Changeset 21196 in vbox for trunk/src

Timestamp:

Jul 3, 2009 12:57:21 PM (16 years ago)

Author:

vboxsync

Message:

Break up raw mode and hwacc EM parts.

Location:

trunk/src/VBox/VMM

Files:

: 2 added
: 9 edited

EM.cpp (modified) (8 diffs)
EMHandleRCTmpl.h (modified) (13 diffs)
EMHwaccm.cpp (added)
EMInternal.h (modified) (1 diff)
EMRaw.cpp (added)
Makefile.kmk (modified) (1 diff)
VMM.cpp (modified) (2 diffs)
VMMInternal.h (modified) (2 diffs)
VMMR0/HWSVMR0.cpp (modified) (1 diff)
VMMR0/HWVMXR0.cpp (modified) (3 diffs)
VMMR0/VMMR0.cpp (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/VMM/EM.cpp

-              r21191
+              r21196
 #include <VBox/dbgf.h>
-#include <VBox/log.h>
-#include <iprt/thread.h>
-#include <iprt/assert.h>
-#include <iprt/asm.h>
-#include <iprt/semaphore.h>
 #include <iprt/string.h>
-#include <iprt/avl.h>
 #include <iprt/stream.h>
-#include <VBox/param.h>
-#include <VBox/err.h>
 …
 static int emR3RemStep(PVM pVM, PVMCPU pVCpu);
 static int emR3RemExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone);
-static int emR3RawResumeHyper(PVM pVM, PVMCPU pVCpu);
-static int emR3RawStep(PVM pVM, PVMCPU pVCpu);
-DECLINLINE(int) emR3RawUpdateForceFlag(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc);
-static int emR3RawForcedActions(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
-static int emR3RawExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone);
 DECLINLINE(int) emR3RawExecuteInstruction(PVM pVM, PVMCPU pVCpu, const char *pszPrefix, int rcGC = VINF_SUCCESS);
+static int emR3HighPriorityPostForcedActions(PVM pVM, PVMCPU pVCpu, int rc);
+static int emR3ForcedActions(PVM pVM, PVMCPU pVCpu, int rc);
+static int emR3RawGuestTrap(PVM pVM, PVMCPU pVCpu);
+static int emR3PatchTrap(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int gcret);
+int emR3HighPriorityPostForcedActions(PVM pVM, PVMCPU pVCpu, int rc);
 static int emR3SingleStepExecRem(PVM pVM, uint32_t cIterations);
+static int emR3RawPrivileged(PVM pVM, PVMCPU pVCpu);
+static int emR3RawExecuteIOInstruction(PVM pVM, PVMCPU pVCpu);
+static int emR3RawRingSwitch(PVM pVM, PVMCPU pVCpu);
+static EMSTATE emR3Reschedule(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
+#define EMHANDLERC_WITH_PATM
+#define EMHANDLERC_NAME     emR3RawHandleRC
+#include "EMHandleRCTmpl.h"
+#define EMHANDLERC_NAME     emR3HwaccmHandleRC
+#include "EMHandleRCTmpl.h"
 /**
 …
 /**
- * Enables or disables a set of raw-mode execution modes.
+ *
- * @returns VINF_SUCCESS on success.
- * @returns VINF_RESCHEDULE if a rescheduling might be required.
- * @returns VERR_INVALID_PARAMETER on an invalid enmMode value.
+ *
- * @param   pVM         The VM to operate on.
- * @param   enmMode     The execution mode change.
- * @thread  The emulation thread.
- */
-VMMR3DECL(int) EMR3RawSetMode(PVM pVM, EMRAWMODE enmMode)
+{
-    switch (enmMode)
+    {
-        case EMRAW_NONE:
-            pVM->fRawR3Enabled = false;
-            pVM->fRawR0Enabled = false;
-            break;
-        case EMRAW_RING3_ENABLE:
-            pVM->fRawR3Enabled = true;
-            break;
-        case EMRAW_RING3_DISABLE:
-            pVM->fRawR3Enabled = false;
-            break;
-        case EMRAW_RING0_ENABLE:
-            pVM->fRawR0Enabled = true;
-            break;
-        case EMRAW_RING0_DISABLE:
-            pVM->fRawR0Enabled = false;
-            break;
-        default:
-            AssertMsgFailed(("Invalid enmMode=%d\n", enmMode));
-            return VERR_INVALID_PARAMETER;
+    }
-    Log(("EMR3SetRawMode: fRawR3Enabled=%RTbool fRawR0Enabled=%RTbool\n",
-          pVM->fRawR3Enabled, pVM->fRawR0Enabled));
-    return pVM->aCpus[0].em.s.enmState == EMSTATE_RAW ? VINF_EM_RESCHEDULE : VINF_SUCCESS;
+}
-/**
  * Raise a fatal error.
+ *
 …
-/**
- * Resumes executing hypervisor after a debug event.
+ *
- * This is kind of special since our current guest state is
- * potentially out of sync.
+ *
- * @returns VBox status code.
- * @param   pVM     The VM handle.
- * @param   pVCpu   The VMCPU handle.
- */
-static int emR3RawResumeHyper(PVM pVM, PVMCPU pVCpu)
+{
-    int         rc;
-    PCPUMCTX    pCtx = pVCpu->em.s.pCtx;
-    Assert(pVCpu->em.s.enmState == EMSTATE_DEBUG_HYPER);
-    Log(("emR3RawResumeHyper: cs:eip=%RTsel:%RGr efl=%RGr\n", pCtx->cs, pCtx->eip, pCtx->eflags));
-    /*
-     * Resume execution.
-     */
-    CPUMRawEnter(pVCpu, NULL);
-    CPUMSetHyperEFlags(pVCpu, CPUMGetHyperEFlags(pVCpu) | X86_EFL_RF);
-    rc = VMMR3ResumeHyper(pVM, pVCpu);
-    Log(("emR3RawStep: cs:eip=%RTsel:%RGr efl=%RGr - returned from GC with rc=%Rrc\n", pCtx->cs, pCtx->eip, pCtx->eflags, rc));
-    rc = CPUMRawLeave(pVCpu, NULL, rc);
-    VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_RESUME_GUEST_MASK);
-    /*
-     * Deal with the return code.
-     */
-    rc = emR3HighPriorityPostForcedActions(pVM, pVCpu, rc);
-    rc = emR3RawHandleRC(pVM, pVCpu, pCtx, rc);
-    rc = emR3RawUpdateForceFlag(pVM, pVCpu, pCtx, rc);
-    return rc;
+}
-/**
- * Steps rawmode.
+ *
- * @returns VBox status code.
- * @param   pVM     The VM handle.
- * @param   pVCpu   The VMCPU handle.
- */
-static int emR3RawStep(PVM pVM, PVMCPU pVCpu)
+{
-    Assert(   pVCpu->em.s.enmState == EMSTATE_DEBUG_HYPER
-           || pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_RAW
-           || pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_REM);
-    int         rc;
-    PCPUMCTX    pCtx   = pVCpu->em.s.pCtx;
-    bool        fGuest = pVCpu->em.s.enmState != EMSTATE_DEBUG_HYPER;
-#ifndef DEBUG_sandervl
-    Log(("emR3RawStep: cs:eip=%RTsel:%RGr efl=%RGr\n", fGuest ? CPUMGetGuestCS(pVCpu) : CPUMGetHyperCS(pVCpu),
-         fGuest ? CPUMGetGuestEIP(pVCpu) : CPUMGetHyperEIP(pVCpu), fGuest ? CPUMGetGuestEFlags(pVCpu) : CPUMGetHyperEFlags(pVCpu)));
-#endif
-    if (fGuest)
+    {
-        /*
-         * Check vital forced actions, but ignore pending interrupts and timers.
-         */
-        if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_PRE_RAW_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+        {
-            rc = emR3RawForcedActions(pVM, pVCpu, pCtx);
-            if (rc != VINF_SUCCESS)
-                return rc;
+        }
-        /*
-         * Set flags for single stepping.
-         */
-        CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) | X86_EFL_TF | X86_EFL_RF);
+    }
-    else
-        CPUMSetHyperEFlags(pVCpu, CPUMGetHyperEFlags(pVCpu) | X86_EFL_TF | X86_EFL_RF);
-    /*
-     * Single step.
-     * We do not start time or anything, if anything we should just do a few nanoseconds.
-     */
-    CPUMRawEnter(pVCpu, NULL);
-    do
+    {
-        if (pVCpu->em.s.enmState == EMSTATE_DEBUG_HYPER)
-            rc = VMMR3ResumeHyper(pVM, pVCpu);
-        else
-            rc = VMMR3RawRunGC(pVM, pVCpu);
-#ifndef DEBUG_sandervl
-        Log(("emR3RawStep: cs:eip=%RTsel:%RGr efl=%RGr - GC rc %Rrc\n", fGuest ? CPUMGetGuestCS(pVCpu) : CPUMGetHyperCS(pVCpu),
-             fGuest ? CPUMGetGuestEIP(pVCpu) : CPUMGetHyperEIP(pVCpu), fGuest ? CPUMGetGuestEFlags(pVCpu) : CPUMGetHyperEFlags(pVCpu), rc));
-#endif
-    } while (   rc == VINF_SUCCESS
-             || rc == VINF_EM_RAW_INTERRUPT);
-    rc = CPUMRawLeave(pVCpu, NULL, rc);
-    VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_RESUME_GUEST_MASK);
-    /*
-     * Make sure the trap flag is cleared.
-     * (Too bad if the guest is trying to single step too.)
-     */
-    if (fGuest)
-        CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) & ~X86_EFL_TF);
-    else
-        CPUMSetHyperEFlags(pVCpu, CPUMGetHyperEFlags(pVCpu) & ~X86_EFL_TF);
-    /*
-     * Deal with the return codes.
-     */
-    rc = emR3HighPriorityPostForcedActions(pVM, pVCpu, rc);
-    rc = emR3RawHandleRC(pVM, pVCpu, pCtx, rc);
-    rc = emR3RawUpdateForceFlag(pVM, pVCpu, pCtx, rc);
-    return rc;
+}
 #ifdef DEBUG
-/**
- * Steps hardware accelerated mode.
+ *
- * @returns VBox status code.
- * @param   pVM     The VM handle.
- * @param   pVCpu   The VMCPU handle.
- */
-static int emR3HwAccStep(PVM pVM, PVMCPU pVCpu)
+{
-    Assert(pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_HWACC);
-    int         rc;
-    PCPUMCTX    pCtx   = pVCpu->em.s.pCtx;
-    VMCPU_FF_CLEAR(pVCpu, (VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT | VMCPU_FF_TRPM_SYNC_IDT | VMCPU_FF_SELM_SYNC_TSS));
-    /*
-     * Check vital forced actions, but ignore pending interrupts and timers.
-     */
-    if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_PRE_RAW_MASK)
-        ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+    {
-        rc = emR3RawForcedActions(pVM, pVCpu, pCtx);
-        if (rc != VINF_SUCCESS)
-            return rc;
+    }
-    /*
-     * Set flags for single stepping.
-     */
-    CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) | X86_EFL_TF | X86_EFL_RF);
-    /*
-     * Single step.
-     * We do not start time or anything, if anything we should just do a few nanoseconds.
-     */
-    do
+    {
-        rc = VMMR3HwAccRunGC(pVM, pVCpu);
-    } while (   rc == VINF_SUCCESS
-             || rc == VINF_EM_RAW_INTERRUPT);
-    VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_RESUME_GUEST_MASK);
-    /*
-     * Make sure the trap flag is cleared.
-     * (Too bad if the guest is trying to single step too.)
-     */
-    CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) & ~X86_EFL_TF);
-    /*
-     * Deal with the return codes.
-     */
-    rc = emR3HighPriorityPostForcedActions(pVM, pVCpu, rc);
-    rc = emR3HwaccmHandleRC(pVM, pVCpu, pCtx, rc);
-    rc = emR3RawUpdateForceFlag(pVM, pVCpu, pCtx, rc);
-    return rc;
+}
-int emR3SingleStepExecRaw(PVM pVM, PVMCPU pVCpu, uint32_t cIterations)
+{
-    int     rc          = VINF_SUCCESS;
-    EMSTATE enmOldState = pVCpu->em.s.enmState;
-    pVCpu->em.s.enmState  = EMSTATE_DEBUG_GUEST_RAW;
-    Log(("Single step BEGIN:\n"));
-    for (uint32_t i = 0; i < cIterations; i++)
+    {
-        DBGFR3PrgStep(pVCpu);
-        DBGFR3DisasInstrCurrentLog(pVCpu, "RSS: ");
-        rc = emR3RawStep(pVM, pVCpu);
-        if (rc != VINF_SUCCESS)
-            break;
+    }
-    Log(("Single step END: rc=%Rrc\n", rc));
-    CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) & ~X86_EFL_TF);
-    pVCpu->em.s.enmState = enmOldState;
-    return rc;
+}
-static int emR3SingleStepExecHwAcc(PVM pVM, PVMCPU pVCpu, uint32_t cIterations)
+{
-    int     rc          = VINF_SUCCESS;
-    EMSTATE enmOldState = pVCpu->em.s.enmState;
-    pVCpu->em.s.enmState  = EMSTATE_DEBUG_GUEST_HWACC;
-    Log(("Single step BEGIN:\n"));
-    for (uint32_t i = 0; i < cIterations; i++)
+    {
-        DBGFR3PrgStep(pVCpu);
-        DBGFR3DisasInstrCurrentLog(pVCpu, "RSS: ");
-        rc = emR3HwAccStep(pVM, pVCpu);
-        if (    rc != VINF_SUCCESS
-            ||  !HWACCMR3CanExecuteGuest(pVM, pVCpu->em.s.pCtx))
-            break;
+    }
-    Log(("Single step END: rc=%Rrc\n", rc));
-    CPUMSetGuestEFlags(pVCpu, CPUMGetGuestEFlags(pVCpu) & ~X86_EFL_TF);
-    pVCpu->em.s.enmState = enmOldState;
-    return rc == VINF_SUCCESS ? VINF_EM_RESCHEDULE_REM : rc;
+}
 static int emR3SingleStepExecRem(PVM pVM, PVMCPU pVCpu, uint32_t cIterations)
 …
 /**
- * Executes one (or perhaps a few more) instruction(s).
+ *
- * @returns VBox status code suitable for EM.
+ *
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle
- * @param   rcGC        GC return code
- * @param   pszPrefix   Disassembly prefix. If not NULL we'll disassemble the
- *                      instruction and prefix the log output with this text.
- */
-#ifdef LOG_ENABLED
-static int emR3RawExecuteInstructionWorker(PVM pVM, PVMCPU pVCpu, int rcGC, const char *pszPrefix)
-#else
-static int emR3RawExecuteInstructionWorker(PVM pVM, PVMCPU pVCpu, int rcGC)
-#endif
+{
-    PCPUMCTX pCtx = pVCpu->em.s.pCtx;
-    int      rc;
-    /*
+     *
-     * The simple solution is to use the recompiler.
-     * The better solution is to disassemble the current instruction and
-     * try handle as many as possible without using REM.
+     *
-     */
-#ifdef LOG_ENABLED
-    /*
-     * Disassemble the instruction if requested.
-     */
-    if (pszPrefix)
+    {
-        DBGFR3InfoLog(pVM, "cpumguest", pszPrefix);
-        DBGFR3DisasInstrCurrentLog(pVCpu, pszPrefix);
+    }
-#endif /* LOG_ENABLED */
-    /*
-     * PATM is making life more interesting.
-     * We cannot hand anything to REM which has an EIP inside patch code. So, we'll
-     * tell PATM there is a trap in this code and have it take the appropriate actions
-     * to allow us execute the code in REM.
-     */
-    if (PATMIsPatchGCAddr(pVM, pCtx->eip))
+    {
-        Log(("emR3RawExecuteInstruction: In patch block. eip=%RRv\n", (RTRCPTR)pCtx->eip));
-        RTGCPTR pNewEip;
-        rc = PATMR3HandleTrap(pVM, pCtx, pCtx->eip, &pNewEip);
-        switch (rc)
+        {
-            /*
-             * It's not very useful to emulate a single instruction and then go back to raw
-             * mode; just execute the whole block until IF is set again.
-             */
-            case VINF_SUCCESS:
-                Log(("emR3RawExecuteInstruction: Executing instruction starting at new address %RGv IF=%d VMIF=%x\n",
-                     pNewEip, pCtx->eflags.Bits.u1IF, pVCpu->em.s.pPatmGCState->uVMFlags));
-                pCtx->eip = pNewEip;
-                Assert(pCtx->eip);
-                if (pCtx->eflags.Bits.u1IF)
+                {
-                    /*
-                     * The last instruction in the patch block needs to be executed!! (sti/sysexit for example)
-                     */
-                    Log(("PATCH: IF=1 -> emulate last instruction as it can't be interrupted!!\n"));
-                    return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIR");
+                }
-                else if (rcGC == VINF_PATM_PENDING_IRQ_AFTER_IRET)
+                {
-                    /* special case: iret, that sets IF,  detected a pending irq/event */
-                    return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIRET");
+                }
-                return VINF_EM_RESCHEDULE_REM;
-            /*
-             * One instruction.
-             */
-            case VINF_PATCH_EMULATE_INSTR:
-                Log(("emR3RawExecuteInstruction: Emulate patched instruction at %RGv IF=%d VMIF=%x\n",
-                     pNewEip, pCtx->eflags.Bits.u1IF, pVCpu->em.s.pPatmGCState->uVMFlags));
-                pCtx->eip = pNewEip;
-                return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIR");
-            /*
-             * The patch was disabled, hand it to the REM.
-             */
-            case VERR_PATCH_DISABLED:
-                Log(("emR3RawExecuteInstruction: Disabled patch -> new eip %RGv IF=%d VMIF=%x\n",
-                     pNewEip, pCtx->eflags.Bits.u1IF, pVCpu->em.s.pPatmGCState->uVMFlags));
-                pCtx->eip = pNewEip;
-                if (pCtx->eflags.Bits.u1IF)
+                {
-                    /*
-                     * The last instruction in the patch block needs to be executed!! (sti/sysexit for example)
-                     */
-                    Log(("PATCH: IF=1 -> emulate last instruction as it can't be interrupted!!\n"));
-                    return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIR");
+                }
-                return VINF_EM_RESCHEDULE_REM;
-            /* Force continued patch exection; usually due to write monitored stack. */
-            case VINF_PATCH_CONTINUE:
-                return VINF_SUCCESS;
-            default:
-                AssertReleaseMsgFailed(("Unknown return code %Rrc from PATMR3HandleTrap\n", rc));
-                return VERR_IPE_UNEXPECTED_STATUS;
+        }
+    }
-#if 0
-    /* Try our own instruction emulator before falling back to the recompiler. */
-    DISCPUSTATE Cpu;
-    rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &Cpu, "GEN EMU");
-    if (RT_SUCCESS(rc))
+    {
-        uint32_t size;
-        switch (Cpu.pCurInstr->opcode)
+        {
-        /* @todo we can do more now */
-        case OP_MOV:
-        case OP_AND:
-        case OP_OR:
-        case OP_XOR:
-        case OP_POP:
-        case OP_INC:
-        case OP_DEC:
-        case OP_XCHG:
-            STAM_PROFILE_START(&pVCpu->em.s.StatMiscEmu, a);
-            rc = EMInterpretInstructionCPU(pVM, &Cpu, CPUMCTX2CORE(pCtx), 0, &size);
-            if (RT_SUCCESS(rc))
+            {
-                pCtx->rip += Cpu.opsize;
-#ifdef EM_NOTIFY_HWACCM
-                if (pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_HWACC)
-                    HWACCMR3NotifyEmulated(pVCpu);
-#endif
-                STAM_PROFILE_STOP(&pVCpu->em.s.StatMiscEmu, a);
-                return rc;
+            }
-            if (rc != VERR_EM_INTERPRETER)
-                AssertMsgFailedReturn(("rc=%Rrc\n", rc), rc);
-            STAM_PROFILE_STOP(&pVCpu->em.s.StatMiscEmu, a);
-            break;
+        }
+    }
-#endif /* 0 */
-    STAM_PROFILE_START(&pVCpu->em.s.StatREMEmu, a);
-    Log(("EMINS: %04x:%RGv RSP=%RGv\n", pCtx->cs, (RTGCPTR)pCtx->rip, (RTGCPTR)pCtx->rsp));
-    EMRemLock(pVM);
-    /* Flush the recompiler TLB if the VCPU has changed. */
-    if (pVM->em.s.idLastRemCpu != pVCpu->idCpu)
-        CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_ALL);
-    pVM->em.s.idLastRemCpu = pVCpu->idCpu;
-    rc = REMR3EmulateInstruction(pVM, pVCpu);
-    EMRemUnlock(pVM);
-    STAM_PROFILE_STOP(&pVCpu->em.s.StatREMEmu, a);
-#ifdef EM_NOTIFY_HWACCM
-    if (pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_HWACC)
-        HWACCMR3NotifyEmulated(pVCpu);
-#endif
-    return rc;
+}
-/**
- * Executes one (or perhaps a few more) instruction(s).
- * This is just a wrapper for discarding pszPrefix in non-logging builds.
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle.
- * @param   pszPrefix   Disassembly prefix. If not NULL we'll disassemble the
- *                      instruction and prefix the log output with this text.
- * @param   rcGC        GC return code
- */
-DECLINLINE(int) emR3RawExecuteInstruction(PVM pVM, PVMCPU pVCpu, const char *pszPrefix, int rcGC)
+{
-#ifdef LOG_ENABLED
-    return emR3RawExecuteInstructionWorker(pVM, pVCpu, rcGC, pszPrefix);
-#else
-    return emR3RawExecuteInstructionWorker(pVM, pVCpu, rcGC);
-#endif
+}
-/**
- * Executes one (or perhaps a few more) IO instruction(s).
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle.
- */
-static int emR3RawExecuteIOInstruction(PVM pVM, PVMCPU pVCpu)
+{
-    int         rc;
-    PCPUMCTX    pCtx = pVCpu->em.s.pCtx;
-    STAM_PROFILE_START(&pVCpu->em.s.StatIOEmu, a);
-    /** @todo probably we should fall back to the recompiler; otherwise we'll go back and forth between HC & GC
-     *   as io instructions tend to come in packages of more than one
-     */
-    DISCPUSTATE Cpu;
-    rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &Cpu, "IO EMU");
-    if (RT_SUCCESS(rc))
+    {
-        rc = VINF_EM_RAW_EMULATE_INSTR;
-        if (!(Cpu.prefix & (PREFIX_REP | PREFIX_REPNE)))
+        {
-            switch (Cpu.pCurInstr->opcode)
+            {
-                case OP_IN:
+                {
-                    STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatIn);
-                    rc = IOMInterpretIN(pVM, CPUMCTX2CORE(pCtx), &Cpu);
-                    break;
+                }
-                case OP_OUT:
+                {
-                    STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatOut);
-                    rc = IOMInterpretOUT(pVM, CPUMCTX2CORE(pCtx), &Cpu);
-                    break;
+                }
+            }
+        }
-        else if (Cpu.prefix & PREFIX_REP)
+        {
-            switch (Cpu.pCurInstr->opcode)
+            {
-                case OP_INSB:
-                case OP_INSWD:
+                {
-                    STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatIn);
-                    rc = IOMInterpretINS(pVM, CPUMCTX2CORE(pCtx), &Cpu);
-                    break;
+                }
-                case OP_OUTSB:
-                case OP_OUTSWD:
+                {
-                    STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatOut);
-                    rc = IOMInterpretOUTS(pVM, CPUMCTX2CORE(pCtx), &Cpu);
-                    break;
+                }
+            }
+        }
-        /*
-         * Handled the I/O return codes.
-         * (The unhandled cases end up with rc == VINF_EM_RAW_EMULATE_INSTR.)
-         */
-        if (IOM_SUCCESS(rc))
+        {
-            pCtx->rip += Cpu.opsize;
-            STAM_PROFILE_STOP(&pVCpu->em.s.StatIOEmu, a);
-            return rc;
+        }
-        if (rc == VINF_EM_RAW_GUEST_TRAP)
+        {
-            STAM_PROFILE_STOP(&pVCpu->em.s.StatIOEmu, a);
-            rc = emR3RawGuestTrap(pVM, pVCpu);
-            return rc;
+        }
-        AssertMsg(rc != VINF_TRPM_XCPT_DISPATCHED, ("Handle VINF_TRPM_XCPT_DISPATCHED\n"));
-        if (RT_FAILURE(rc))
+        {
-            STAM_PROFILE_STOP(&pVCpu->em.s.StatIOEmu, a);
-            return rc;
+        }
-        AssertMsg(rc == VINF_EM_RAW_EMULATE_INSTR || rc == VINF_EM_RESCHEDULE_REM, ("rc=%Rrc\n", rc));
+    }
-    STAM_PROFILE_STOP(&pVCpu->em.s.StatIOEmu, a);
-    return emR3RawExecuteInstruction(pVM, pVCpu, "IO: ");
+}
-/**
- * Handle a guest context trap.
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle.
- */
-static int emR3RawGuestTrap(PVM pVM, PVMCPU pVCpu)
+{
-    PCPUMCTX pCtx = pVCpu->em.s.pCtx;
-    /*
-     * Get the trap info.
-     */
-    uint8_t         u8TrapNo;
-    TRPMEVENT       enmType;
-    RTGCUINT        uErrorCode;
-    RTGCUINTPTR     uCR2;
-    int rc = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrorCode, &uCR2);
-    if (RT_FAILURE(rc))
+    {
-        AssertReleaseMsgFailed(("No trap! (rc=%Rrc)\n", rc));
-        return rc;
+    }
-    /*
-     * Traps can be directly forwarded in hardware accelerated mode.
-     */
-    if (HWACCMIsEnabled(pVM))
+    {
-#ifdef LOGGING_ENABLED
-        DBGFR3InfoLog(pVM, "cpumguest", "Guest trap");
-        DBGFR3DisasInstrCurrentLog(pVCpu, "Guest trap");
-#endif
-        return VINF_EM_RESCHEDULE_HWACC;
+    }
-#if 1 /* Experimental: Review, disable if it causes trouble. */
-    /*
-     * Handle traps in patch code first.
+     *
-     * We catch a few of these cases in RC before returning to R3 (#PF, #GP, #BP)
-     * but several traps isn't handled specially by TRPM in RC and we end up here
-     * instead. One example is #DE.
-     */
-    uint32_t uCpl = CPUMGetGuestCPL(pVCpu, CPUMCTX2CORE(pCtx));
-    if (    uCpl == 0
-        &&  PATMIsPatchGCAddr(pVM, (RTGCPTR)pCtx->eip))
+    {
-        LogFlow(("emR3RawGuestTrap: trap %#x in patch code; eip=%08x\n", u8TrapNo, pCtx->eip));
-        return emR3PatchTrap(pVM, pVCpu, pCtx, rc);
+    }
-#endif
-    /*
-     * If the guest gate is marked unpatched, then we will check again if we can patch it.
-     * (This assumes that we've already tried and failed to dispatch the trap in
-     * RC for the gates that already has been patched. Which is true for most high
-     * volume traps, because these are handled specially, but not for odd ones like #DE.)
-     */
-    if (TRPMR3GetGuestTrapHandler(pVM, u8TrapNo) == TRPM_INVALID_HANDLER)
+    {
-        CSAMR3CheckGates(pVM, u8TrapNo, 1);
-        Log(("emR3RawHandleRC: recheck gate %x -> valid=%d\n", u8TrapNo, TRPMR3GetGuestTrapHandler(pVM, u8TrapNo) != TRPM_INVALID_HANDLER));
-        /* If it was successful, then we could go back to raw mode. */
-        if (TRPMR3GetGuestTrapHandler(pVM, u8TrapNo) != TRPM_INVALID_HANDLER)
+        {
-            /* Must check pending forced actions as our IDT or GDT might be out of sync. */
-            rc = EMR3CheckRawForcedActions(pVM, pVCpu);
-            AssertRCReturn(rc, rc);
-            TRPMERRORCODE enmError = uErrorCode != ~0U
-                                   ? TRPM_TRAP_HAS_ERRORCODE
-                                   : TRPM_TRAP_NO_ERRORCODE;
-            rc = TRPMForwardTrap(pVCpu, CPUMCTX2CORE(pCtx), u8TrapNo, uErrorCode, enmError, TRPM_TRAP, -1);
-            if (rc == VINF_SUCCESS /* Don't use RT_SUCCESS */)
+            {
-                TRPMResetTrap(pVCpu);
-                return VINF_EM_RESCHEDULE_RAW;
+            }
-            AssertMsg(rc == VINF_EM_RAW_GUEST_TRAP, ("%Rrc\n", rc));
+        }
+    }
-    /*
-     * Scan kernel code that traps; we might not get another chance.
-     */
-    /** @todo move this up before the dispatching? */
-    if (    (pCtx->ss & X86_SEL_RPL) <= 1
-        &&  !pCtx->eflags.Bits.u1VM)
+    {
-        Assert(!PATMIsPatchGCAddr(pVM, pCtx->eip));
-        CSAMR3CheckCodeEx(pVM, CPUMCTX2CORE(pCtx), pCtx->eip);
+    }
-    /*
-     * Trap specific handling.
-     */
-    if (u8TrapNo == 6) /* (#UD) Invalid opcode. */
+    {
-        /*
-         * If MONITOR & MWAIT are supported, then interpret them here.
-         */
-        DISCPUSTATE cpu;
-        rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &cpu, "Guest Trap (#UD): ");
-        if (    RT_SUCCESS(rc)
-            && (cpu.pCurInstr->opcode == OP_MONITOR || cpu.pCurInstr->opcode == OP_MWAIT))
+        {
-            uint32_t u32Dummy, u32Features, u32ExtFeatures;
-            CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Features);
-            if (u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR)
+            {
-                rc = TRPMResetTrap(pVCpu);
-                AssertRC(rc);
-                uint32_t opsize;
-                rc = EMInterpretInstructionCPU(pVM, pVCpu, &cpu, CPUMCTX2CORE(pCtx), 0, &opsize);
-                if (RT_SUCCESS(rc))
+                {
-                    pCtx->rip += cpu.opsize;
-#ifdef EM_NOTIFY_HWACCM
-                    if (pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_HWACC)
-                        HWACCMR3NotifyEmulated(pVCpu);
-#endif
-                    return rc;
+                }
-                return emR3RawExecuteInstruction(pVM, pVCpu, "Monitor: ");
+            }
+        }
+    }
-    else if (u8TrapNo == 13) /* (#GP) Privileged exception */
+    {
-        /*
-         * Handle I/O bitmap?
-         */
-        /** @todo We're not supposed to be here with a false guest trap concerning
-         *        I/O access. We can easily handle those in RC.  */
-        DISCPUSTATE cpu;
-        rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &cpu, "Guest Trap: ");
-        if (    RT_SUCCESS(rc)
-            &&  (cpu.pCurInstr->optype & OPTYPE_PORTIO))
+        {
-            /*
-             * We should really check the TSS for the IO bitmap, but it's not like this
-             * lazy approach really makes things worse.
-             */
-            rc = TRPMResetTrap(pVCpu);
-            AssertRC(rc);
-            return emR3RawExecuteInstruction(pVM, pVCpu, "IO Guest Trap: ");
+        }
+    }
-#ifdef LOG_ENABLED
-    DBGFR3InfoLog(pVM, "cpumguest", "Guest trap");
-    DBGFR3DisasInstrCurrentLog(pVCpu, "Guest trap");
-    /* Get guest page information. */
-    uint64_t    fFlags = 0;
-    RTGCPHYS    GCPhys = 0;
-    int rc2 = PGMGstGetPage(pVCpu, uCR2, &fFlags, &GCPhys);
-    Log(("emR3RawGuestTrap: cs:eip=%04x:%08x: trap=%02x err=%08x cr2=%08x cr0=%08x%s: Phys=%RGp fFlags=%08llx %s %s %s%s rc2=%d\n",
-         pCtx->cs, pCtx->eip, u8TrapNo, uErrorCode, uCR2, (uint32_t)pCtx->cr0, (enmType == TRPM_SOFTWARE_INT) ? " software" : "",  GCPhys, fFlags,
-         fFlags & X86_PTE_P  ? "P " : "NP", fFlags & X86_PTE_US ? "U"  : "S",
-         fFlags & X86_PTE_RW ? "RW" : "R0", fFlags & X86_PTE_G  ? " G" : "", rc2));
-#endif
-    /*
-     * #PG has CR2.
-     * (Because of stuff like above we must set CR2 in a delayed fashion.)
-     */
-    if (u8TrapNo == 14 /* #PG */)
-        pCtx->cr2 = uCR2;
-    return VINF_EM_RESCHEDULE_REM;
+}
-/**
- * Handle a ring switch trap.
- * Need to do statistics and to install patches. The result is going to REM.
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM     VM handle.
- * @param   pVCpu       VMCPU handle.
- */
-static int emR3RawRingSwitch(PVM pVM, PVMCPU pVCpu)
+{
-    int         rc;
-    DISCPUSTATE Cpu;
-    PCPUMCTX    pCtx = pVCpu->em.s.pCtx;
-    /*
-     * sysenter, syscall & callgate
-     */
-    rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &Cpu, "RSWITCH: ");
-    if (RT_SUCCESS(rc))
+    {
-        if (Cpu.pCurInstr->opcode == OP_SYSENTER)
+        {
-            if (pCtx->SysEnter.cs != 0)
+            {
-                rc = PATMR3InstallPatch(pVM, SELMToFlat(pVM, DIS_SELREG_CS, CPUMCTX2CORE(pCtx), pCtx->eip),
-                                        (SELMGetCpuModeFromSelector(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid) == CPUMODE_32BIT) ? PATMFL_CODE32 : 0);
-                if (RT_SUCCESS(rc))
+                {
-                    DBGFR3DisasInstrCurrentLog(pVCpu, "Patched sysenter instruction");
-                    return VINF_EM_RESCHEDULE_RAW;
+                }
+            }
+        }
-#ifdef VBOX_WITH_STATISTICS
-        switch (Cpu.pCurInstr->opcode)
+        {
-            case OP_SYSENTER:
-                STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatSysEnter);
-                break;
-            case OP_SYSEXIT:
-                STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatSysExit);
-                break;
-            case OP_SYSCALL:
-                STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatSysCall);
-                break;
-            case OP_SYSRET:
-                STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->StatSysRet);
-                break;
+        }
-#endif
+    }
-    else
-        AssertRC(rc);
-    /* go to the REM to emulate a single instruction */
-    return emR3RawExecuteInstruction(pVM, pVCpu, "RSWITCH: ");
+}
-/**
- * Handle a trap (\#PF or \#GP) in patch code
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM     VM handle.
- * @param   pVCpu   VMCPU handle.
- * @param   pCtx    CPU context
- * @param   gcret   GC return code
- */
-static int emR3PatchTrap(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int gcret)
+{
-    uint8_t         u8TrapNo;
-    int             rc;
-    TRPMEVENT       enmType;
-    RTGCUINT        uErrorCode;
-    RTGCUINTPTR     uCR2;
-    Assert(PATMIsPatchGCAddr(pVM, pCtx->eip));
-    if (gcret == VINF_PATM_PATCH_INT3)
+    {
-        u8TrapNo   = 3;
-        uCR2       = 0;
-        uErrorCode = 0;
+    }
-    else if (gcret == VINF_PATM_PATCH_TRAP_GP)
+    {
-        /* No active trap in this case. Kind of ugly. */
-        u8TrapNo   = X86_XCPT_GP;
-        uCR2       = 0;
-        uErrorCode = 0;
+    }
-    else
+    {
-        rc = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrorCode, &uCR2);
-        if (RT_FAILURE(rc))
+        {
-            AssertReleaseMsgFailed(("emR3PatchTrap: no trap! (rc=%Rrc) gcret=%Rrc\n", rc, gcret));
-            return rc;
+        }
-        /* Reset the trap as we'll execute the original instruction again. */
-        TRPMResetTrap(pVCpu);
+    }
-    /*
-     * Deal with traps inside patch code.
-     * (This code won't run outside GC.)
-     */
-    if (u8TrapNo != 1)
+    {
-#ifdef LOG_ENABLED
-        DBGFR3InfoLog(pVM, "cpumguest", "Trap in patch code");
-        DBGFR3DisasInstrCurrentLog(pVCpu, "Patch code");
-        DISCPUSTATE Cpu;
-        int         rc;
-        rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->eip, &Cpu, "Patch code: ");
-        if (    RT_SUCCESS(rc)
-            &&  Cpu.pCurInstr->opcode == OP_IRET)
+        {
-            uint32_t eip, selCS, uEFlags;
-            /* Iret crashes are bad as we have already changed the flags on the stack */
-            rc  = PGMPhysSimpleReadGCPtr(pVCpu, &eip,     pCtx->esp, 4);
-            rc |= PGMPhysSimpleReadGCPtr(pVCpu, &selCS,   pCtx->esp+4, 4);
-            rc |= PGMPhysSimpleReadGCPtr(pVCpu, &uEFlags, pCtx->esp+8, 4);
-            if (rc == VINF_SUCCESS)
+            {
-                if (    (uEFlags & X86_EFL_VM)
-                    ||  (selCS & X86_SEL_RPL) == 3)
+                {
-                    uint32_t selSS, esp;
-                    rc |= PGMPhysSimpleReadGCPtr(pVCpu, &esp,     pCtx->esp + 12, 4);
-                    rc |= PGMPhysSimpleReadGCPtr(pVCpu, &selSS,   pCtx->esp + 16, 4);
-                    if (uEFlags & X86_EFL_VM)
+                    {
-                        uint32_t selDS, selES, selFS, selGS;
-                        rc  = PGMPhysSimpleReadGCPtr(pVCpu, &selES,   pCtx->esp + 20, 4);
-                        rc |= PGMPhysSimpleReadGCPtr(pVCpu, &selDS,   pCtx->esp + 24, 4);
-                        rc |= PGMPhysSimpleReadGCPtr(pVCpu, &selFS,   pCtx->esp + 28, 4);
-                        rc |= PGMPhysSimpleReadGCPtr(pVCpu, &selGS,   pCtx->esp + 32, 4);
-                        if (rc == VINF_SUCCESS)
+                        {
-                            Log(("Patch code: IRET->VM stack frame: return address %04X:%08RX32 eflags=%08x ss:esp=%04X:%08RX32\n", selCS, eip, uEFlags, selSS, esp));
-                            Log(("Patch code: IRET->VM stack frame: DS=%04X ES=%04X FS=%04X GS=%04X\n", selDS, selES, selFS, selGS));
+                        }
+                    }
-                    else
-                        Log(("Patch code: IRET stack frame: return address %04X:%08RX32 eflags=%08x ss:esp=%04X:%08RX32\n", selCS, eip, uEFlags, selSS, esp));
+                }
-                else
-                    Log(("Patch code: IRET stack frame: return address %04X:%08RX32 eflags=%08x\n", selCS, eip, uEFlags));
+            }
+        }
-#endif /* LOG_ENABLED */
-        Log(("emR3PatchTrap: in patch: eip=%08x: trap=%02x err=%08x cr2=%08x cr0=%08x\n",
-             pCtx->eip, u8TrapNo, uErrorCode, uCR2, (uint32_t)pCtx->cr0));
-        RTGCPTR pNewEip;
-        rc = PATMR3HandleTrap(pVM, pCtx, pCtx->eip, &pNewEip);
-        switch (rc)
+        {
-            /*
-             * Execute the faulting instruction.
-             */
-            case VINF_SUCCESS:
+            {
-                /** @todo execute a whole block */
-                Log(("emR3PatchTrap: Executing faulting instruction at new address %RGv\n", pNewEip));
-                if (!(pVCpu->em.s.pPatmGCState->uVMFlags & X86_EFL_IF))
-                    Log(("emR3PatchTrap: Virtual IF flag disabled!!\n"));
-                pCtx->eip = pNewEip;
-                AssertRelease(pCtx->eip);
-                if (pCtx->eflags.Bits.u1IF)
+                {
-                    /* Windows XP lets irets fault intentionally and then takes action based on the opcode; an
-                     * int3 patch overwrites it and leads to blue screens. Remove the patch in this case.
-                     */
-                    if (    u8TrapNo == X86_XCPT_GP
-                        &&  PATMIsInt3Patch(pVM, pCtx->eip, NULL, NULL))
+                    {
-                        /** @todo move to PATMR3HandleTrap */
-                        Log(("Possible Windows XP iret fault at %08RX32\n", pCtx->eip));
-                        PATMR3RemovePatch(pVM, pCtx->eip);
+                    }
-                    /** @todo Knoppix 5 regression when returning VINF_SUCCESS here and going back to raw mode. */
-                    /* Note: possibly because a reschedule is required (e.g. iret to V86 code) */
-                    return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIR");
-                    /* Interrupts are enabled; just go back to the original instruction.
-                    return VINF_SUCCESS; */
+                }
-                return VINF_EM_RESCHEDULE_REM;
+            }
-            /*
-             * One instruction.
-             */
-            case VINF_PATCH_EMULATE_INSTR:
-                Log(("emR3PatchTrap: Emulate patched instruction at %RGv IF=%d VMIF=%x\n",
-                     pNewEip, pCtx->eflags.Bits.u1IF, pVCpu->em.s.pPatmGCState->uVMFlags));
-                pCtx->eip = pNewEip;
-                AssertRelease(pCtx->eip);
-                return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHEMUL: ");
-            /*
-             * The patch was disabled, hand it to the REM.
-             */
-            case VERR_PATCH_DISABLED:
-                if (!(pVCpu->em.s.pPatmGCState->uVMFlags & X86_EFL_IF))
-                    Log(("emR3PatchTrap: Virtual IF flag disabled!!\n"));
-                pCtx->eip = pNewEip;
-                AssertRelease(pCtx->eip);
-                if (pCtx->eflags.Bits.u1IF)
+                {
-                    /*
-                     * The last instruction in the patch block needs to be executed!! (sti/sysexit for example)
-                     */
-                    Log(("PATCH: IF=1 -> emulate last instruction as it can't be interrupted!!\n"));
-                    return emR3RawExecuteInstruction(pVM, pVCpu, "PATCHIR");
+                }
-                return VINF_EM_RESCHEDULE_REM;
-            /* Force continued patch exection; usually due to write monitored stack. */
-            case VINF_PATCH_CONTINUE:
-                return VINF_SUCCESS;
-            /*
-             * Anything else is *fatal*.
-             */
-            default:
-                AssertReleaseMsgFailed(("Unknown return code %Rrc from PATMR3HandleTrap!\n", rc));
-                return VERR_IPE_UNEXPECTED_STATUS;
+        }
+    }
-    return VINF_SUCCESS;
+}
-/**
- * Handle a privileged instruction.
+ *
- * @returns VBox status code suitable for EM.
- * @param   pVM     VM handle.
- * @param   pVCpu   VMCPU handle;
- */
-static int emR3RawPrivileged(PVM pVM, PVMCPU pVCpu)
+{
-    STAM_PROFILE_START(&pVCpu->em.s.StatPrivEmu, a);
-    PCPUMCTX    pCtx = pVCpu->em.s.pCtx;
-    Assert(!pCtx->eflags.Bits.u1VM);
-    if (PATMIsEnabled(pVM))
+    {
-        /*
-         * Check if in patch code.
-         */
-        if (PATMR3IsInsidePatchJump(pVM, pCtx->eip, NULL))
+        {
-#ifdef LOG_ENABLED
-            DBGFR3InfoLog(pVM, "cpumguest", "PRIV");
-#endif
-            AssertMsgFailed(("FATAL ERROR: executing random instruction inside generated patch jump %08X\n", pCtx->eip));
-            return VERR_EM_RAW_PATCH_CONFLICT;
+        }
-        if (   (pCtx->ss & X86_SEL_RPL) == 0
-            && !pCtx->eflags.Bits.u1VM
-            && !PATMIsPatchGCAddr(pVM, pCtx->eip))
+        {
-            int rc = PATMR3InstallPatch(pVM, SELMToFlat(pVM, DIS_SELREG_CS, CPUMCTX2CORE(pCtx), pCtx->eip),
-                                        (SELMGetCpuModeFromSelector(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid) == CPUMODE_32BIT) ? PATMFL_CODE32 : 0);
-            if (RT_SUCCESS(rc))
+            {
-#ifdef LOG_ENABLED
-                DBGFR3InfoLog(pVM, "cpumguest", "PRIV");
-#endif
-                DBGFR3DisasInstrCurrentLog(pVCpu, "Patched privileged instruction");
-                return VINF_SUCCESS;
+            }
+        }
+    }
-#ifdef LOG_ENABLED
-    if (!PATMIsPatchGCAddr(pVM, pCtx->eip))
+    {
-        DBGFR3InfoLog(pVM, "cpumguest", "PRIV");
-        DBGFR3DisasInstrCurrentLog(pVCpu, "Privileged instr: ");
+    }
-#endif
-    /*
-     * Instruction statistics and logging.
-     */
-    DISCPUSTATE Cpu;
-    int         rc;
-    rc = CPUMR3DisasmInstrCPU(pVM, pVCpu, pCtx, pCtx->rip, &Cpu, "PRIV: ");
-    if (RT_SUCCESS(rc))
+    {
-#ifdef VBOX_WITH_STATISTICS
-        PEMSTATS pStats = pVCpu->em.s.CTX_SUFF(pStats);
-        switch (Cpu.pCurInstr->opcode)
+        {
-            case OP_INVLPG:
-                STAM_COUNTER_INC(&pStats->StatInvlpg);
-                break;
-            case OP_IRET:
-                STAM_COUNTER_INC(&pStats->StatIret);
-                break;
-            case OP_CLI:
-                STAM_COUNTER_INC(&pStats->StatCli);
-                emR3RecordCli(pVM, pVCpu, pCtx->rip);
-                break;
-            case OP_STI:
-                STAM_COUNTER_INC(&pStats->StatSti);
-                break;
-            case OP_INSB:
-            case OP_INSWD:
-            case OP_IN:
-            case OP_OUTSB:
-            case OP_OUTSWD:
-            case OP_OUT:
-                AssertMsgFailed(("Unexpected privileged exception due to port IO\n"));
-                break;
-            case OP_MOV_CR:
-                if (Cpu.param1.flags & USE_REG_GEN32)
+                {
-                    //read
-                    Assert(Cpu.param2.flags & USE_REG_CR);
-                    Assert(Cpu.param2.base.reg_ctrl <= USE_REG_CR4);
-                    STAM_COUNTER_INC(&pStats->StatMovReadCR[Cpu.param2.base.reg_ctrl]);
+                }
-                else
+                {
-                    //write
-                    Assert(Cpu.param1.flags & USE_REG_CR);
-                    Assert(Cpu.param1.base.reg_ctrl <= USE_REG_CR4);
-                    STAM_COUNTER_INC(&pStats->StatMovWriteCR[Cpu.param1.base.reg_ctrl]);
+                }
-                break;
-            case OP_MOV_DR:
-                STAM_COUNTER_INC(&pStats->StatMovDRx);
-                break;
-            case OP_LLDT:
-                STAM_COUNTER_INC(&pStats->StatMovLldt);
-                break;
-            case OP_LIDT:
-                STAM_COUNTER_INC(&pStats->StatMovLidt);
-                break;
-            case OP_LGDT:
-                STAM_COUNTER_INC(&pStats->StatMovLgdt);
-                break;
-            case OP_SYSENTER:
-                STAM_COUNTER_INC(&pStats->StatSysEnter);
-                break;
-            case OP_SYSEXIT:
-                STAM_COUNTER_INC(&pStats->StatSysExit);
-                break;
-            case OP_SYSCALL:
-                STAM_COUNTER_INC(&pStats->StatSysCall);
-                break;
-            case OP_SYSRET:
-                STAM_COUNTER_INC(&pStats->StatSysRet);
-                break;
-            case OP_HLT:
-                STAM_COUNTER_INC(&pStats->StatHlt);
-                break;
-            default:
-                STAM_COUNTER_INC(&pStats->StatMisc);
-                Log4(("emR3RawPrivileged: opcode=%d\n", Cpu.pCurInstr->opcode));
-                break;
+        }
-#endif /* VBOX_WITH_STATISTICS */
-        if (    (pCtx->ss & X86_SEL_RPL) == 0
-            &&  !pCtx->eflags.Bits.u1VM
-            &&  SELMGetCpuModeFromSelector(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid) == CPUMODE_32BIT)
+        {
-            uint32_t size;
-            STAM_PROFILE_START(&pVCpu->em.s.StatPrivEmu, a);
-            switch (Cpu.pCurInstr->opcode)
+            {
-                case OP_CLI:
-                    pCtx->eflags.u32 &= ~X86_EFL_IF;
-                    Assert(Cpu.opsize == 1);
-                    pCtx->rip += Cpu.opsize;
-                    STAM_PROFILE_STOP(&pVCpu->em.s.StatPrivEmu, a);
-                    return VINF_EM_RESCHEDULE_REM; /* must go to the recompiler now! */
-                case OP_STI:
-                    pCtx->eflags.u32 |= X86_EFL_IF;
-                    EMSetInhibitInterruptsPC(pVCpu, pCtx->rip + Cpu.opsize);
-                    Assert(Cpu.opsize == 1);
-                    pCtx->rip += Cpu.opsize;
-                    STAM_PROFILE_STOP(&pVCpu->em.s.StatPrivEmu, a);
-                    return VINF_SUCCESS;
-                case OP_HLT:
-                    if (PATMIsPatchGCAddr(pVM, (RTGCPTR)pCtx->eip))
+                    {
-                        PATMTRANSSTATE  enmState;
-                        RTGCPTR         pOrgInstrGC = PATMR3PatchToGCPtr(pVM, pCtx->eip, &enmState);
-                        if (enmState == PATMTRANS_OVERWRITTEN)
+                        {
-                            rc = PATMR3DetectConflict(pVM, pOrgInstrGC, pOrgInstrGC);
-                            Assert(rc == VERR_PATCH_DISABLED);
-                            /* Conflict detected, patch disabled */
-                            Log(("emR3RawPrivileged: detected conflict -> disabled patch at %08RX32\n", pCtx->eip));
-                            enmState = PATMTRANS_SAFE;
+                        }
-                        /* The translation had better be successful. Otherwise we can't recover. */
-                        AssertReleaseMsg(pOrgInstrGC && enmState != PATMTRANS_OVERWRITTEN, ("Unable to translate instruction address at %08RX32\n", pCtx->eip));
-                        if (enmState != PATMTRANS_OVERWRITTEN)
-                            pCtx->eip = pOrgInstrGC;
+                    }
-                    /* no break; we could just return VINF_EM_HALT here */
-                case OP_MOV_CR:
-                case OP_MOV_DR:
-#ifdef LOG_ENABLED
-                    if (PATMIsPatchGCAddr(pVM, pCtx->eip))
+                    {
-                        DBGFR3InfoLog(pVM, "cpumguest", "PRIV");
-                        DBGFR3DisasInstrCurrentLog(pVCpu, "Privileged instr: ");
+                    }
-#endif
-                    rc = EMInterpretInstructionCPU(pVM, pVCpu, &Cpu, CPUMCTX2CORE(pCtx), 0, &size);
-                    if (RT_SUCCESS(rc))
+                    {
-                        pCtx->rip += Cpu.opsize;
-#ifdef EM_NOTIFY_HWACCM
-                        if (pVCpu->em.s.enmState == EMSTATE_DEBUG_GUEST_HWACC)
-                            HWACCMR3NotifyEmulated(pVCpu);
-#endif
-                        STAM_PROFILE_STOP(&pVCpu->em.s.StatPrivEmu, a);
-                        if (    Cpu.pCurInstr->opcode == OP_MOV_CR
-                            &&  Cpu.param1.flags == USE_REG_CR /* write */
+                           )
+                        {
-                            /* Deal with CR0 updates inside patch code that force
-                             * us to go to the recompiler.
-                             */
-                            if (   PATMIsPatchGCAddr(pVM, pCtx->rip)
-                                && (pCtx->cr0 & (X86_CR0_WP|X86_CR0_PG|X86_CR0_PE)) != (X86_CR0_WP|X86_CR0_PG|X86_CR0_PE))
+                            {
-                                PATMTRANSSTATE  enmState;
-                                RTGCPTR         pOrgInstrGC = PATMR3PatchToGCPtr(pVM, pCtx->rip, &enmState);
-                                Log(("Force recompiler switch due to cr0 (%RGp) update rip=%RGv -> %RGv (enmState=%d)\n", pCtx->cr0, pCtx->rip, pOrgInstrGC, enmState));
-                                if (enmState == PATMTRANS_OVERWRITTEN)
+                                {
-                                    rc = PATMR3DetectConflict(pVM, pOrgInstrGC, pOrgInstrGC);
-                                    Assert(rc == VERR_PATCH_DISABLED);
-                                    /* Conflict detected, patch disabled */
-                                    Log(("emR3RawPrivileged: detected conflict -> disabled patch at %RGv\n", (RTGCPTR)pCtx->rip));
-                                    enmState = PATMTRANS_SAFE;
+                                }
-                                /* The translation had better be successful. Otherwise we can't recover. */
-                                AssertReleaseMsg(pOrgInstrGC && enmState != PATMTRANS_OVERWRITTEN, ("Unable to translate instruction address at %RGv\n", (RTGCPTR)pCtx->rip));
-                                if (enmState != PATMTRANS_OVERWRITTEN)
-                                    pCtx->rip = pOrgInstrGC;
+                            }
-                            /* Reschedule is necessary as the execution/paging mode might have changed. */
-                            return VINF_EM_RESCHEDULE;
+                        }
-                        return rc; /* can return VINF_EM_HALT as well. */
+                    }
-                    AssertMsgReturn(rc == VERR_EM_INTERPRETER, ("%Rrc\n", rc), rc);
-                    break; /* fall back to the recompiler */
+            }
-            STAM_PROFILE_STOP(&pVCpu->em.s.StatPrivEmu, a);
+        }
+    }
-    if (PATMIsPatchGCAddr(pVM, pCtx->eip))
-        return emR3PatchTrap(pVM, pVCpu, pCtx, VINF_PATM_PATCH_TRAP_GP);
-    return emR3RawExecuteInstruction(pVM, pVCpu, "PRIV");
+}
-/**
- * Update the forced rawmode execution modifier.
+ *
- * This function is called when we're returning from the raw-mode loop(s). If we're
- * in patch code, it will set a flag forcing execution to be resumed in raw-mode,
- * if not in patch code, the flag will be cleared.
+ *
- * We should never interrupt patch code while it's being executed. Cli patches can
- * contain big code blocks, but they are always executed with IF=0. Other patches
- * replace single instructions and should be atomic.
+ *
- * @returns Updated rc.
+ *
- * @param   pVM     The VM handle.
- * @param   pVCpu   The VMCPU handle.
- * @param   pCtx    The guest CPU context.
- * @param   rc      The result code.
- */
-DECLINLINE(int) emR3RawUpdateForceFlag(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc)
+{
-    if (PATMIsPatchGCAddr(pVM, pCtx->eip)) /** @todo check cs selector base/type */
+    {
-        /* ignore reschedule attempts. */
-        switch (rc)
+        {
-            case VINF_EM_RESCHEDULE:
-            case VINF_EM_RESCHEDULE_REM:
-                LogFlow(("emR3RawUpdateForceFlag: patch address -> force raw reschedule\n"));
-                rc = VINF_SUCCESS;
-                break;
+        }
-        pVCpu->em.s.fForceRAW = true;
+    }
-    else
-        pVCpu->em.s.fForceRAW = false;
-    return rc;
+}
-/**
- * Check for pending raw actions
+ *
- * @returns VBox status code. May return VINF_EM_NO_MEMORY but none of the other
- *          EM statuses.
- * @param   pVM         The VM to operate on.
- * @param   pVCpu       The VMCPU handle.
- */
-VMMR3DECL(int) EMR3CheckRawForcedActions(PVM pVM, PVMCPU pVCpu)
+{
-    return emR3RawForcedActions(pVM, pVCpu, pVCpu->em.s.pCtx);
+}
-/**
- * Process raw-mode specific forced actions.
+ *
- * This function is called when any FFs in the VM_FF_HIGH_PRIORITY_PRE_RAW_MASK is pending.
+ *
- * @returns VBox status code. May return VINF_EM_NO_MEMORY but none of the other
- *          EM statuses.
- * @param   pVM         The VM handle.
- * @param   pVCpu       The VMCPU handle.
- * @param   pCtx        The guest CPUM register context.
- */
-static int emR3RawForcedActions(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
+{
-    /*
-     * Note that the order is *vitally* important!
-     * Also note that SELMR3UpdateFromCPUM may trigger VM_FF_SELM_SYNC_TSS.
-     */
-    /*
-     * Sync selector tables.
-     */
-    if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT))
+    {
-        int rc = SELMR3UpdateFromCPUM(pVM, pVCpu);
-        if (RT_FAILURE(rc))
-            return rc;
+    }
-    /*
-     * Sync IDT.
+     *
-     * The CSAMR3CheckGates call in TRPMR3SyncIDT may call PGMPrefetchPage
-     * and PGMShwModifyPage, so we're in for trouble if for instance a
-     * PGMSyncCR3+pgmPoolClearAll is pending.
-     */
-    if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TRPM_SYNC_IDT))
+    {
-        if (   VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3)
-            && EMIsRawRing0Enabled(pVM)
-            && CSAMIsEnabled(pVM))
+        {
-            int rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
-            if (RT_FAILURE(rc))
-                return rc;
+        }
-        int rc = TRPMR3SyncIDT(pVM, pVCpu);
-        if (RT_FAILURE(rc))
-            return rc;
+    }
-    /*
-     * Sync TSS.
-     */
-    if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_TSS))
+    {
-        int rc = SELMR3SyncTSS(pVM, pVCpu);
-        if (RT_FAILURE(rc))
-            return rc;
+    }
-    /*
-     * Sync page directory.
-     */
-    if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
+    {
-        Assert(pVCpu->em.s.enmState != EMSTATE_WAIT_SIPI);
-        int rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
-        if (RT_FAILURE(rc))
-            return rc;
-        Assert(!VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT));
-        /* Prefetch pages for EIP and ESP. */
-        /** @todo This is rather expensive. Should investigate if it really helps at all. */
-        rc = PGMPrefetchPage(pVCpu, SELMToFlat(pVM, DIS_SELREG_CS, CPUMCTX2CORE(pCtx), pCtx->rip));
-        if (rc == VINF_SUCCESS)
-            rc = PGMPrefetchPage(pVCpu, SELMToFlat(pVM, DIS_SELREG_SS, CPUMCTX2CORE(pCtx), pCtx->rsp));
-        if (rc != VINF_SUCCESS)
+        {
-            if (rc != VINF_PGM_SYNC_CR3)
+            {
-                AssertLogRelMsgReturn(RT_FAILURE(rc), ("%Rrc\n", rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
-                return rc;
+            }
-            rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
-            if (RT_FAILURE(rc))
-                return rc;
+        }
-        /** @todo maybe prefetch the supervisor stack page as well */
-        Assert(!VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT));
+    }
-    /*
-     * Allocate handy pages (just in case the above actions have consumed some pages).
-     */
-    if (VM_FF_IS_PENDING_EXCEPT(pVM, VM_FF_PGM_NEED_HANDY_PAGES, VM_FF_PGM_NO_MEMORY))
+    {
-        int rc = PGMR3PhysAllocateHandyPages(pVM);
-        if (RT_FAILURE(rc))
-            return rc;
+    }
-    /*
-     * Check whether we're out of memory now.
+     *
-     * This may stem from some of the above actions or operations that has been executed
-     * since we ran FFs. The allocate handy pages must for instance always be followed by
-     * this check.
-     */
-    if (VM_FF_ISPENDING(pVM, VM_FF_PGM_NO_MEMORY))
-        return VINF_EM_NO_MEMORY;
-    return VINF_SUCCESS;
+}
-/**
- * Executes raw code.
+ *
- * This function contains the raw-mode version of the inner
- * execution loop (the outer loop being in EMR3ExecuteVM()).
+ *
- * @returns VBox status code. The most important ones are: VINF_EM_RESCHEDULE,
- *          VINF_EM_RESCHEDULE_REM, VINF_EM_SUSPEND, VINF_EM_RESET and VINF_EM_TERMINATE.
+ *
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle.
- * @param   pfFFDone    Where to store an indicator telling whether or not
- *                      FFs were done before returning.
- */
-static int emR3RawExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone)
+{
-    STAM_REL_PROFILE_ADV_START(&pVCpu->em.s.StatRAWTotal, a);
-    int      rc = VERR_INTERNAL_ERROR;
-    PCPUMCTX pCtx = pVCpu->em.s.pCtx;
-    LogFlow(("emR3RawExecute: (cs:eip=%04x:%08x)\n", pCtx->cs, pCtx->eip));
-    pVCpu->em.s.fForceRAW = false;
-    *pfFFDone = false;
-    /*
+     *
-     * Spin till we get a forced action or raw mode status code resulting in
-     * in anything but VINF_SUCCESS or VINF_EM_RESCHEDULE_RAW.
+     *
-     */
-    for (;;)
+    {
-        STAM_PROFILE_ADV_START(&pVCpu->em.s.StatRAWEntry, b);
-        /*
-         * Check various preconditions.
-         */
-#ifdef VBOX_STRICT
-        Assert(REMR3QueryPendingInterrupt(pVM, pVCpu) == REM_NO_PENDING_IRQ);
-        Assert(pCtx->eflags.Bits.u1VM || (pCtx->ss & X86_SEL_RPL) == 3 || (pCtx->ss & X86_SEL_RPL) == 0);
-        AssertMsg(   (pCtx->eflags.u32 & X86_EFL_IF)
-                  || PATMShouldUseRawMode(pVM, (RTGCPTR)pCtx->eip),
-                  ("Tried to execute code with IF at EIP=%08x!\n", pCtx->eip));
-        if (    !VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL)
-            &&  PGMMapHasConflicts(pVM))
+        {
-            PGMMapCheck(pVM);
-            AssertMsgFailed(("We should not get conflicts any longer!!!\n"));
-            return VERR_INTERNAL_ERROR;
+        }
-#endif /* VBOX_STRICT */
-        /*
-         * Process high priority pre-execution raw-mode FFs.
-         */
-        if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_PRE_RAW_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+        {
-            rc = emR3RawForcedActions(pVM, pVCpu, pCtx);
-            if (rc != VINF_SUCCESS)
-                break;
+        }
-        /*
-         * If we're going to execute ring-0 code, the guest state needs to
-         * be modified a bit and some of the state components (IF, SS/CS RPL,
-         * and perhaps EIP) needs to be stored with PATM.
-         */
-        rc = CPUMRawEnter(pVCpu, NULL);
-        if (rc != VINF_SUCCESS)
+        {
-            STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWEntry, b);
-            break;
+        }
-        /*
-         * Scan code before executing it. Don't bother with user mode or V86 code
-         */
-        if (    (pCtx->ss & X86_SEL_RPL) <= 1
-            &&  !pCtx->eflags.Bits.u1VM
-            && !PATMIsPatchGCAddr(pVM, pCtx->eip))
+        {
-            STAM_PROFILE_ADV_SUSPEND(&pVCpu->em.s.StatRAWEntry, b);
-            CSAMR3CheckCodeEx(pVM, CPUMCTX2CORE(pCtx), pCtx->eip);
-            STAM_PROFILE_ADV_RESUME(&pVCpu->em.s.StatRAWEntry, b);
-            if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_PRE_RAW_MASK)
-                ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+            {
-                rc = emR3RawForcedActions(pVM, pVCpu, pCtx);
-                if (rc != VINF_SUCCESS)
+                {
-                    rc = CPUMRawLeave(pVCpu, NULL, rc);
-                    break;
+                }
+            }
+        }
-#ifdef LOG_ENABLED
-        /*
-         * Log important stuff before entering GC.
-         */
-        PPATMGCSTATE pGCState = PATMR3QueryGCStateHC(pVM);
-        if (pCtx->eflags.Bits.u1VM)
-            Log(("RV86: %04X:%08X IF=%d VMFlags=%x\n", pCtx->cs, pCtx->eip, pCtx->eflags.Bits.u1IF, pGCState->uVMFlags));
-        else if ((pCtx->ss & X86_SEL_RPL) == 1)
+        {
-            bool fCSAMScanned = CSAMIsPageScanned(pVM, (RTGCPTR)pCtx->eip);
-            Log(("RR0: %08X ESP=%08X IF=%d VMFlags=%x PIF=%d CPL=%d (Scanned=%d)\n", pCtx->eip, pCtx->esp, pCtx->eflags.Bits.u1IF, pGCState->uVMFlags, pGCState->fPIF, (pCtx->ss & X86_SEL_RPL), fCSAMScanned));
+        }
-        else if ((pCtx->ss & X86_SEL_RPL) == 3)
-            Log(("RR3: %08X ESP=%08X IF=%d VMFlags=%x\n", pCtx->eip, pCtx->esp, pCtx->eflags.Bits.u1IF, pGCState->uVMFlags));
-#endif /* LOG_ENABLED */
-        /*
-         * Execute the code.
-         */
-        STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWEntry, b);
-        STAM_PROFILE_START(&pVCpu->em.s.StatRAWExec, c);
-        rc = VMMR3RawRunGC(pVM, pVCpu);
-        STAM_PROFILE_STOP(&pVCpu->em.s.StatRAWExec, c);
-        STAM_PROFILE_ADV_START(&pVCpu->em.s.StatRAWTail, d);
-        LogFlow(("RR0-E: %08X ESP=%08X IF=%d VMFlags=%x PIF=%d CPL=%d\n", pCtx->eip, pCtx->esp, pCtx->eflags.Bits.u1IF, pGCState->uVMFlags, pGCState->fPIF, (pCtx->ss & X86_SEL_RPL)));
-        LogFlow(("VMMR3RawRunGC returned %Rrc\n", rc));
-        /*
-         * Restore the real CPU state and deal with high priority post
-         * execution FFs before doing anything else.
-         */
-        rc = CPUMRawLeave(pVCpu, NULL, rc);
-        VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_RESUME_GUEST_MASK);
-        if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_POST_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_POST_MASK))
-            rc = emR3HighPriorityPostForcedActions(pVM, pVCpu, rc);
-#ifdef VBOX_STRICT
-        /*
-         * Assert TSS consistency & rc vs patch code.
-         */
-        if (   !VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_TSS | VMCPU_FF_SELM_SYNC_GDT) /* GDT implies TSS at the moment. */
-            &&  EMIsRawRing0Enabled(pVM))
-            SELMR3CheckTSS(pVM);
-        switch (rc)
+        {
-            case VINF_SUCCESS:
-            case VINF_EM_RAW_INTERRUPT:
-            case VINF_PATM_PATCH_TRAP_PF:
-            case VINF_PATM_PATCH_TRAP_GP:
-            case VINF_PATM_PATCH_INT3:
-            case VINF_PATM_CHECK_PATCH_PAGE:
-            case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
-            case VINF_EM_RAW_GUEST_TRAP:
-            case VINF_EM_RESCHEDULE_RAW:
-                break;
-            default:
-                if (PATMIsPatchGCAddr(pVM, pCtx->eip) && !(pCtx->eflags.u32 & X86_EFL_TF))
-                    LogIt(NULL, 0, LOG_GROUP_PATM, ("Patch code interrupted at %RRv for reason %Rrc\n", (RTRCPTR)CPUMGetGuestEIP(pVCpu), rc));
-                break;
+        }
-        /*
-         * Let's go paranoid!
-         */
-        if (    !VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL)
-            &&  PGMMapHasConflicts(pVM))
+        {
-            PGMMapCheck(pVM);
-            AssertMsgFailed(("We should not get conflicts any longer!!! rc=%Rrc\n", rc));
-            return VERR_INTERNAL_ERROR;
+        }
-#endif /* VBOX_STRICT */
-        /*
-         * Process the returned status code.
-         */
-        if (rc >= VINF_EM_FIRST && rc <= VINF_EM_LAST)
+        {
-            STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWTail, d);
-            break;
+        }
-        rc = emR3RawHandleRC(pVM, pVCpu, pCtx, rc);
-        if (rc != VINF_SUCCESS)
+        {
-            rc = emR3RawUpdateForceFlag(pVM, pVCpu, pCtx, rc);
-            if (rc != VINF_SUCCESS)
+            {
-                STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWTail, d);
-                break;
+            }
+        }
-        /*
-         * Check and execute forced actions.
-         */
-#ifdef VBOX_HIGH_RES_TIMERS_HACK
-        TMTimerPollVoid(pVM, pVCpu);
-#endif
-        STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWTail, d);
-        if (    VM_FF_ISPENDING(pVM, ~VM_FF_HIGH_PRIORITY_PRE_RAW_MASK | VM_FF_PGM_NO_MEMORY)
-            ||  VMCPU_FF_ISPENDING(pVCpu, ~VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+        {
-            Assert(pCtx->eflags.Bits.u1VM || (pCtx->ss & X86_SEL_RPL) != 1);
-            STAM_REL_PROFILE_ADV_SUSPEND(&pVCpu->em.s.StatRAWTotal, a);
-            rc = emR3ForcedActions(pVM, pVCpu, rc);
-            STAM_REL_PROFILE_ADV_RESUME(&pVCpu->em.s.StatRAWTotal, a);
-            if (    rc != VINF_SUCCESS
-                &&  rc != VINF_EM_RESCHEDULE_RAW)
+            {
-                rc = emR3RawUpdateForceFlag(pVM, pVCpu, pCtx, rc);
-                if (rc != VINF_SUCCESS)
+                {
-                    *pfFFDone = true;
-                    break;
+                }
+            }
+        }
+    }
-    /*
-     * Return to outer loop.
-     */
-#if defined(LOG_ENABLED) && defined(DEBUG)
-    RTLogFlush(NULL);
-#endif
-    STAM_REL_PROFILE_ADV_STOP(&pVCpu->em.s.StatRAWTotal, a);
-    return rc;
+}
-/**
- * Executes hardware accelerated raw code. (Intel VMX & AMD SVM)
+ *
- * This function contains the raw-mode version of the inner
- * execution loop (the outer loop being in EMR3ExecuteVM()).
+ *
- * @returns VBox status code. The most important ones are: VINF_EM_RESCHEDULE, VINF_EM_RESCHEDULE_RAW,
- *          VINF_EM_RESCHEDULE_REM, VINF_EM_SUSPEND, VINF_EM_RESET and VINF_EM_TERMINATE.
+ *
- * @param   pVM         VM handle.
- * @param   pVCpu       VMCPU handle.
- * @param   pfFFDone    Where to store an indicator telling whether or not
- *                      FFs were done before returning.
- */
-static int emR3HwAccExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone)
+{
-    int      rc = VERR_INTERNAL_ERROR;
-    PCPUMCTX pCtx = pVCpu->em.s.pCtx;
-    LogFlow(("emR3HwAccExecute%d: (cs:eip=%04x:%RGv)\n", pVCpu->idCpu, pCtx->cs, (RTGCPTR)pCtx->rip));
-    *pfFFDone = false;
-    STAM_COUNTER_INC(&pVCpu->em.s.StatHwAccExecuteEntry);
-#ifdef EM_NOTIFY_HWACCM
-    HWACCMR3NotifyScheduled(pVCpu);
-#endif
-    /*
-     * Spin till we get a forced action which returns anything but VINF_SUCCESS.
-     */
-    for (;;)
+    {
-        STAM_PROFILE_ADV_START(&pVCpu->em.s.StatHwAccEntry, a);
-        /*
-         * Process high priority pre-execution raw-mode FFs.
-         */
-        VMCPU_FF_CLEAR(pVCpu, (VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT | VMCPU_FF_TRPM_SYNC_IDT | VMCPU_FF_SELM_SYNC_TSS)); /* not relevant in HWACCM mode; shouldn't be set really. */
-        if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_PRE_RAW_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_PRE_RAW_MASK))
+        {
-            rc = emR3RawForcedActions(pVM, pVCpu, pCtx);
-            if (rc != VINF_SUCCESS)
-                break;
+        }
-#ifdef LOG_ENABLED
-        /*
-         * Log important stuff before entering GC.
-         */
-        if (TRPMHasTrap(pVCpu))
-            Log(("CPU%d: Pending hardware interrupt=0x%x cs:rip=%04X:%RGv\n", pVCpu->idCpu, TRPMGetTrapNo(pVCpu), pCtx->cs, (RTGCPTR)pCtx->rip));
-        uint32_t cpl = CPUMGetGuestCPL(pVCpu, CPUMCTX2CORE(pCtx));
-        if (pVM->cCPUs == 1)
+        {
-            if (pCtx->eflags.Bits.u1VM)
-                Log(("HWV86: %08X IF=%d\n", pCtx->eip, pCtx->eflags.Bits.u1IF));
-            else if (CPUMIsGuestIn64BitCodeEx(pCtx))
-                Log(("HWR%d: %04X:%RGv ESP=%RGv IF=%d IOPL=%d CR0=%x CR4=%x EFER=%x\n", cpl, pCtx->cs, (RTGCPTR)pCtx->rip, pCtx->rsp, pCtx->eflags.Bits.u1IF, pCtx->eflags.Bits.u2IOPL, (uint32_t)pCtx->cr0, (uint32_t)pCtx->cr4, (uint32_t)pCtx->msrEFER));
-            else
-                Log(("HWR%d: %04X:%08X ESP=%08X IF=%d IOPL=%d CR0=%x CR4=%x EFER=%x\n", cpl, pCtx->cs,          pCtx->eip, pCtx->esp, pCtx->eflags.Bits.u1IF, pCtx->eflags.Bits.u2IOPL, (uint32_t)pCtx->cr0, (uint32_t)pCtx->cr4, (uint32_t)pCtx->msrEFER));
+        }
-        else
+        {
-            if (pCtx->eflags.Bits.u1VM)
-                Log(("HWV86-CPU%d: %08X IF=%d\n", pVCpu->idCpu, pCtx->eip, pCtx->eflags.Bits.u1IF));
-            else if (CPUMIsGuestIn64BitCodeEx(pCtx))
-                Log(("HWR%d-CPU%d: %04X:%RGv ESP=%RGv IF=%d IOPL=%d CR0=%x CR4=%x EFER=%x\n", cpl, pVCpu->idCpu, pCtx->cs, (RTGCPTR)pCtx->rip, pCtx->rsp, pCtx->eflags.Bits.u1IF, pCtx->eflags.Bits.u2IOPL, (uint32_t)pCtx->cr0, (uint32_t)pCtx->cr4, (uint32_t)pCtx->msrEFER));
-            else
-                Log(("HWR%d-CPU%d: %04X:%08X ESP=%08X IF=%d IOPL=%d CR0=%x CR4=%x EFER=%x\n", cpl, pVCpu->idCpu, pCtx->cs,          pCtx->eip, pCtx->esp, pCtx->eflags.Bits.u1IF, pCtx->eflags.Bits.u2IOPL, (uint32_t)pCtx->cr0, (uint32_t)pCtx->cr4, (uint32_t)pCtx->msrEFER));
+        }
-#endif /* LOG_ENABLED */
-        /*
-         * Execute the code.
-         */
-        STAM_PROFILE_ADV_STOP(&pVCpu->em.s.StatHwAccEntry, a);
-        STAM_PROFILE_START(&pVCpu->em.s.StatHwAccExec, x);
-        rc = VMMR3HwAccRunGC(pVM, pVCpu);
-        STAM_PROFILE_STOP(&pVCpu->em.s.StatHwAccExec, x);
-        /*
-         * Deal with high priority post execution FFs before doing anything else.
-         */
-        VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_RESUME_GUEST_MASK);
-        if (    VM_FF_ISPENDING(pVM, VM_FF_HIGH_PRIORITY_POST_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_HIGH_PRIORITY_POST_MASK))
-            rc = emR3HighPriorityPostForcedActions(pVM, pVCpu, rc);
-        /*
-         * Process the returned status code.
-         */
-        if (rc >= VINF_EM_FIRST && rc <= VINF_EM_LAST)
-            break;
-        rc = emR3HwaccmHandleRC(pVM, pVCpu, pCtx, rc);
-        if (rc != VINF_SUCCESS)
-            break;
-        /*
-         * Check and execute forced actions.
-         */
-#ifdef VBOX_HIGH_RES_TIMERS_HACK
-        TMTimerPollVoid(pVM, pVCpu);
-#endif
-        if (    VM_FF_ISPENDING(pVM, VM_FF_ALL_MASK)
-            ||  VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_ALL_MASK))
+        {
-            rc = emR3ForcedActions(pVM, pVCpu, rc);
-            if (    rc != VINF_SUCCESS
-                &&  rc != VINF_EM_RESCHEDULE_HWACC)
+            {
-                *pfFFDone = true;
-                break;
+            }
+        }
+    }
-    /*
-     * Return to outer loop.
-     */
-#if defined(LOG_ENABLED) && defined(DEBUG)
-    RTLogFlush(NULL);
-#endif
-    return rc;
+}
-/**
  * Decides whether to execute RAW, HWACC or REM.
+ *
 …
  * @param   pCtx    The CPU context.
  */
 static EMSTATE emR3Reschedule(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
+EMSTATE emR3Reschedule(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
+{
     /*
 …
  * @param   rc          The current rc.
  */
 static int emR3HighPriorityPostForcedActions(PVM pVM, PVMCPU pVCpu, int rc)
+int emR3HighPriorityPostForcedActions(PVM pVM, PVMCPU pVCpu, int rc)
+{
     if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PDM_CRITSECT))
 …
+ *
  */
 static int emR3ForcedActions(PVM pVM, PVMCPU pVCpu, int rc)
+int emR3ForcedActions(PVM pVM, PVMCPU pVCpu, int rc)
+{
     STAM_REL_PROFILE_START(&pVCpu->em.s.StatForcedActions, a);

trunk/src/VBox/VMM/EMHandleRCTmpl.h

-              r21192
+              r21196
 /*
  * Copyright (C) 2006-2007 Sun Microsystems, Inc.
+ * Copyright (C) 2006-2009 Sun Microsystems, Inc.
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
  * additional information or have any questions.
  */
+#ifndef __EMHandleRCTmpl_h__
+#define __EMHandleRCTmpl_h__
 /**
 …
  * @param   pCtx    The guest cpu context.
  */
+static int EMHANDLERC_NAME(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc)
+#ifdef EMHANDLERC_WITH_PATM
+int emR3RawHandleRC(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc)
+#elif defined(EMHANDLERC_WITH_HWACCM)
+int emR3HwaccmHandleRC(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc)
+#endif
+{
     switch (rc)
 …
             break;
+#ifdef EMHANDLERC_WITH_PATM
         /*
          * Privileged instruction.
          */
         case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
-#ifdef EMHANDLERC_WITH_PATM
         case VINF_PATM_PATCH_TRAP_GP:
-#endif
             rc = emR3RawPrivileged(pVM, pVCpu);
             break;
-        /*
-         * Got a trap which needs dispatching.
-         */
         case VINF_EM_RAW_GUEST_TRAP:
+#ifdef EMHANDLERC_WITH_PATM
+            /*
+             * Got a trap which needs dispatching.
+             */
             if (PATMR3IsInsidePatchJump(pVM, pCtx->eip, NULL))
+            {
 …
                 break;
+            }
-#endif
             rc = emR3RawGuestTrap(pVM, pVCpu);
             break;
-#ifdef EMHANDLERC_WITH_PATM
         /*
          * Trap in patch code.
 …
             rc = VINF_EM_RESCHEDULE_REM;
             break;
-#endif  /* EMHANDLERC_WITH_PATM */
         /*
 …
             rc = emR3RawRingSwitch(pVM, pVCpu);
             break;
+#endif  /* EMHANDLERC_WITH_PATM */
         /*
 …
             break;
+#ifdef EMHANDLERC_WITH_HWACCM
         /*
          * (MM)IO intensive code block detected; fall back to the recompiler for better performance
 …
             rc = HWACCMR3EmulateIoBlock(pVM, pCtx);
             break;
+#endif
 #ifdef EMHANDLERC_WITH_PATM
 …
             rc = emR3RawExecuteInstruction(pVM, pVCpu, "PD FAULT: ");
             break;
-#endif
         case VINF_EM_RAW_EMULATE_INSTR_HLT:
             /** @todo skip instruction and go directly to the halt state. (see REM for implementation details) */
             rc = emR3RawPrivileged(pVM, pVCpu);
             break;
+#endif
 #ifdef EMHANDLERC_WITH_PATM
 …
         case VINF_PATCH_EMULATE_INSTR:
+#else
+        case VINF_EM_RAW_GUEST_TRAP:
 #endif
         case VINF_EM_RAW_EMULATE_INSTR:
 …
             break;
 #ifndef EMHANDLERC_WITH_PATM
+#ifdef EMHANDLERC_WITH_HWACCM
         /*
          * Up a level, after HwAccM have done some release logging.
 …
+}
+#undef EMHANDLERC_NAME
+#undef EMHANDLERC_WITH_PATM
+#endif

trunk/src/VBox/VMM/EMInternal.h

-              r20530
+              r21196
 /** @} */
+int     emR3HwAccExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone);
+int     emR3RawExecute(PVM pVM, PVMCPU pVCpu, bool *pfFFDone);
+int     emR3RawHandleRC(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc);
+int     emR3HwaccmHandleRC(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc);
+EMSTATE emR3Reschedule(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx);
+int     emR3ForcedActions(PVM pVM, PVMCPU pVCpu, int rc);
+int     emR3HighPriorityPostForcedActions(PVM pVM, PVMCPU pVCpu, int rc);
+int     emR3RawUpdateForceFlag(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc);
+int     emR3RawResumeHyper(PVM pVM, PVMCPU pVCpu);
+int     emR3RawStep(PVM pVM, PVMCPU pVCpu);
 RT_C_DECLS_END

trunk/src/VBox/VMM/Makefile.kmk

r20998	r21196
82	82	DBGFSym.cpp \
83	83	EM.cpp \
	84	EMRaw.cpp \
	85	EMHwaccm.cpp \
84	86	IOM.cpp \
85	87	GMM.cpp \

trunk/src/VBox/VMM/VMM.cpp

-              r21094
+              r21196
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetRingSwitch,          STAMTYPE_COUNTER, "/VMM/RZRet/RingSwitch",          STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_RING_SWITCH returns.");
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetRingSwitchInt,       STAMTYPE_COUNTER, "/VMM/RZRet/RingSwitchInt",       STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_RING_SWITCH_INT returns.");
-    STAM_REG(pVM, &pVM->vmm.s.StatRZRetExceptionPrivilege,  STAMTYPE_COUNTER, "/VMM/RZRet/ExceptionPrivilege",  STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_EXCEPTION_PRIVILEGED returns.");
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetStaleSelector,       STAMTYPE_COUNTER, "/VMM/RZRet/StaleSelector",       STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_STALE_SELECTOR returns.");
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetIRETTrap,            STAMTYPE_COUNTER, "/VMM/RZRet/IRETTrap",            STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_IRET_TRAP returns.");
 …
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetPATMDuplicateFn,     STAMTYPE_COUNTER, "/VMM/RZRet/PATMDuplicateFn",     STAMUNIT_OCCURENCES, "Number of VINF_PATM_DUPLICATE_FUNCTION returns.");
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetPGMChangeMode,       STAMTYPE_COUNTER, "/VMM/RZRet/PGMChangeMode",       STAMUNIT_OCCURENCES, "Number of VINF_PGM_CHANGE_MODE returns.");
-    STAM_REG(pVM, &pVM->vmm.s.StatRZRetEmulHlt,             STAMTYPE_COUNTER, "/VMM/RZRet/EmulHlt",             STAMUNIT_OCCURENCES, "Number of VINF_EM_RAW_EMULATE_INSTR_HLT returns.");
     STAM_REG(pVM, &pVM->vmm.s.StatRZRetPendingRequest,      STAMTYPE_COUNTER, "/VMM/RZRet/PendingRequest",      STAMUNIT_OCCURENCES, "Number of VINF_EM_PENDING_REQUEST returns.");

trunk/src/VBox/VMM/VMMInternal.h

-              r20992
+              r21196
     STAMCOUNTER                 StatRZRetRingSwitch;
     STAMCOUNTER                 StatRZRetRingSwitchInt;
-    STAMCOUNTER                 StatRZRetExceptionPrivilege;
     STAMCOUNTER                 StatRZRetStaleSelector;
     STAMCOUNTER                 StatRZRetIRETTrap;
 …
     STAMCOUNTER                 StatRZRetPATMDuplicateFn;
     STAMCOUNTER                 StatRZRetPGMChangeMode;
-    STAMCOUNTER                 StatRZRetEmulHlt;
     STAMCOUNTER                 StatRZRetPendingRequest;
     STAMCOUNTER                 StatRZCallPDMLock;

trunk/src/VBox/VMM/VMMR0/HWSVMR0.cpp

r21144	r21196
2286	2286	case SVM_EXIT_MWAIT_ARMED:
2287	2287	case SVM_EXIT_TASK_SWITCH: /* can change CR3; emulate */
2288		rc = V~~INF_EM_RAW_EXCEPTION_PRIVILEGED~~;
	2288	rc = VERR_EM_INTERPRETER;
2289	2289	break;
2290	2290

trunk/src/VBox/VMM/VMMR0/HWVMXR0.cpp

-              r21144
+              r21196
     case VMX_EXIT_RSM:                  /* 17 Guest software attempted to execute RSM in SMM. */
         AssertFailed(); /* can't happen. */
         rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
+        rc = VERR_EM_INTERPRETER;
         break;
 …
     case VMX_EXIT_VMXON:                /* 27 Guest software executed VMXON. */
         /** @todo inject #UD immediately */
         rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
+        rc = VERR_EM_INTERPRETER;
         break;
 …
     case VMX_EXIT_RDMSR:                /* 31 RDMSR. Guest software attempted to execute RDMSR. */
     case VMX_EXIT_WRMSR:                /* 32 WRMSR. Guest software attempted to execute WRMSR. */
+    case VMX_EXIT_MONITOR:              /* 39 Guest software attempted to execute MONITOR. */
+    case VMX_EXIT_PAUSE:                /* 40 Guest software attempted to execute PAUSE. */
         /* Note: If we decide to emulate them here, then we must sync the MSRs that could have been changed (sysenter, fs/gs base)!!! */
         rc = VERR_EM_INTERPRETER;
-        break;
-    case VMX_EXIT_MONITOR:              /* 39 Guest software attempted to execute MONITOR. */
-    case VMX_EXIT_PAUSE:                /* 40 Guest software attempted to execute PAUSE. */
-        rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
         break;

trunk/src/VBox/VMM/VMMR0/VMMR0.cpp

-              r20984
+              r21196
         case VINF_EM_RAW_RING_SWITCH_INT:
             STAM_COUNTER_INC(&pVM->vmm.s.StatRZRetRingSwitchInt);
-            break;
-        case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
-            STAM_COUNTER_INC(&pVM->vmm.s.StatRZRetExceptionPrivilege);
             break;
         case VINF_EM_RAW_STALE_SELECTOR:
 …
             STAM_COUNTER_INC(&pVM->vmm.s.StatRZRetPGMChangeMode);
             break;
-        case VINF_EM_RAW_EMULATE_INSTR_HLT:
-            STAM_COUNTER_INC(&pVM->vmm.s.StatRZRetEmulHlt);
-            break;
         case VINF_EM_PENDING_REQUEST:
             STAM_COUNTER_INC(&pVM->vmm.s.StatRZRetPendingRequest);

Note: See TracChangeset for help on using the changeset viewer.

Changeset 21196 in vbox for trunk/src

Legend:

Download in other formats: