Changeset 40187 in vbox

Timestamp:

Feb 21, 2012 12:32:45 AM (13 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

76351

Message:

callf fixes. fxsave bounce buffering fix. Don't try fxsave output as REM is incomplete.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (11 diffs)
• VMMAll/IEMAllCImpl.cpp.h (modified) (7 diffs)
• include/IEMInternal.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -49 +49 @@
  * for FPU exception delivery, because with CR0.NE=0 there is a window where we
  * can trigger spurious FPU exceptions.
+ *
+ * The guest FPU state is not loaded into the host CPU and kept there till we
+ * leave IEM because the calling conventions have declared an all year open
+ * season on much of the FPU state.  For instance an innocent looking call to
+ * memcpy might end up using a whole bunch of XMM or MM registers if the
+ * particular implementation finds it worthwhile.
  *
  *
@@ -4233 +4239 @@
             pEvtRec->u.RamWrite.cb      = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
             memcpy(pEvtRec->u.RamWrite.ab, &pIemCpu->aBounceBuffers[iMemMap].ab[0], pIemCpu->aMemBbMappings[iMemMap].cbFirst);
+            AssertCompile(sizeof(pEvtRec->u.RamWrite.ab) == sizeof(pIemCpu->aBounceBuffers[0].ab));
             pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
             *pIemCpu->ppIemEvtRecNext = pEvtRec;
@@ -4285 +4292 @@
 
     /*
-     * Read in the current memory content if it's a read of execute access.
+     * Read in the current memory content if it's a read, execute or partial
+     * write access.
      */
     uint8_t        *pbBuf        = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
@@ -4291 +4299 @@
     uint32_t const  cbSecondPage = (uint32_t)(cbMem - cbFirstPage);
 
-    if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC))
+    if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
     {
         int rc;
@@ -4314 +4322 @@
 
 #ifdef IEM_VERIFICATION_MODE
-        if (!pIemCpu->fNoRem)
+        if (   !pIemCpu->fNoRem
+            && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
         {
             /*
@@ -4385 +4394 @@
 
     /*
-     * Read in the current memory content if it's a read of execute access.
+     * Read in the current memory content if it's a read, execute or partial
+     * write access.
      */
     uint8_t *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
-    if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC))
+    if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
     {
         if (rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED)
@@ -4404 +4414 @@
 
 #ifdef IEM_VERIFICATION_MODE
-        if (!pIemCpu->fNoRem)
+        if (   !pIemCpu->fNoRem
+            && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
         {
             /*
@@ -6860 +6871 @@
             break;
         case IEMVERIFYEVENT_RAM_WRITE:
-            RTAssertMsg2Add("RAM WRITE at %RGp, %#4zx bytes: %.*RHxs\n",
+            RTAssertMsg2Add("RAM WRITE at %RGp, %#4zx bytes: %.*Rhxs\n",
                             pEvtRec->u.RamWrite.GCPhys,
                             pEvtRec->u.RamWrite.cb,
@@ -6918 +6929 @@
 {
     uint8_t abBuf[sizeof(pEvtRec->u.RamWrite.ab)]; RT_ZERO(abBuf);
+    Assert(sizeof(abBuf) >= pEvtRec->u.RamWrite.cb);
     int rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), abBuf, pEvtRec->u.RamWrite.GCPhys, pEvtRec->u.RamWrite.cb);
     if (   RT_FAILURE(rc)
@@ -6934 +6946 @@
                 && pEvtRec->u.RamWrite.GCPhys - UINT32_C(0xfffc0000) > UINT32_C(0x40000) )
             {
-                RTAssertMsg1(NULL, __LINE__, __FILE__, __PRETTY_FUNCTION__);
-                RTAssertMsg2Weak("Memory at %RGv differs\n", pEvtRec->u.RamWrite.GCPhys);
-                RTAssertMsg2Add("REM: %.*Rhxs\n"
-                                "IEM: %.*Rhxs\n",
-                                pEvtRec->u.RamWrite.cb, abBuf,
-                                pEvtRec->u.RamWrite.cb, pEvtRec->u.RamWrite.ab);
-                iemVerifyAssertAddRecordDump(pEvtRec);
-                iemVerifyAssertMsg2(pIemCpu);
-                RTAssertPanic();
+                /* fend off fxsave */
+                if (pEvtRec->u.RamWrite.cb != 512)
+                {
+                    RTAssertMsg1(NULL, __LINE__, __FILE__, __PRETTY_FUNCTION__);
+                    RTAssertMsg2Weak("Memory at %RGv differs\n", pEvtRec->u.RamWrite.GCPhys);
+                    RTAssertMsg2Add("REM: %.*Rhxs\n"
+                                    "IEM: %.*Rhxs\n",
+                                    pEvtRec->u.RamWrite.cb, abBuf,
+                                    pEvtRec->u.RamWrite.cb, pEvtRec->u.RamWrite.ab);
+                    iemVerifyAssertAddRecordDump(pEvtRec);
+                    iemVerifyAssertMsg2(pIemCpu);
+                    RTAssertPanic();
+                }
             }
         }
@@ -7370 +7386 @@
     iemExecVerificationModeCheck(pIemCpu);
 #endif
-    LogFlow(("IEMExecOne: returns %Rrc - cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x\n",
-             VBOXSTRICTRC_VAL(rcStrict), pCtx->cs, pCtx->rip, pCtx->ss, pCtx->rsp, pCtx->eflags.u));
+    if (rcStrict != VINF_SUCCESS)
+        LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
+                 pCtx->cs, pCtx->rip, pCtx->ss, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
     return rcStrict;
 }

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -1041 +1041 @@
     VBOXSTRICTRC    rcStrict;
     uint64_t        uNewRsp;
-    void           *pvRet;
+    RTPTRUNION      uPtrRet;
 
     /*
@@ -1055 +1055 @@
         /* Check stack first - may #SS(0). */
         rcStrict = iemMemStackPushBeginSpecial(pIemCpu, enmEffOpSize == IEMMODE_32BIT ? 6 : 4,
-                                               &pvRet, &uNewRsp);
+                                               &uPtrRet.pv, &uNewRsp);
         if (rcStrict != VINF_SUCCESS)
             return rcStrict;
@@ -1066 +1066 @@
         if (enmEffOpSize == IEMMODE_16BIT)
         {
-            ((uint16_t *)pvRet)[0] = pCtx->ip + cbInstr;
-            ((uint16_t *)pvRet)[1] = pCtx->cs;
+            uPtrRet.pu16[0] = pCtx->ip + cbInstr;
+            uPtrRet.pu16[1] = pCtx->cs;
         }
         else
         {
-            ((uint32_t *)pvRet)[0] = pCtx->eip + cbInstr;
-            ((uint16_t *)pvRet)[3] = pCtx->cs;
-        }
-        rcStrict = iemMemStackPushCommitSpecial(pIemCpu, pvRet, uNewRsp);
+            uPtrRet.pu32[0] = pCtx->eip + cbInstr;
+            uPtrRet.pu16[3] = pCtx->cs;
+        }
+        rcStrict = iemMemStackPushCommitSpecial(pIemCpu, uPtrRet.pv, uNewRsp);
         if (rcStrict != VINF_SUCCESS)
             return rcStrict;
@@ -1160 +1160 @@
 
     /* Check stack first - may #SS(0). */
+    /** @todo check how operand prefix affects pushing of CS! Does callf 16:32 in
+     *        16-bit code cause a two or four byte CS to be pushed? */
     rcStrict = iemMemStackPushBeginSpecial(pIemCpu,
-                                           enmEffOpSize == IEMMODE_64BIT   ? 8+2
-                                           : enmEffOpSize == IEMMODE_32BIT ? 4+2 : 2+2,
-                                           &pvRet, &uNewRsp);
+                                           enmEffOpSize == IEMMODE_64BIT   ? 8+8
+                                           : enmEffOpSize == IEMMODE_32BIT ? 4+4 : 2+2,
+                                           &uPtrRet.pv, &uNewRsp);
     if (rcStrict != VINF_SUCCESS)
         return rcStrict;
@@ -1215 +1217 @@
     if (enmEffOpSize == IEMMODE_16BIT)
     {
-        ((uint16_t *)pvRet)[0] = pCtx->ip + cbInstr;
-        ((uint16_t *)pvRet)[1] = pCtx->cs;
+        uPtrRet.pu16[0] = pCtx->ip + cbInstr;
+        uPtrRet.pu16[1] = pCtx->cs;
     }
     else if (enmEffOpSize == IEMMODE_32BIT)
     {
-        ((uint32_t *)pvRet)[0] = pCtx->eip + cbInstr;
-        ((uint32_t *)pvRet)[1] = pCtx->cs;
+        uPtrRet.pu32[0] = pCtx->eip + cbInstr;
+        uPtrRet.pu32[1] = pCtx->cs; /** @todo Testcase: What is written to the high word when callf is pushing CS? */
     }
     else
     {
-        ((uint64_t *)pvRet)[0] = pCtx->rip + cbInstr;
-        ((uint64_t *)pvRet)[1] = pCtx->cs;
-    }
-    rcStrict = iemMemStackPushCommitSpecial(pIemCpu, pvRet, uNewRsp);
+        uPtrRet.pu64[0] = pCtx->rip + cbInstr;
+        uPtrRet.pu64[1] = pCtx->cs; /** @todo Testcase: What is written to the high words when callf is pushing CS? */
+    }
+    rcStrict = iemMemStackPushCommitSpecial(pIemCpu, uPtrRet.pv, uNewRsp);
     if (rcStrict != VINF_SUCCESS)
         return rcStrict;
@@ -3884 +3886 @@
      */
     void *pvMem512;
-    VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu, &pvMem512, 512, iEffSeg, GCPtrEff, IEM_ACCESS_DATA_W);
+    VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu, &pvMem512, 512, iEffSeg, GCPtrEff, IEM_ACCESS_DATA_W | IEM_ACCESS_PARTIAL_WRITE);
     if (rcStrict != VINF_SUCCESS)
         return rcStrict;
@@ -3938 +3940 @@
      * Commit the memory.
      */
-    rcStrict = iemMemCommitAndUnmap(pIemCpu, pvMem512, IEM_ACCESS_DATA_W);
+    rcStrict = iemMemCommitAndUnmap(pIemCpu, pvMem512, IEM_ACCESS_DATA_W | IEM_ACCESS_PARTIAL_WRITE);
     if (rcStrict != VINF_SUCCESS)
         return rcStrict;

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -157 +157 @@
             RTGCPHYS    GCPhys;
             uint32_t    cb;
-            uint8_t     ab[32];
+            uint8_t     ab[512];
         } RamWrite;
     } u;
@@ -353 +353 @@
 #define IEM_ACCESS_WHAT_SYS             UINT32_C(0x00000040)
 #define IEM_ACCESS_WHAT_MASK            UINT32_C(0x00000070)
+/** The writes are partial, so if initialize the bounce buffer with the
+ * orignal RAM content. */
+#define IEM_ACCESS_PARTIAL_WRITE        UINT32_C(0x00000100)
 /** Used in aMemMappings to indicate that the entry is bounce buffered. */
-#define IEM_ACCESS_BOUNCE_BUFFERED      UINT32_C(0x00000100)
+#define IEM_ACCESS_BOUNCE_BUFFERED      UINT32_C(0x00000200)
 /** Read+write data alias. */
 #define IEM_ACCESS_DATA_RW              (IEM_ACCESS_TYPE_READ  | IEM_ACCESS_TYPE_WRITE | IEM_ACCESS_WHAT_DATA)