Changeset 30072 in vbox for trunk

Timestamp:

Jun 7, 2010 1:54:47 PM (15 years ago)

Author:

vboxsync

Message:

VMM: Ring-0 stack on guru meditations originating with an assertion for all 32-bit targets. The symbol resolving is ugly. Dump register context as well.

Location:

trunk

Files:

• include/VBox/pdmapi.h (modified) (1 diff)
• include/VBox/vmm.h (modified) (1 diff)
• src/VBox/VMM/DBGFInternal.h (modified) (1 diff)
• src/VBox/VMM/PDMLdr.cpp (modified) (4 diffs)
• src/VBox/VMM/VMM.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMAll/PGMAllPhys.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMGuruMeditation.cpp (modified) (4 diffs)

trunk/include/VBox/pdmapi.h

@@ -104 +104 @@
                                          char *pszNearSym1, size_t cchNearSym1, PRTRCPTR pNearSym1,
                                          char *pszNearSym2, size_t cchNearSym2, PRTRCPTR pNearSym2);
+VMMR3DECL(int)  PDMR3LdrQueryR0ModFromPC(PVM pVM, RTR0PTR uPC,
+                                         char *pszModName,  size_t cchModName,  PRTR0PTR pMod,
+                                         char *pszNearSym1, size_t cchNearSym1, PRTR0PTR pNearSym1,
+                                         char *pszNearSym2, size_t cchNearSym2, PRTR0PTR pNearSym2);
 VMMR3DECL(int)  PDMR3LdrGetInterfaceSymbols(PVM pVM, void *pvInterface, size_t cbInterface,
                                             const char *pszModule, const char *pszSymPrefix,

trunk/include/VBox/vmm.h

@@ -219 +219 @@
 /** @} */
 VMMR3DECL(int)      VMMR3EmtRendezvousFF(PVM pVM, PVMCPU pVCpu);
-VMMR3DECL(int)      VMMR3ReadR0Stack(PVM pVM, VMCPUID idCpu, RTHCUINTPTR pAddress, void *pvBuf, size_t cbRead);
+VMMR3DECL(int)      VMMR3ReadR0Stack(PVM pVM, VMCPUID idCpu, RTHCUINTPTR R0Addr, void *pvBuf, size_t cbRead);
 /** @} */
 #endif /* IN_RING3 */

trunk/src/VBox/VMM/DBGFInternal.h

@@ -268 +268 @@
     /** Special address space aliases.          (Protected by hAsDbLock.) */
     RTDBGAS volatile        ahAsAliases[DBGF_AS_COUNT];
+    /** For lazily populating the aliased address spaces. */
+    bool volatile           afAsAliasPopuplated[DBGF_AS_COUNT];
+    /** Alignment padding. */
+    bool                    afAlignment[2];
 
     /** The current Guest OS digger. */

trunk/src/VBox/VMM/PDMLdr.cpp

@@ -65 +65 @@
 static char *   pdmR3FileR0(const char *pszFile);
 static char *   pdmR3File(const char *pszFile, const char *pszDefaultExt, bool fShared);
-static DECLCALLBACK(int) pdmR3QueryModFromEIPEnumSymbols(RTLDRMOD hLdrMod, const char *pszSymbol, unsigned uSymbol, RTUINTPTR Value, void *pvUser);
 
 
@@ -1038 +1037 @@
 typedef struct QMFEIPARG
 {
-    RTRCUINTPTR uPC;
+    RTINTPTR    uPC;
 
     char       *pszNearSym1;
-    size_t     cchNearSym1;
-    RTRCINTPTR  offNearSym1;
+    size_t      cchNearSym1;
+    RTINTPTR    offNearSym1;
 
     char       *pszNearSym2;
     size_t      cchNearSym2;
-    RTRCINTPTR  offNearSym2;
+    RTINTPTR    offNearSym2;
 } QMFEIPARG, *PQMFEIPARG;
 
-/**
- * Queries module information from an PC (eip/rip).
+
+/**
+ * Enumeration callback function used by RTLdrEnumSymbols().
+ *
+ * @returns VBox status code. Failure will stop the enumeration.
+ * @param   hLdrMod         The loader module handle.
+ * @param   pszSymbol       Symbol name. NULL if ordinal only.
+ * @param   uSymbol         Symbol ordinal, ~0 if not used.
+ * @param   Value           Symbol value.
+ * @param   pvUser          The user argument specified to RTLdrEnumSymbols().
+ */
+static DECLCALLBACK(int) pdmR3QueryModFromEIPEnumSymbols(RTLDRMOD hLdrMod, const char *pszSymbol, unsigned uSymbol, RTUINTPTR Value, void *pvUser)
+{
+    PQMFEIPARG pArgs = (PQMFEIPARG)pvUser;
+
+    RTINTPTR off = Value - pArgs->uPC;
+    if (off <= 0)   /* near1 is before or at same location. */
+    {
+        if (off > pArgs->offNearSym1)
+        {
+            pArgs->offNearSym1 = off;
+            if (pArgs->pszNearSym1 && pArgs->cchNearSym1)
+            {
+                *pArgs->pszNearSym1 = '\0';
+                if (pszSymbol)
+                    strncat(pArgs->pszNearSym1, pszSymbol, pArgs->cchNearSym1);
+                else
+                {
+                    char szOrd[32];
+                    RTStrPrintf(szOrd, sizeof(szOrd), "#%#x", uSymbol);
+                    strncat(pArgs->pszNearSym1, szOrd, pArgs->cchNearSym1);
+                }
+            }
+        }
+    }
+    else            /* near2 is after */
+    {
+        if (off < pArgs->offNearSym2)
+        {
+            pArgs->offNearSym2 = off;
+            if (pArgs->pszNearSym2 && pArgs->cchNearSym2)
+            {
+                *pArgs->pszNearSym2 = '\0';
+                if (pszSymbol)
+                    strncat(pArgs->pszNearSym2, pszSymbol, pArgs->cchNearSym2);
+                else
+                {
+                    char szOrd[32];
+                    RTStrPrintf(szOrd, sizeof(szOrd), "#%#x", uSymbol);
+                    strncat(pArgs->pszNearSym2, szOrd, pArgs->cchNearSym2);
+                }
+            }
+        }
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Internal worker for PDMR3LdrQueryRCModFromPC and PDMR3LdrQueryR0ModFromPC.
+ *
+ * @returns VBox status code.
+ *
+ * @param   pVM         VM handle
+ * @param   uPC         The program counter (eip/rip) to locate the module for.
+ * @param   enmType     The module type.
+ * @param   pszModName  Where to store the module name.
+ * @param   cchModName  Size of the module name buffer.
+ * @param   pMod        Base address of the module.
+ * @param   pszNearSym1 Name of the closes symbol from below.
+ * @param   cchNearSym1 Size of the buffer pointed to by pszNearSym1.
+ * @param   pNearSym1   The address of pszNearSym1.
+ * @param   pszNearSym2 Name of the closes symbol from below.
+ * @param   cchNearSym2 Size of the buffer pointed to by pszNearSym2.
+ * @param   pNearSym2   The address of pszNearSym2.
+ */
+static int pdmR3LdrQueryModFromPC(PVM pVM, RTUINTPTR uPC, PDMMODTYPE enmType,
+                                  char *pszModName,  size_t cchModName,  PRTUINTPTR pMod,
+                                  char *pszNearSym1, size_t cchNearSym1, PRTUINTPTR pNearSym1,
+                                  char *pszNearSym2, size_t cchNearSym2, PRTUINTPTR pNearSym2)
+{
+    PUVM    pUVM = pVM->pUVM;
+    int     rc   = VERR_MODULE_NOT_FOUND;
+    RTCritSectEnter(&pUVM->pdm.s.ListCritSect);
+    for (PPDMMOD pCur= pUVM->pdm.s.pModules; pCur; pCur = pCur->pNext)
+    {
+        if (pCur->eType != enmType)
+            continue;
+
+        /* The following RTLdrOpen call is a dirty hack to get ring-0 module information. */
+        RTLDRMOD hLdrMod = pCur->hLdrMod;
+        if (hLdrMod == NIL_RTLDRMOD && uPC >= pCur->ImageBase)
+        {
+            int rc2 = RTLdrOpen(pCur->szFilename, 0 /*fFlags*/, RTLDRARCH_HOST, &hLdrMod);
+            if (RT_FAILURE(rc2))
+                hLdrMod = NIL_RTLDRMOD;
+        }
+
+        if (   hLdrMod != NIL_RTLDRMOD
+            && uPC - pCur->ImageBase < RTLdrSize(hLdrMod))
+        {
+            if (pMod)
+                *pMod = pCur->ImageBase;
+            if (pszModName && cchModName)
+            {
+                *pszModName = '\0';
+                strncat(pszModName, pCur->szName, cchModName);
+            }
+            if (pNearSym1)   *pNearSym1   = 0;
+            if (pNearSym2)   *pNearSym2   = 0;
+            if (pszNearSym1) *pszNearSym1 = '\0';
+            if (pszNearSym2) *pszNearSym2 = '\0';
+
+            /*
+             * Locate the nearest symbols.
+             */
+            QMFEIPARG   Args;
+            Args.uPC         = uPC;
+            Args.pszNearSym1 = pszNearSym1;
+            Args.cchNearSym1 = cchNearSym1;
+            Args.offNearSym1 = RTINTPTR_MIN;
+            Args.pszNearSym2 = pszNearSym2;
+            Args.cchNearSym2 = cchNearSym2;
+            Args.offNearSym2 = RTINTPTR_MAX;
+
+            rc = RTLdrEnumSymbols(hLdrMod, RTLDR_ENUM_SYMBOL_FLAGS_ALL, pCur->pvBits, pCur->ImageBase,
+                                  pdmR3QueryModFromEIPEnumSymbols, &Args);
+            if (pNearSym1 && Args.offNearSym1 != RTINTPTR_MIN)
+                *pNearSym1 = Args.offNearSym1 + uPC;
+            if (pNearSym2 && Args.offNearSym2 != RTINTPTR_MAX)
+                *pNearSym2 = Args.offNearSym2 + uPC;
+
+            rc = VINF_SUCCESS;
+        }
+
+        if (hLdrMod != pCur->hLdrMod && hLdrMod != NIL_RTLDRMOD)
+            RTLdrClose(hLdrMod);
+
+        if (RT_SUCCESS(rc))
+            break;
+    }
+    RTCritSectLeave(&pUVM->pdm.s.ListCritSect);
+    return rc;
+}
+
+
+/**
+ * Queries raw-mode context module information from an PC (eip/rip).
  *
  * This is typically used to locate a crash address.
@@ -1073 +1219 @@
                                         char *pszNearSym2, size_t cchNearSym2, PRTRCPTR pNearSym2)
 {
-    PUVM    pUVM = pVM->pUVM;
-    int     rc   = VERR_MODULE_NOT_FOUND;
-    RTCritSectEnter(&pUVM->pdm.s.ListCritSect);
-    for (PPDMMOD pCur= pUVM->pdm.s.pModules; pCur; pCur = pCur->pNext)
-    {
-        /* Skip anything which isn't in GC. */
-        if (pCur->eType != PDMMOD_TYPE_RC)
-            continue;
-        if (uPC - pCur->ImageBase < RTLdrSize(pCur->hLdrMod))
-        {
-            if (pMod)
-                *pMod = pCur->ImageBase;
-            if (pszModName && cchModName)
-            {
-                *pszModName = '\0';
-                strncat(pszModName, pCur->szName, cchModName);
-            }
-            if (pNearSym1)   *pNearSym1   = 0;
-            if (pNearSym2)   *pNearSym2   = 0;
-            if (pszNearSym1) *pszNearSym1 = '\0';
-            if (pszNearSym2) *pszNearSym2 = '\0';
-
-            /*
-             * Locate the nearest symbols.
-             */
-            QMFEIPARG   Args;
-            Args.uPC         = uPC;
-            Args.pszNearSym1 = pszNearSym1;
-            Args.cchNearSym1 = cchNearSym1;
-            Args.offNearSym1 = RTRCINTPTR_MIN;
-            Args.pszNearSym2 = pszNearSym2;
-            Args.cchNearSym2 = cchNearSym2;
-            Args.offNearSym2 = RTRCINTPTR_MAX;
-
-            rc = RTLdrEnumSymbols(pCur->hLdrMod, RTLDR_ENUM_SYMBOL_FLAGS_ALL, pCur->pvBits, pCur->ImageBase,
-                                  pdmR3QueryModFromEIPEnumSymbols, &Args);
-            if (pNearSym1 && Args.offNearSym1 != INT_MIN)
-                *pNearSym1 = Args.offNearSym1 + uPC;
-            if (pNearSym2 && Args.offNearSym2 != INT_MAX)
-                *pNearSym2 = Args.offNearSym2 + uPC;
-
-            rc = VINF_SUCCESS;
-            if (pCur->eType == PDMMOD_TYPE_RC)
-                break;
-        }
-
-    }
-    RTCritSectLeave(&pUVM->pdm.s.ListCritSect);
+    RTUINTPTR AddrMod   = 0;
+    RTUINTPTR AddrNear1 = 0;
+    RTUINTPTR AddrNear2 = 0;
+    int rc = pdmR3LdrQueryModFromPC(pVM, uPC, PDMMOD_TYPE_RC,
+                                    pszModName,  cchModName,  &AddrMod,
+                                    pszNearSym1, cchNearSym1, &AddrNear1,
+                                    pszNearSym2, cchNearSym2, &AddrNear2);
+    if (RT_SUCCESS(rc))
+    {
+        if (pMod)
+            *pMod      = (RTRCPTR)AddrMod;
+        if (pNearSym1)
+            *pNearSym1 = (RTRCPTR)AddrNear1;
+        if (pNearSym2)
+            *pNearSym2 = (RTRCPTR)AddrNear2;
+    }
     return rc;
 }
@@ -1126 +1240 @@
 
 /**
- * Enumeration callback function used by RTLdrEnumSymbols().
- *
- * @returns VBox status code. Failure will stop the enumeration.
- * @param   hLdrMod         The loader module handle.
- * @param   pszSymbol       Symbol name. NULL if ordinal only.
- * @param   uSymbol         Symbol ordinal, ~0 if not used.
- * @param   Value           Symbol value.
- * @param   pvUser          The user argument specified to RTLdrEnumSymbols().
- */
-static DECLCALLBACK(int) pdmR3QueryModFromEIPEnumSymbols(RTLDRMOD hLdrMod, const char *pszSymbol, unsigned uSymbol, RTUINTPTR Value, void *pvUser)
-{
-    PQMFEIPARG pArgs = (PQMFEIPARG)pvUser;
-
-    RTINTPTR off = Value - pArgs->uPC;
-    if (off <= 0)   /* near1 is before or at same location. */
-    {
-        if (off > pArgs->offNearSym1)
-        {
-            pArgs->offNearSym1 = off;
-            if (pArgs->pszNearSym1 && pArgs->cchNearSym1)
-            {
-                *pArgs->pszNearSym1 = '\0';
-                if (pszSymbol)
-                    strncat(pArgs->pszNearSym1, pszSymbol, pArgs->cchNearSym1);
-                else
-                {
-                    char szOrd[32];
-                    RTStrPrintf(szOrd, sizeof(szOrd), "#%#x", uSymbol);
-                    strncat(pArgs->pszNearSym1, szOrd, pArgs->cchNearSym1);
-                }
-            }
-        }
-    }
-    else            /* near2 is after */
-    {
-        if (off < pArgs->offNearSym2)
-        {
-            pArgs->offNearSym2 = off;
-            if (pArgs->pszNearSym2 && pArgs->cchNearSym2)
-            {
-                *pArgs->pszNearSym2 = '\0';
-                if (pszSymbol)
-                    strncat(pArgs->pszNearSym2, pszSymbol, pArgs->cchNearSym2);
-                else
-                {
-                    char szOrd[32];
-                    RTStrPrintf(szOrd, sizeof(szOrd), "#%#x", uSymbol);
-                    strncat(pArgs->pszNearSym2, szOrd, pArgs->cchNearSym2);
-                }
-            }
-        }
-    }
-
-    return VINF_SUCCESS;
+ * Queries ring-0 context module information from an PC (eip/rip).
+ *
+ * This is typically used to locate a crash address.
+ *
+ * @returns VBox status code.
+ *
+ * @param   pVM         VM handle
+ * @param   uPC         The program counter (eip/rip) to locate the module for.
+ * @param   pszModName  Where to store the module name.
+ * @param   cchModName  Size of the module name buffer.
+ * @param   pMod        Base address of the module.
+ * @param   pszNearSym1 Name of the closes symbol from below.
+ * @param   cchNearSym1 Size of the buffer pointed to by pszNearSym1.
+ * @param   pNearSym1   The address of pszNearSym1.
+ * @param   pszNearSym2 Name of the closes symbol from below.
+ * @param   cchNearSym2 Size of the buffer pointed to by pszNearSym2. Optional.
+ * @param   pNearSym2   The address of pszNearSym2. Optional.
+ */
+VMMR3DECL(int) PDMR3LdrQueryR0ModFromPC(PVM pVM, RTR0PTR uPC,
+                                        char *pszModName,  size_t cchModName,  PRTR0PTR pMod,
+                                        char *pszNearSym1, size_t cchNearSym1, PRTR0PTR pNearSym1,
+                                        char *pszNearSym2, size_t cchNearSym2, PRTR0PTR pNearSym2)
+{
+    RTUINTPTR AddrMod   = 0;
+    RTUINTPTR AddrNear1 = 0;
+    RTUINTPTR AddrNear2 = 0;
+    int rc = pdmR3LdrQueryModFromPC(pVM, uPC, PDMMOD_TYPE_R0,
+                                    pszModName,  cchModName,  &AddrMod,
+                                    pszNearSym1, cchNearSym1, &AddrNear1,
+                                    pszNearSym2, cchNearSym2, &AddrNear2);
+    if (RT_SUCCESS(rc))
+    {
+        if (pMod)
+            *pMod      = (RTR0PTR)AddrMod;
+        if (pNearSym1)
+            *pNearSym1 = (RTR0PTR)AddrNear1;
+        if (pNearSym2)
+            *pNearSym2 = (RTR0PTR)AddrNear2;
+    }
+    return rc;
 }
 

trunk/src/VBox/VMM/VMM.cpp

@@ -1779 +1779 @@
  * @param   pVM             Pointer to the shared VM structure.
  * @param   idCpu           The ID of the source CPU context (for the address).
- * @param   pAddress        Where to start reading.
+ * @param   R0Addr          Where to start reading.
  * @param   pvBuf           Where to store the data we've read.
  * @param   cbRead          The number of bytes to read.
  */
-VMMR3DECL(int) VMMR3ReadR0Stack(PVM pVM, VMCPUID idCpu, RTHCUINTPTR pAddress, void *pvBuf, size_t cbRead)
-{
-    PVMCPU  pVCpu   = VMMGetCpuById(pVM, idCpu);
+VMMR3DECL(int) VMMR3ReadR0Stack(PVM pVM, VMCPUID idCpu, RTHCUINTPTR R0Addr, void *pvBuf, size_t cbRead)
+{
+    PVMCPU pVCpu = VMMGetCpuById(pVM, idCpu);
     AssertReturn(pVCpu, VERR_INVALID_PARAMETER);
 
-    RTHCUINTPTR offset = pVCpu->vmm.s.CallRing3JmpBufR0.SpCheck - pAddress;
-    if (offset >= pVCpu->vmm.s.CallRing3JmpBufR0.cbSavedStack)
+#ifdef VMM_R0_SWITCH_STACK
+    RTHCUINTPTR off = R0Addr - MMHyperCCToR0(pVM, pVCpu->vmm.s.pbEMTStackR3);
+#else
+    RTHCUINTPTR off = pVCpu->vmm.s.CallRing3JmpBufR0.cbSavedStack - (pVCpu->vmm.s.CallRing3JmpBufR0.SpCheck - R0Addr);
+#endif
+    if (   off          >  VMM_STACK_SIZE
+        || off + cbRead >= VMM_STACK_SIZE)
         return VERR_INVALID_POINTER;
 
-    memcpy(pvBuf, pVCpu->vmm.s.pbEMTStackR3 + pVCpu->vmm.s.CallRing3JmpBufR0.cbSavedStack - offset, cbRead);
+    memcpy(pvBuf, &pVCpu->vmm.s.pbEMTStackR3[off], cbRead);
     return VINF_SUCCESS;
 }
@@ -2127 +2132 @@
 #else
             pVCpu->vmm.s.CallRing3JmpBufR0.rip = 0;
+#endif
+#ifdef VMM_R0_SWITCH_STACK
+            *(uint64_t *)pVCpu->vmm.s.pbEMTStackR3 = 0; /* clear marker  */
 #endif
             LogRel((pVM->vmm.s.szRing0AssertMsg1));

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -1245 +1245 @@
 VMMDECL(int) PGMPhysGCPhys2CCPtr(PVM pVM, RTGCPHYS GCPhys, void **ppv, PPGMPAGEMAPLOCK pLock)
 {
+#if !(defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)) // for provoking guru - DO NOT COMMIT THIS!
     int rc = pgmLock(pVM);
     AssertRCReturn(rc, rc);
+#else
+    int rc;
+#endif
 
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
@@ -1325 +1329 @@
 
 #endif /* IN_RING3 || IN_RING0 */
+#if !(defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)) // for provoking guru - DO NOT COMMIT THIS!
     pgmUnlock(pVM);
+#endif
     return rc;
 }

trunk/src/VBox/VMM/VMMGuruMeditation.cpp

@@ -250 +250 @@
                 ||  strchr(pszMsg2, '\0')[-1] != '\n')
                 pHlp->pfnPrintf(pHlp, "\n");
-            pHlp->pfnPrintf(pHlp, "!!\n");
             /* fall thru */
         }
@@ -288 +287 @@
 
             /*
-             * The hypervisor dump is not relevant when we're in VT-x/AMD-V mode.
+             * Dump the relevant hypervisor registers and stack.
              */
             if (HWACCMIsEnabled(pVM))
             {
-                pHlp->pfnPrintf(pHlp, "\n");
-#if defined(RT_OS_WINDOWS) && HC_ARCH_BITS == 32
+                if (   rcErr == VERR_VMM_RING0_ASSERTION /* fInRing3Call has already been cleared here. */
+                    || pVCpu->vmm.s.CallRing3JmpBufR0.fInRing3Call)
+                {
+                    /* Dump the jmpbuf.  */
+                    pHlp->pfnPrintf(pHlp,
+                                    "!!\n"
+                                    "!! CallRing3JmpBuf:\n"
+                                    "!!\n");
+                    pHlp->pfnPrintf(pHlp,
+                                    "SavedEsp=%RHv SavedEbp=%RHv SpResume=%RHv SpCheck=%RHv fInRing3Call=%RTbool\n",
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.SavedEsp,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.SpResume,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.SpCheck,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.fInRing3Call);
+                    pHlp->pfnPrintf(pHlp,
+                                    "pvSavedStack=%RHv SavedEbp=%RX32 SpResume=%RHv SpCheck=%RHv\n",
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.pvSavedStack,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.cbSavedStack);
+                    pHlp->pfnPrintf(pHlp,
+                                    "cbUsedMax=%#4x cbUsedAvg=%#4x cbUsedTotal=%#llx cUsedTotal=%#llx\n",
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.cbUsedMax,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.cbUsedAvg,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.cbUsedTotal,
+                                    pVCpu->vmm.s.CallRing3JmpBufR0.cUsedTotal);
+
+                    /* Dump the resume register frame on the stack. */
+                    PRTHCUINTPTR pBP;
+#ifdef VMM_R0_SWITCH_STACK
+                    pBP = (PRTHCUINTPTR)&pVCpu->vmm.s.pbEMTStackR3[  pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp
+                                                                   - MMHyperCCToR0(pVM, pVCpu->vmm.s.pbEMTStackR3)];
+#else
+                    pBP = (PRTHCUINTPTR)&pVCpu->vmm.s.pbEMTStackR3[  pVCpu->vmm.s.CallRing3JmpBufR0.cbSavedStack
+                                                                   - pVCpu->vmm.s.CallRing3JmpBufR0.SpCheck
+                                                                   + pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp];
+#endif
+#if HC_ARCH_BITS == 32
+                    pHlp->pfnPrintf(pHlp,
+                                    "eax=volatile ebx=%08x ecx=volatile edx=volatile esi=%08x edi=%08x\n"
+                                    "eip=%08x esp=%08x ebp=%08x efl=%08x\n"
+                                    ,
+                                    pBP[-3], pBP[-2], pBP[-1],
+                                    pBP[1], pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp - 8, pBP[0], pBP[-4]);
+#else
+# ifdef RT_OS_WINDOWS
+                    pHlp->pfnPrintf(pHlp,
+                                    "rax=volatile         rbx=%016RX64 rcx=volatile         rdx=volatile\n"
+                                    "rsi=%016RX64 rdi=%016RX64  r8=volatile          r9=volatile        \n"
+                                    "r10=volatile         r11=volatile         r12=%016RX64 r13=%016RX64\n"
+                                    "r14=%016RX64 r15=%016RX64\n"
+                                    "rip=%016RX64 rsp=%016RX64 rbp=%016RX64 rfl=%08RX64\n"
+                                    ,
+                                    pBP[-7],
+                                    pBP[-6], pBP[-5],
+                                    pBP[-4], pBP[-3],
+                                    pBP[-2], pBP[-1],
+                                    pBP[1], pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp - 16, pBP[0], pBP[-8]);
+# else
+                    pHlp->pfnPrintf(pHlp,
+                                    "rax=volatile         rbx=%016RX64 rcx=volatile         rdx=volatile\n"
+                                    "rsi=volatile         rdi=volatile          r8=volatile          r9=volatile        \n"
+                                    "r10=volatile         r11=volatile         r12=%016RX64 r13=%016RX64\n"
+                                    "r14=%016RX64 r15=%016RX64\n"
+                                    "rip=%016RX64 rsp=%016RX64 rbp=%016RX64 rflags=%08RX64\n"
+                                    ,
+                                    pBP[-5],
+                                    pBP[-4], pBP[-3],
+                                    pBP[-2], pBP[-1],
+                                    pBP[1], pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp - 16, pBP[0], pBP[-6]);
+# endif
+#endif
+
+#if HC_ARCH_BITS == 32
+                    /* Callstack. */
+                    DBGFADDRESS pc;
+                    pc.fFlags    = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
+# if HC_ARCH_BITS == 64
+                    pc.FlatPtr   = pc.off = pVCpu->vmm.s.CallRing3JmpBufR0.rip;
+# else
+                    pc.FlatPtr   = pc.off = pVCpu->vmm.s.CallRing3JmpBufR0.eip;
+# endif
+                    pc.Sel       = DBGF_SEL_FLAT;
+
+                    DBGFADDRESS ebp;
+                    ebp.fFlags   = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
+                    ebp.FlatPtr  = ebp.off = pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp;
+                    ebp.Sel      = DBGF_SEL_FLAT;
+
+                    DBGFADDRESS esp;
+                    esp.fFlags   = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
+                    esp.Sel      = DBGF_SEL_FLAT;
+                    esp.FlatPtr  = esp.off = pVCpu->vmm.s.CallRing3JmpBufR0.SavedEsp;
+
+                    PCDBGFSTACKFRAME pFirstFrame;
+                    rc2 = DBGFR3StackWalkBeginEx(pVM, pVCpu->idCpu, DBGFCODETYPE_RING0, &ebp, &esp, &pc,
+                                                 DBGFRETURNTYPE_INVALID, &pFirstFrame);
+                    if (RT_SUCCESS(rc2))
+                    {
+                        pHlp->pfnPrintf(pHlp,
+                                        "!!\n"
+                                        "!! Call Stack:\n"
+                                        "!!\n"
+                                        "EBP      Ret EBP  Ret CS:EIP    Arg0     Arg1     Arg2     Arg3     CS:EIP        Symbol [line]\n");
+                        for (PCDBGFSTACKFRAME pFrame = pFirstFrame;
+                             pFrame;
+                             pFrame = DBGFR3StackWalkNext(pFrame))
+                        {
+                            pHlp->pfnPrintf(pHlp,
+                                            "%08RX32 %08RX32 %04RX32:%08RX32 %08RX32 %08RX32 %08RX32 %08RX32",
+                                            (uint32_t)pFrame->AddrFrame.off,
+                                            (uint32_t)pFrame->AddrReturnFrame.off,
+                                            (uint32_t)pFrame->AddrReturnPC.Sel,
+                                            (uint32_t)pFrame->AddrReturnPC.off,
+                                            pFrame->Args.au32[0],
+                                            pFrame->Args.au32[1],
+                                            pFrame->Args.au32[2],
+                                            pFrame->Args.au32[3]);
+                            pHlp->pfnPrintf(pHlp, " %RTsel:%08RGv", pFrame->AddrPC.Sel, pFrame->AddrPC.off);
+                            if (pFrame->pSymPC)
+                            {
+                                RTGCINTPTR offDisp = pFrame->AddrPC.FlatPtr - pFrame->pSymPC->Value;
+                                if (offDisp > 0)
+                                    pHlp->pfnPrintf(pHlp, " %s+%llx", pFrame->pSymPC->szName, (int64_t)offDisp);
+                                else if (offDisp < 0)
+                                    pHlp->pfnPrintf(pHlp, " %s-%llx", pFrame->pSymPC->szName, -(int64_t)offDisp);
+                                else
+                                    pHlp->pfnPrintf(pHlp, " %s", pFrame->pSymPC->szName);
+                            }
+                            if (pFrame->pLinePC)
+                                pHlp->pfnPrintf(pHlp, " [%s @ 0i%d]", pFrame->pLinePC->szFilename, pFrame->pLinePC->uLineNo);
+                            pHlp->pfnPrintf(pHlp, "\n");
+                        }
+                        DBGFR3StackWalkEnd(pFirstFrame);
+                    }
+#endif /* defined(RT_OS_WINDOWS) && HC_ARCH_BITS == 32 */
+
+                    /* raw stack */
+                    pHlp->pfnPrintf(pHlp,
+                                    "!!\n"
+                                    "!! Raw stack (mind the direction). \n"
+                                    "!! pbEMTStackR0=%RHv pbEMTStackBottomR0=%RHv VMM_STACK_SIZE=%#x\n"
+                                    "!!\n"
+                                    "%.*Rhxd\n",
+                                    MMHyperCCToR0(pVM, pVCpu->vmm.s.pbEMTStackR3),
+                                    MMHyperCCToR0(pVM, pVCpu->vmm.s.pbEMTStackR3) + VMM_STACK_SIZE,
+                                    VMM_STACK_SIZE,
+                                    VMM_STACK_SIZE, pVCpu->vmm.s.pbEMTStackR3);
+                }
+                else
+                {
+                    pHlp->pfnPrintf(pHlp,
+                                    "!! Skipping ring-0 registers and stack, rcErr=%Rrc\n", rcErr);
+                }
+            }
+            else
+            {
+                /*
+                 * Try figure out where eip is.
+                 */
+                /* core code? */
+                if (uEIP - (RTGCUINTPTR)pVM->vmm.s.pvCoreCodeRC < pVM->vmm.s.cbCoreCode)
+                    pHlp->pfnPrintf(pHlp,
+                                "!! EIP is in CoreCode, offset %#x\n",
+                                uEIP - (RTGCUINTPTR)pVM->vmm.s.pvCoreCodeRC);
+                else
+                {   /* ask PDM */  /** @todo ask DBGFR3Sym later? */
+                    char        szModName[64];
+                    RTRCPTR     RCPtrMod;
+                    char        szNearSym1[260];
+                    RTRCPTR     RCPtrNearSym1;
+                    char        szNearSym2[260];
+                    RTRCPTR     RCPtrNearSym2;
+                    int rc = PDMR3LdrQueryRCModFromPC(pVM, uEIP,
+                                                      &szModName[0],  sizeof(szModName),  &RCPtrMod,
+                                                      &szNearSym1[0], sizeof(szNearSym1), &RCPtrNearSym1,
+                                                      &szNearSym2[0], sizeof(szNearSym2), &RCPtrNearSym2);
+                    if (RT_SUCCESS(rc))
+                        pHlp->pfnPrintf(pHlp,
+                                        "!! EIP in %s (%RRv) at rva %x near symbols:\n"
+                                        "!!    %RRv rva %RRv off %08x  %s\n"
+                                        "!!    %RRv rva %RRv off -%08x %s\n",
+                                        szModName,  RCPtrMod, (unsigned)(uEIP - RCPtrMod),
+                                        RCPtrNearSym1, RCPtrNearSym1 - RCPtrMod, (unsigned)(uEIP - RCPtrNearSym1), szNearSym1,
+                                        RCPtrNearSym2, RCPtrNearSym2 - RCPtrMod, (unsigned)(RCPtrNearSym2 - uEIP), szNearSym2);
+                    else
+                        pHlp->pfnPrintf(pHlp,
+                                        "!! EIP is not in any code known to VMM!\n");
+                }
+
+                /* Disassemble the instruction. */
+                char szInstr[256];
+                rc2 = DBGFR3DisasInstrEx(pVM, pVCpu->idCpu, 0, 0, DBGF_DISAS_FLAGS_CURRENT_HYPER, &szInstr[0], sizeof(szInstr), NULL);
+                if (RT_SUCCESS(rc2))
+                    pHlp->pfnPrintf(pHlp,
+                                    "!! %s\n", szInstr);
+
+                /* Dump the hypervisor cpu state. */
+                pHlp->pfnPrintf(pHlp,
+                                "!!\n"
+                                "!!\n"
+                                "!!\n");
+                rc2 = DBGFR3Info(pVM, "cpumhyper", "verbose", pHlp);
+                fDoneHyper = true;
+
                 /* Callstack. */
                 PCDBGFSTACKFRAME pFirstFrame;
-                DBGFADDRESS eip, ebp, esp;
-
-                eip.fFlags   = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
-#if HC_ARCH_BITS == 64
-                eip.FlatPtr = eip.off = pVCpu->vmm.s.CallRing3JmpBufR0.rip;
-#else
-                eip.FlatPtr = eip.off = pVCpu->vmm.s.CallRing3JmpBufR0.eip;
-#endif
-                eip.Sel      = DBGF_SEL_FLAT;
-                ebp.fFlags   = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
-                ebp.FlatPtr  = ebp.off = pVCpu->vmm.s.CallRing3JmpBufR0.SavedEbp;
-                ebp.Sel      = DBGF_SEL_FLAT;
-                esp.fFlags   = DBGFADDRESS_FLAGS_RING0 | DBGFADDRESS_FLAGS_VALID;
-                esp.Sel      = DBGF_SEL_FLAT;
-                esp.FlatPtr  = esp.off = pVCpu->vmm.s.CallRing3JmpBufR0.SavedEsp;
-
-                rc2 = DBGFR3StackWalkBeginEx(pVM, pVCpu->idCpu, DBGFCODETYPE_RING0, &ebp, &esp, &eip,
-                                             DBGFRETURNTYPE_INVALID, &pFirstFrame);
+                rc2 = DBGFR3StackWalkBegin(pVM, pVCpu->idCpu, DBGFCODETYPE_HYPER, &pFirstFrame);
                 if (RT_SUCCESS(rc2))
                 {
@@ -352 +536 @@
                     DBGFR3StackWalkEnd(pFirstFrame);
                 }
-#endif /* defined(RT_OS_WINDOWS) && HC_ARCH_BITS == 32 */
-            }
-            else
-            {
-                /*
-                 * Try figure out where eip is.
-                 */
-                /* core code? */
-                if (uEIP - (RTGCUINTPTR)pVM->vmm.s.pvCoreCodeRC < pVM->vmm.s.cbCoreCode)
-                    pHlp->pfnPrintf(pHlp,
-                                "!! EIP is in CoreCode, offset %#x\n",
-                                uEIP - (RTGCUINTPTR)pVM->vmm.s.pvCoreCodeRC);
-                else
-                {   /* ask PDM */  /** @todo ask DBGFR3Sym later? */
-                    char        szModName[64];
-                    RTRCPTR     RCPtrMod;
-                    char        szNearSym1[260];
-                    RTRCPTR     RCPtrNearSym1;
-                    char        szNearSym2[260];
-                    RTRCPTR     RCPtrNearSym2;
-                    int rc = PDMR3LdrQueryRCModFromPC(pVM, uEIP,
-                                                      &szModName[0],  sizeof(szModName),  &RCPtrMod,
-                                                      &szNearSym1[0], sizeof(szNearSym1), &RCPtrNearSym1,
-                                                      &szNearSym2[0], sizeof(szNearSym2), &RCPtrNearSym2);
-                    if (RT_SUCCESS(rc))
-                        pHlp->pfnPrintf(pHlp,
-                                        "!! EIP in %s (%RRv) at rva %x near symbols:\n"
-                                        "!!    %RRv rva %RRv off %08x  %s\n"
-                                        "!!    %RRv rva %RRv off -%08x %s\n",
-                                        szModName,  RCPtrMod, (unsigned)(uEIP - RCPtrMod),
-                                        RCPtrNearSym1, RCPtrNearSym1 - RCPtrMod, (unsigned)(uEIP - RCPtrNearSym1), szNearSym1,
-                                        RCPtrNearSym2, RCPtrNearSym2 - RCPtrMod, (unsigned)(RCPtrNearSym2 - uEIP), szNearSym2);
-                    else
-                        pHlp->pfnPrintf(pHlp,
-                                        "!! EIP is not in any code known to VMM!\n");
-                }
-
-                /* Disassemble the instruction. */
-                char szInstr[256];
-                rc2 = DBGFR3DisasInstrEx(pVM, pVCpu->idCpu, 0, 0, DBGF_DISAS_FLAGS_CURRENT_HYPER, &szInstr[0], sizeof(szInstr), NULL);
-                if (RT_SUCCESS(rc2))
-                    pHlp->pfnPrintf(pHlp,
-                                    "!! %s\n", szInstr);
-
-                /* Dump the hypervisor cpu state. */
-                pHlp->pfnPrintf(pHlp,
-                                "!!\n"
-                                "!!\n"
-                                "!!\n");
-                rc2 = DBGFR3Info(pVM, "cpumhyper", "verbose", pHlp);
-                fDoneHyper = true;
-
-                /* Callstack. */
-                PCDBGFSTACKFRAME pFirstFrame;
-                rc2 = DBGFR3StackWalkBegin(pVM, pVCpu->idCpu, DBGFCODETYPE_HYPER, &pFirstFrame);
-                if (RT_SUCCESS(rc2))
-                {
-                    pHlp->pfnPrintf(pHlp,
-                                    "!!\n"
-                                    "!! Call Stack:\n"
-                                    "!!\n"
-                                    "EBP      Ret EBP  Ret CS:EIP    Arg0     Arg1     Arg2     Arg3     CS:EIP        Symbol [line]\n");
-                    for (PCDBGFSTACKFRAME pFrame = pFirstFrame;
-                         pFrame;
-                         pFrame = DBGFR3StackWalkNext(pFrame))
-                    {
-                        pHlp->pfnPrintf(pHlp,
-                                        "%08RX32 %08RX32 %04RX32:%08RX32 %08RX32 %08RX32 %08RX32 %08RX32",
-                                        (uint32_t)pFrame->AddrFrame.off,
-                                        (uint32_t)pFrame->AddrReturnFrame.off,
-                                        (uint32_t)pFrame->AddrReturnPC.Sel,
-                                        (uint32_t)pFrame->AddrReturnPC.off,
-                                        pFrame->Args.au32[0],
-                                        pFrame->Args.au32[1],
-                                        pFrame->Args.au32[2],
-                                        pFrame->Args.au32[3]);
-                        pHlp->pfnPrintf(pHlp, " %RTsel:%08RGv", pFrame->AddrPC.Sel, pFrame->AddrPC.off);
-                        if (pFrame->pSymPC)
-                        {
-                            RTGCINTPTR offDisp = pFrame->AddrPC.FlatPtr - pFrame->pSymPC->Value;
-                            if (offDisp > 0)
-                                pHlp->pfnPrintf(pHlp, " %s+%llx", pFrame->pSymPC->szName, (int64_t)offDisp);
-                            else if (offDisp < 0)
-                                pHlp->pfnPrintf(pHlp, " %s-%llx", pFrame->pSymPC->szName, -(int64_t)offDisp);
-                            else
-                                pHlp->pfnPrintf(pHlp, " %s", pFrame->pSymPC->szName);
-                        }
-                        if (pFrame->pLinePC)
-                            pHlp->pfnPrintf(pHlp, " [%s @ 0i%d]", pFrame->pLinePC->szFilename, pFrame->pLinePC->uLineNo);
-                        pHlp->pfnPrintf(pHlp, "\n");
-                    }
-                    DBGFR3StackWalkEnd(pFirstFrame);
-                }
 
                 /* raw stack */
@@ -519 +610 @@
      */
     vmmR3FatalDumpInfoHlpDelete(&Hlp);
-
-    /*
-     * Reset the ring-0 long jump buffer and stack.
-     */
-    pVCpu->vmm.s.CallRing3JmpBufR0.fInRing3Call = 0;
-#ifdef RT_ARCH_X86
-    pVCpu->vmm.s.CallRing3JmpBufR0.eip          = 0;
-#else
-    pVCpu->vmm.s.CallRing3JmpBufR0.rip          = 0;
-#endif
-    *(uint64_t *)pVCpu->vmm.s.pbEMTStackR3      = 0; /* clear marker  */
 }