bit FLAT address of Bs3Syscall64Generic (for 16-bit code). */
+extern uint32_t g_pfnBs3Syscall64GenericCompatibilityFlat;
+
+
 
 /**