Changeset 1086 in vbox for trunk

Timestamp:

Feb 28, 2007 8:36:20 AM (18 years ago)

Author:

vboxsync

Message:

Corrected assumptions about flat addresses

Location:

trunk/src/VBox/VMM/PATM

Files:

• CSAM.cpp (modified) (2 diffs)
• PATM.cpp (modified) (5 diffs)
• PATMA.asm (modified) (14 diffs)

trunk/src/VBox/VMM/PATM/CSAM.cpp

@@ -2032 +2032 @@
  * @returns VBox status code.
  * @param   pVM         The VM to operate on.
- * @param   pCtx        CPU context
+ * @param   Sel         selector
+ * @param   pHiddenSel  The hidden selector register.
  * @param   pInstrGC    Instruction pointer
  */
-CSAMR3DECL(int) CSAMR3CheckCode(PVM pVM, PCPUMCTX pCtx, RTGCPTR pInstrGC)
+CSAMR3DECL(int) CSAMR3CheckCodeEx(PVM pVM, RTSEL Sel, CPUMSELREGHID *pHiddenSel, RTGCPTR pInstrGC)
+{
+    PCSAMPAGE pPage = NULL;
+
+    if (EMIsRawRing0Enabled(pVM) == false || PATMIsPatchGCAddr(pVM, pInstrGC) == true)
+    {
+        // No use
+        return VINF_SUCCESS;
+    }
+
+    if (CSAMIsEnabled(pVM))
+    {
+        bool fCode32 = SELMIsSelector32Bit(pVM, Sel, pHiddenSel);
+
+        //assuming 32 bits code for now
+        Assert(fCode32);
+
+        pInstrGC = SELMToFlat(pVM, Sel, pHiddenSel, pInstrGC);
+
+        return CSAMR3CheckCode(pVM, pInstrGC);
+    }
+    return VINF_SUCCESS;
+}
+
+/**
+ * Scan and analyse code
+ *
+ * @returns VBox status code.
+ * @param   pVM         The VM to operate on.
+ * @param   pInstrGC    Instruction pointer (0:32 virtual address)
+ */
+CSAMR3DECL(int) CSAMR3CheckCode(PVM pVM, RTGCPTR pInstrGC)
 {
     int rc;
@@ -2050 +2082 @@
         // Cache record for PATMGCVirtToHCVirt
         CSAMP2GLOOKUPREC cacheRec = {0};
-        bool fCode32 = SELMIsSelector32Bit(pVM, pCtx->cs, &pCtx->csHid);
-
-        //assuming 32 bits code for now
-        Assert(fCode32);
-
-        pInstrGC = SELMToFlat(pVM, pCtx->cs, &pCtx->csHid, pInstrGC);
 
         STAM_PROFILE_START(&pVM->csam.s.StatTime, a);
-        rc = csamAnalyseCallCodeStream(pVM, pInstrGC, pInstrGC, fCode32, CSAMR3AnalyseCallback, pPage, &cacheRec);
+        rc = csamAnalyseCallCodeStream(pVM, pInstrGC, pInstrGC, true /* 32 bits code */, CSAMR3AnalyseCallback, pPage, &cacheRec);
         STAM_PROFILE_STOP(&pVM->csam.s.StatTime, a);
         if (rc != VINF_SUCCESS)

trunk/src/VBox/VMM/PATM/PATM.cpp

@@ -3336 +3336 @@
 
     pBranchTarget = pCtx->edx;
+    pBranchTarget = SELMToFlat(pVM, pCtx->cs, &pCtx->csHid, pBranchTarget);
 
     /* First we check if the duplicate function target lies in some existing function patch already. Will save some space. */
@@ -3901 +3902 @@
  * @returns VBox status code.
  * @param   pVM         The VM to operate on.
- * @param   pInstr      Guest context point to privileged instruction
+ * @param   pInstr      Guest context point to privileged instruction (0:32 flat address)
  * @param   flags       Patch flags
  *
@@ -3909 +3910 @@
 {
     DISCPUSTATE cpu;
-    PCPUMCTX    pCtx;
     HCPTRTYPE(uint8_t *) pInstrHC;
     uint32_t opsize;
@@ -3925 +3925 @@
         return VERR_PATCHING_REFUSED;
 
-    CPUMQueryGuestCtxPtr(pVM, &pCtx);
-
     /* Test for patch conflict only with patches that actually change guest code. */
     if (!(flags & (PATMFL_GUEST_SPECIFIC|PATMFL_IDTHANDLER|PATMFL_INTHANDLER|PATMFL_TRAMPOLINE)))
@@ -3947 +3945 @@
         return VERR_PATCHING_REFUSED;
 
+#ifdef VBOX_STRICT
+    PCPUMCTX pCtx = 0;
+
+    CPUMQueryGuestCtxPtr(pVM, &pCtx);
+
+    if (    !pCtx->eflags.Bits.u1VM
+        &&  (pCtx->ss & X86_SEL_RPL) == 0)
+    {
+        RTGCPTR pInstrGCFlat = SELMToFlat(pVM, pCtx->cs, &pCtx->csHid, pInstrGC);
+        Assert(pInstrGCFlat == pInstrGC);
+    }
+#endif
+
     /** @note the OpenBSD specific check will break if we allow additional patches to be installed (int 3)) */
     if (!(flags & PATMFL_GUEST_SPECIFIC))
     {
         /* New code. Make sure CSAM has a go at it first. */
-        CSAMR3CheckCode(pVM, pCtx, pInstrGC);
+        CSAMR3CheckCode(pVM, pInstrGC);
     }
 

trunk/src/VBox/VMM/PATM/PATMA.asm

@@ -41 +41 @@
 ; Noisy, but useful for debugging certain problems
 ;;;%define PATM_LOG_PATCHINSTR
+%define PATM_LOG_PATCHIRET
 %endif
 
@@ -378 +379 @@
 ; Trampoline code for trap entry (without error code on the stack)
 ;
+; esp + 32 - GS         (V86 only)
+; esp + 28 - FS         (V86 only)
+; esp + 24 - DS         (V86 only)
+; esp + 20 - ES         (V86 only)
 ; esp + 16 - SS         (if transfer to inner ring)
 ; esp + 12 - ESP        (if transfer to inner ring)
@@ -388 +393 @@
     mov     dword [ss:PATM_INTERRUPTFLAG], 0
     pushf
+
+    test    dword [esp+12], X86_EFL_VM
+    jnz     PATMTrapNoRing1
 
     ; make sure the saved CS selector for ring 1 is made 0
@@ -433 +441 @@
 ; Trampoline code for trap entry (with error code on the stack)
 ;
+; esp + 36 - GS         (V86 only)
+; esp + 32 - FS         (V86 only)
+; esp + 28 - DS         (V86 only)
+; esp + 24 - ES         (V86 only)
 ; esp + 20 - SS         (if transfer to inner ring)
 ; esp + 16 - ESP        (if transfer to inner ring)
@@ -444 +456 @@
     mov     dword [ss:PATM_INTERRUPTFLAG], 0
     pushf
+
+    test    dword [esp+16], X86_EFL_VM
+    jnz     PATMTrapErrorCodeNoRing1
 
     ; make sure the saved CS selector for ring 1 is made 0
@@ -490 +505 @@
 ; Trampoline code for interrupt gate entry (without error code on the stack)
 ;
+; esp + 32 - GS         (V86 only)
+; esp + 28 - FS         (V86 only)
+; esp + 24 - DS         (V86 only)
+; esp + 20 - ES         (V86 only)
 ; esp + 16 - SS         (if transfer to inner ring)
 ; esp + 12 - ESP        (if transfer to inner ring)
@@ -500 +519 @@
     mov     dword [ss:PATM_INTERRUPTFLAG], 0
     pushf
+
+    test    dword [esp+12], X86_EFL_VM
+    jnz     PATMIntNoRing1
 
     ; make sure the saved CS selector for ring 1 is made 0
@@ -542 +564 @@
 ; Trampoline code for interrupt gate entry (*with* error code on the stack)
 ;
+; esp + 36 - GS         (V86 only)
+; esp + 32 - FS         (V86 only)
+; esp + 28 - DS         (V86 only)
+; esp + 24 - ES         (V86 only)
 ; esp + 20 - SS         (if transfer to inner ring)
 ; esp + 16 - ESP        (if transfer to inner ring)
@@ -553 +579 @@
     mov     dword [ss:PATM_INTERRUPTFLAG], 0
     pushf
+
+    test    dword [esp+16], X86_EFL_VM
+    jnz     PATMIntNoRing1_ErrorCode
 
     ; make sure the saved CS selector for ring 1 is made 0
@@ -1070 +1099 @@
     pushfd
 
-%ifdef PATM_LOG_PATCHINSTR
+%ifdef PATM_LOG_PATCHIRET
     push    eax
     push    ecx
@@ -1085 +1114 @@
 
     test    dword [esp], X86_EFL_NT
-    jnz near iret_fault1
+    jnz     iret_fault1
 
     test    dword [esp+12], X86_EFL_VM
-    jnz near iret_fault
+    jnz     iret_notring0
 
     ;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@@ -1098 +1127 @@
 
     test    dword [esp+12], X86_EFL_IF
-    jz near iret_clearIF
+    jz      iret_clearIF
 
     ; if interrupts are pending, then we must go back to the host context to handle them!
@@ -1217 +1246 @@
     DD      0
     DD      PATMIretEnd- PATMIretStart
-%ifdef PATM_LOG_PATCHINSTR
+%ifdef PATM_LOG_PATCHIRET
     DD      22
 %else
@@ -1224 +1253 @@
     DD      PATM_INTERRUPTFLAG
     DD      0
-%ifdef PATM_LOG_PATCHINSTR
+%ifdef PATM_LOG_PATCHIRET
     DD      PATM_PENDINGACTION
     DD      0