Changeset 2030 in vbox for trunk

Timestamp:

Apr 11, 2007 1:33:28 PM (18 years ago)

Author:

vboxsync

Message:

Attempt to recreate patches who's dirty instruction(s) we can't correct.
Additional checks for dirty instructions that served as targets for trampoline patches.

Location:

trunk/src/VBox/VMM/PATM

Files:

• PATM.cpp (modified) (11 diffs)
• PATMInternal.h (modified) (5 diffs)
• PATMPatch.cpp (modified) (2 diffs)
• PATMPatch.h (modified) (1 diff)

trunk/src/VBox/VMM/PATM/PATM.cpp

@@ -233 +233 @@
     STAM_REG(pVM, &pVM->patm.s.StatPatchWriteInterpreted, STAMTYPE_COUNTER, "/PATM/Write/Interpreted/Success", STAMUNIT_OCCURENCES,  "Nr of interpreted patch writes.");
     STAM_REG(pVM, &pVM->patm.s.StatPatchWriteInterpretedFailed, STAMTYPE_COUNTER, "/PATM/Write/Interpreted/Failed", STAMUNIT_OCCURENCES,  "Nr of failed interpreted patch writes.");
+
+    STAM_REG(pVM, &pVM->patm.s.StatPatchRefreshSuccess, STAMTYPE_COUNTER, "/PATM/Refresh/Success",    STAMUNIT_OCCURENCES, "Successful patch refreshes");
+    STAM_REG(pVM, &pVM->patm.s.StatPatchRefreshFailed,  STAMTYPE_COUNTER, "/PATM/Refresh/Failure",    STAMUNIT_OCCURENCES, "Failed patch refreshes");
 
     STAM_REG(pVM, &pVM->patm.s.StatPatchPageInserted, STAMTYPE_COUNTER, "/PATM/Page/Inserted",      STAMUNIT_OCCURENCES,     "Nr of inserted guest pages that were patched");
@@ -1166 +1169 @@
     pPatchToGuestRec->pOrgInstrGC = pInstrGC;
     pPatchToGuestRec->enmType     = enmType;
-    pPatchToGuestRec->fDirty      = fDirty;
+    pPatchToGuestRec->fDirty     = fDirty;
 
     ret = RTAvlU32Insert(&pPatch->Patch2GuestAddrTree, &pPatchToGuestRec->Core);
@@ -3075 +3078 @@
  * @returns VBox status code.
  * @param   pVM         The VM to operate on.
- * @param   pCpu        Disassembly CPU structure ptr
  * @param   pInstrGC    Guest context point to privileged instruction
  * @param   pPatchRec   Patch record
  *
  */
-static int patmDuplicateFunction(PVM pVM, DISCPUSTATE *pCpu, RTGCPTR pInstrGC, PPATMPATCHREC pPatchRec)
+static int patmDuplicateFunction(PVM pVM, RTGCPTR pInstrGC, PPATMPATCHREC pPatchRec)
 {
     PPATCHINFO pPatch = &pPatchRec->patch;
@@ -3241 +3243 @@
                     pPatchTargetGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pInstrGC);
                     if (pPatchTargetGC)
+                    {
+                        uint32_t         offsetPatch      = pPatchTargetGC - pVM->patm.s.pPatchMemGC;
+                        PRECPATCHTOGUEST pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32GetBestFit(&pPatch->Patch2GuestAddrTree, offsetPatch, false);
+                        Assert(pPatchToGuestRec);
+
+                        pPatchToGuestRec->fJumpTarget = true;
+                        Assert(pPatchTargetGC != pPatch->pPrivInstrGC);
+                        Log(("patmCreateTrampoline: generating jump to code inside patch at %VGv\n", pPatch->pPrivInstrGC));
+                        pPatch->flags |= PATMFL_EXTERNAL_JUMP_INSIDE;
                         break;
+                    }
                 }
             }
@@ -4156 +4168 @@
     if (pPatchRec->patch.flags & (PATMFL_DUPLICATE_FUNCTION ))
     {
-        rc = patmDuplicateFunction(pVM, &cpu, pInstrGC, pPatchRec);
+        rc = patmDuplicateFunction(pVM, pInstrGC, pPatchRec);
     }
     else
@@ -4900 +4912 @@
             {
                 TRPMR3SetGuestTrapHandler(pVM, iGate, TRPM_INVALID_HANDLER);
-                LogRel(("Disabling IDT %x patch handler %VGv\n", iGate, pInstrGC));
+                LogRel(("PATM: Disabling IDT %x patch handler %VGv\n", iGate, pInstrGC));
             }
         }
@@ -5307 +5319 @@
 
 /**
+ * Attempt to refresh the patch by recompiling its entire code block
+ *
+ * @returns VBox status code.
+ * @param   pVM             The VM to operate on.
+ * @param   pPatchRec       Patch record
+ */
+int patmR3RefreshPatch(PVM pVM, PPATMPATCHREC pPatchRec)
+{
+    PPATCHINFO  pPatch;
+    int         rc;
+    RTGCPTR     pInstrGC = pPatchRec->patch.pPrivInstrGC;
+
+    Log(("patmR3RefreshPatch: attempt to refresh patch at %VGv\n", pInstrGC));
+
+    pPatch = &pPatchRec->patch;
+    AssertReturn(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAPHANDLER), VERR_PATCHING_REFUSED);
+    AssertReturn(!(pPatch->flags & PATMFL_EXTERNAL_JUMP_INSIDE), VERR_PATCHING_REFUSED);
+
+    /** Note: quite ugly to enable/disable/remove/insert old and new patches, but there's no easy way around it. */
+
+    rc = PATMR3DisablePatch(pVM, pInstrGC);
+    AssertRC(rc);
+
+    /** Kick it out of the lookup tree to make sure PATMR3InstallPatch doesn't fail (hack alert) */
+    RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pPatchRec->Core.Key);
+#ifdef VBOX_WITH_STATISTICS
+    if (PATM_STAT_INDEX_IS_VALID(pPatchRec->patch.uPatchIdx))
+    {
+        STAMR3Deregister(pVM, &pPatchRec->patch);
+#ifndef DEBUG_sandervl
+        STAMR3Deregister(pVM, &pVM->patm.s.pStatsHC[pPatchRec->patch.uPatchIdx]);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchBlockSize);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchJump);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cbPrivInstr);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cCodeWrites);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cInvalidWrites);
+        STAMR3Deregister(pVM, &pPatchRec->patch.cTraps);
+        STAMR3Deregister(pVM, &pPatchRec->patch.flags);
+        STAMR3Deregister(pVM, &pPatchRec->patch.nrJumpRecs);
+        STAMR3Deregister(pVM, &pPatchRec->patch.nrFixups);
+        STAMR3Deregister(pVM, &pPatchRec->patch.opcode);
+        STAMR3Deregister(pVM, &pPatchRec->patch.uState);
+        STAMR3Deregister(pVM, &pPatchRec->patch.uOldState);
+        STAMR3Deregister(pVM, &pPatchRec->patch.uOpMode);
+#endif
+    }
+#endif
+
+    /** Note: We don't attempt to reuse patch memory here as it's quite common that the new code block requires more memory. */
+
+    /* Attempt to install a new patch. */
+    rc = PATMR3InstallPatch(pVM, pInstrGC, pPatch->flags & (PATMFL_CODE32|PATMFL_IDTHANDLER|PATMFL_INTHANDLER|PATMFL_TRAPHANDLER|PATMFL_DUPLICATE_FUNCTION|PATMFL_TRAPHANDLER_WITH_ERRORCODE|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT));
+    if (VBOX_SUCCESS(rc))
+    {
+        RTGCPTR         pPatchTargetGC;
+        PPATMPATCHREC   pNewPatchRec;
+
+        /* Determine target address in new patch */
+        pPatchTargetGC = PATMR3QueryPatchGCPtr(pVM, pInstrGC);
+        Assert(pPatchTargetGC);
+        if (!pPatchTargetGC)
+        {
+            rc = VERR_PATCHING_REFUSED;
+            goto failure;
+        }
+
+        /* Reset offset into patch memory to put the next code blocks right at the beginning. */
+        pPatch->uCurPatchOffset   = 0;
+
+        /* insert jump to new patch in old patch block */
+        rc = patmPatchGenPatchJump(pVM, pPatch, pInstrGC, pPatchTargetGC, false /* no lookup record */);
+        if (VBOX_FAILURE(rc))
+            goto failure;
+
+        pNewPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
+        Assert(pNewPatchRec); /* can't fail */
+
+        /* Remove old patch (only do that when everything is finished) */
+        int rc2 = PATMRemovePatch(pVM, pPatchRec, true /* force removal */);
+        AssertRC(rc2);
+
+        /* Put the new patch back into the tree, because removing the old one kicked this one out. (hack alert) */
+        RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTree, &pNewPatchRec->Core);
+
+        LogRel(("PATM: patmR3RefreshPatch: succeeded to refresh patch at %VGv \n", pInstrGC));
+        STAM_COUNTER_INC(&pVM->patm.s.StatPatchRefreshSuccess);
+    }
+
+failure:
+    if (VBOX_FAILURE(rc))
+    {
+        LogRel(("PATM: patmR3RefreshPatch: failed to refresh patch at %VGv. Reactiving old one. \n", pInstrGC));
+
+        /* Remove the new inactive patch */
+        rc = PATMR3RemovePatch(pVM, pInstrGC);
+        AssertRC(rc);
+
+        /* Put the old patch back into the tree (or else it won't be saved) (hack alert) */
+        RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTree, &pPatchRec->Core);
+
+        /* Enable again in case the dirty instruction is near the end and there are safe code paths. */
+        int rc2 = PATMR3EnablePatch(pVM, pInstrGC);
+        AssertRC(rc2);
+
+        STAM_COUNTER_INC(&pVM->patm.s.StatPatchRefreshFailed);
+    }
+    return rc;
+}
+
+/**
  * Find patch for privileged instruction at specified location
  *
@@ -5614 +5736 @@
     while (true)
     {
+        if (pRec->fJumpTarget)
+        {
+            LogRel(("PATM: patmR3HandleDirtyInstr: dirty instruction at %VGv (%VGv) ignored, because instruction in function was reused as target of jump\n", pEip, pPatchToGuestRec->pOrgInstrGC));
+            pRec->fDirty = false;
+            return VERR_PATCHING_REFUSED;
+        }
+
         /* Restore original instruction opcode byte so we can check if the write was indeed safe. */
         pCurPatchInstrHC  = patmPatchGCPtr2PatchHCPtr(pVM, pCurPatchInstrGC);
@@ -5620 +5749 @@
         /* Only harmless instructions are acceptable. */
         rc = CPUMR3DisasmInstrCPU(pVM, pCtx, pCurPatchInstrGC, &CpuOld, 0);
-        if (VBOX_FAILURE(rc) || !(CpuOld.pCurInstr->optype & OPTYPE_HARMLESS))
+        if (    VBOX_FAILURE(rc) 
+            ||  !(CpuOld.pCurInstr->optype & OPTYPE_HARMLESS))
             break;
 
@@ -5729 +5859 @@
         /* Mark the whole instruction stream with breakpoints. */
         memset(pPatchInstrHC, 0xCC, cbDirty);
+
+        if (    pVM->patm.s.fOutOfMemory == false
+            &&  (pPatch->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAPHANDLER)))
+        {
+            rc = patmR3RefreshPatch(pVM, pPatch);
+            if (VBOX_FAILURE(rc))
+            {
+                LogRel(("PATM: Failed to refresh dirty patch at %VGv. Disabling it.\n", pPatch->patch.pPrivInstrGC));
+            }
+            /* Even if we succeed, we must go back to the original instruction as the patched one could be invalid. */
+            rc = VERR_PATCHING_REFUSED;
+        }
     }
     return rc;
@@ -5873 +6015 @@
         }
         else
+        {
+            /* Reset the PATM stack. */
+            CTXSUFF(pVM->patm.s.pGCState)->Psp = PATM_STACK_SIZE;
+
             rc = VINF_SUCCESS;  /* Continue at original instruction. */
+        }
 
         *ppNewEip = pNewEip;

trunk/src/VBox/VMM/PATM/PATMInternal.h

@@ -37 +37 @@
 
 
-#define PATM_SSM_VERSION                    52
+#define PATM_SSM_VERSION                    53
 
 /* Enable for call patching. */
@@ -70 +70 @@
 #define PATMFL_MUST_INSTALL_PATCHJMP        BIT64(31) /** Need to patch guest code in order to activate patch. */
 #define PATMFL_INT3_REPLACEMENT_BLOCK       BIT64(32) /** int 3 replacement block */
+#define PATMFL_EXTERNAL_JUMP_INSIDE         BIT64(33) /** A trampoline patch was created that jumps to an instruction in the patch block */
 
 #define SIZEOF_NEARJUMP8                   2 //opcode byte + 1 byte relative offset
@@ -90 +91 @@
 #define PATM_MAX_CALL_DEPTH                32
 /* Maximum nr of writes before a patch is marked dirty. (disabled) */
-#define PATM_MAX_CODE_WRITES               16
+#define PATM_MAX_CODE_WRITES               32
 /* Maximum nr of invalid writes before a patch is disabled. */
 #define PATM_MAX_INVALID_WRITES            16384
@@ -178 +179 @@
     PATM_LOOKUP_TYPE enmType;
     bool             fDirty;
+    bool             fJumpTarget;
     uint8_t          u8DirtyOpcode;  /* original opcode before writing 0xCC there to mark it dirty */
 } RECPATCHTOGUEST, *PRECPATCHTOGUEST;
@@ -485 +487 @@
     STAMCOUNTER             StatPatchPageRemoved;
 
+    STAMCOUNTER             StatPatchRefreshSuccess;
+    STAMCOUNTER             StatPatchRefreshFailed;
+
     STAMCOUNTER             StatGenRet;
     STAMCOUNTER             StatGenRetReused;

trunk/src/VBox/VMM/PATM/PATMPatch.cpp

@@ -1531 +1531 @@
  * Relative jump from patch code to patch code (no fixup required)
  */
-int patmPatchGenPatchJump(PVM pVM, PPATCHINFO pPatch, RTGCPTR pCurInstrGC, GCPTRTYPE(uint8_t *)pPatchAddrGC)
+int patmPatchGenPatchJump(PVM pVM, PPATCHINFO pPatch, RTGCPTR pCurInstrGC, GCPTRTYPE(uint8_t *)pPatchAddrGC, bool fAddLookupRecord)
 {
     int32_t displ;
@@ -1539 +1539 @@
     PATCHGEN_PROLOG(pVM, pPatch);
 
-    /* Add lookup record for patch to guest address translation */
-    patmr3AddP2GLookupRecord(pVM, pPatch, pPB, pCurInstrGC, PATM_LOOKUP_PATCH2GUEST);
+    if (fAddLookupRecord)
+    {
+        /* Add lookup record for patch to guest address translation */
+        patmr3AddP2GLookupRecord(pVM, pPatch, pPB, pCurInstrGC, PATM_LOOKUP_PATCH2GUEST);
+    }
 
     pPB[0] = 0xE9;  //JMP

trunk/src/VBox/VMM/PATM/PATMPatch.h

@@ -46 +46 @@
 int patmPatchGenRet(PVM pVM, PPATCHINFO pPatch, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pCurInstrGC);
 
-int patmPatchGenPatchJump(PVM pVM, PPATCHINFO pPatch, RTGCPTR pCurInstrGC, GCPTRTYPE(uint8_t *)pPatchAddrGC);
+int patmPatchGenPatchJump(PVM pVM, PPATCHINFO pPatch, RTGCPTR pCurInstrGC, GCPTRTYPE(uint8_t *)pPatchAddrGC, bool fAddLookupRecord = true);
 
 /**