Changeset 42704 in vbox for trunk

Timestamp:

Aug 9, 2012 8:03:21 AM (12 years ago)

Author:

vboxsync

Message:

IEM: Eflags fixes, added API variants that bypasses access handlers, ...

Location:

trunk

Files:

• include/VBox/vmm/iem.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (40 diffs)
• src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h (modified) (22 diffs)
• src/VBox/VMM/include/IEMInternal.h (modified) (1 diff)

trunk/include/VBox/vmm/iem.h

@@ -43 +43 @@
 VMMDECL(VBOXSTRICTRC)       IEMExecOneWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
                                                          const void *pvOpcodeBytes, size_t cbOpcodeBytes);
+VMMDECL(VBOXSTRICTRC)       IEMExecOneBypassEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten);
+VMMDECL(VBOXSTRICTRC)       IEMExecOneBypassWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
+                                                               const void *pvOpcodeBytes, size_t cbOpcodeBytes);
 VMMDECL(VBOXSTRICTRC)       IEMExecLots(PVMCPU pVCpu);
 VMM_INT_DECL(VBOXSTRICTRC)  IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2);

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -173 +173 @@
 *   Defined Constants And Macros                                               *
 *******************************************************************************/
+/** @def IEM_LOG_MEMORY_ACCESS
+ * Can be used to log memory accesses when debugging problematic guest behavior. */
+#if 0
+# define IEM_LOG_MEMORY_ACCESS
+#endif
+
 /** @name IEM status codes.
  *
@@ -709 +715 @@
  *
  * @param   pIemCpu             The per CPU IEM state.
- */
-DECLINLINE(void) iemInitDecoder(PIEMCPU pIemCpu)
+ * @param   fBypassHandlers     Whether to bypass access handlers.
+ */
+DECLINLINE(void) iemInitDecoder(PIEMCPU pIemCpu, bool fBypassHandlers)
 {
     PCPUMCTX pCtx  = pIemCpu->CTX_SUFF(pCtx);
@@ -754 +761 @@
     pIemCpu->iNextMapping       = 0;
     pIemCpu->rcPassUp           = VINF_SUCCESS;
+    pIemCpu->fBypassHandlers    = fBypassHandlers;
+
 }
 
@@ -762 +771 @@
  * @returns Strict VBox status code.
  * @param   pIemCpu             The IEM state.
- */
-static VBOXSTRICTRC iemInitDecoderAndPrefetchOpcodes(PIEMCPU pIemCpu)
+ * @param   fBypassHandlers     Whether to bypass access handlers.
+ */
+static VBOXSTRICTRC iemInitDecoderAndPrefetchOpcodes(PIEMCPU pIemCpu, bool fBypassHandlers)
 {
 #ifdef IEM_VERIFICATION_MODE
     uint8_t const cbOldOpcodes = pIemCpu->cbOpcode;
 #endif
-    iemInitDecoder(pIemCpu);
+    iemInitDecoder(pIemCpu, fBypassHandlers);
 
     /*
@@ -796 +806 @@
     }
 
+#if defined(IN_RC) && defined(VBOX_WITH_RAW_MODE)
+    /* Allow interpretation of patch manager code blocks since they can for
+       instance throw #PFs for perfectly good reasons. */
+    if (   (pCtx->cs.Sel & X86_SEL_RPL) == 1
+        && PATMIsPatchGCAddr(IEMCPU_TO_VM(pIemCpu), GCPtrPC))
+    {
+        uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
+        if (cbToTryRead > cbLeftOnPage)
+            cbToTryRead = cbLeftOnPage;
+        if (cbToTryRead > sizeof(pIemCpu->abOpcode))
+            cbToTryRead = sizeof(pIemCpu->abOpcode);
+        memcpy(pIemCpu->abOpcode, (void const *)(uintptr_t)GCPtrPC, cbToTryRead);
+        pIemCpu->cbOpcode = cbToTryRead;
+        return VINF_SUCCESS;
+    }
+#endif
+
     RTGCPHYS    GCPhys;
     uint64_t    fFlags;
@@ -801 +828 @@
     if (RT_FAILURE(rc))
     {
-#if defined(IN_RC) && defined(VBOX_WITH_RAW_MODE)
-        /* Allow interpretation of patch manager code blocks since they can for
-           instance throw #PFs for perfectly good reasons. */
-        if (   (pCtx->cs.Sel & X86_SEL_RPL) == 1
-            && PATMIsPatchGCAddr(IEMCPU_TO_VM(pIemCpu), GCPtrPC))
-        {
-            uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
-            if (cbToTryRead > cbLeftOnPage)
-                cbToTryRead = cbLeftOnPage;
-            if (cbToTryRead > sizeof(pIemCpu->abOpcode))
-                cbToTryRead = sizeof(pIemCpu->abOpcode);
-            memcpy(pIemCpu->abOpcode, (void const *)(uintptr_t)GCPtrPC, cbToTryRead);
-            pIemCpu->cbOpcode = cbToTryRead;
-            return VINF_SUCCESS;
-        }
-#endif
         Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - rc=%Rrc\n", GCPtrPC, rc));
         return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, rc);
@@ -863 +874 @@
     /** @todo PATM: Read original, unpatched bytes? EMAll.cpp doesn't seem to be
      *        doing that. */
-    if (!pIemCpu->fByPassHandlers)
+    if (!pIemCpu->fBypassHandlers)
         rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhys, pIemCpu->abOpcode, cbToTryRead);
     else
@@ -870 +881 @@
     {
         /** @todo status code handling */
-        Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - read error - rc=%Rrc (!!)\n", GCPtrPC, rc));
+        Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rc=%Rrc (!!)\n",
+             GCPtrPC, GCPhys, rc, cbToTryRead));
         return rc;
     }
@@ -953 +965 @@
         cbToTryRead = sizeof(pIemCpu->abOpcode) - pIemCpu->cbOpcode;
     Assert(cbToTryRead >= cbMin - cbLeft);
-    if (!pIemCpu->fByPassHandlers)
+    if (!pIemCpu->fBypassHandlers)
         rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhys, &pIemCpu->abOpcode[pIemCpu->cbOpcode], cbToTryRead);
     else
@@ -1771 +1783 @@
     return VINF_SUCCESS;
 }
+
+
+/**
+ * Gets the correct EFLAGS regardless of whether PATM stores parts of them or
+ * not.
+ *
+ * @param   a_pIemCpu           The IEM per CPU data.
+ * @param   a_pCtx              The CPU context.
+ */
+#ifdef VBOX_WITH_RAW_MODE_NOT_R0
+# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
+    ( IEM_VERIFICATION_ENABLED(a_pIemCpu) \
+      ? (a_pCtx)->eflags.u \
+      : CPUMRawGetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu)) )
+#else
+# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
+    ( (a_pCtx)->eflags.u  )
+#endif
+
+/**
+ * Updates the EFLAGS in the correct manner wrt. PATM.
+ *
+ * @param   a_pIemCpu           The IEM per CPU data.
+ * @param   a_pCtx              The CPU context.
+ */
+#ifdef VBOX_WITH_RAW_MODE_NOT_R0
+# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
+    do { \
+        if (IEM_VERIFICATION_ENABLED(a_pIemCpu)) \
+            (a_pCtx)->eflags.u = (a_fEfl); \
+        else \
+            CPUMRawSetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu), a_fEfl); \
+    } while (0)
+#else
+# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
+    do { \
+        (a_pCtx)->eflags.u = (a_fEfl); \
+    } while (0)
+#endif
 
 
@@ -1937 +1988 @@
         return rcStrict;
 
-    pu16Frame[2] = (uint16_t)pCtx->eflags.u;
+    uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
+    pu16Frame[2] = (uint16_t)fEfl;
     pu16Frame[1] = (uint16_t)pCtx->cs.Sel;
     pu16Frame[0] = pCtx->ip + cbInstr;
@@ -1954 +2006 @@
     /** @todo do we load attribs and limit as well? Should we check against limit like far jump? */
     pCtx->rip              = Idte.off;
-    pCtx->eflags.Bits.u1IF = 0;
+    fEfl &= ~X86_EFL_IF;
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
 
     /** @todo do we actually do this in real mode? */
@@ -2134 +2187 @@
      * This in turns means validating the new SS and ESP...
      */
+    uint32_t        fEfl    = IEMMISC_GET_EFL(pIemCpu, pCtx);
     uint8_t const   uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
                             ? pIemCpu->uCpl : DescCS.Legacy.Gen.u2Dpl;
@@ -2182 +2236 @@
                             ? pCtx->eip + cbInstr : pCtx->eip;
         uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
-        uStackFrame.pu32[2] = pCtx->eflags.u;
+        uStackFrame.pu32[2] = fEfl;
         uStackFrame.pu32[3] = pCtx->esp;
         uStackFrame.pu32[4] = pCtx->ss.Sel;
@@ -2239 +2293 @@
                             ? pCtx->eip + cbInstr : pCtx->eip;
         uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
-        uStackFrame.pu32[2] = pCtx->eflags.u;
+        uStackFrame.pu32[2] = fEfl;
         rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W); /* don't use the commit here */
         if (rcStrict != VINF_SUCCESS)
@@ -2268 +2322 @@
 
     pCtx->rip               = uNewEip;
-    pCtx->rflags.u         &= ~fEflToClear;
+    fEfl &= ~fEflToClear;
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
 
     if (fFlags & IEM_XCPT_FLAGS_CR2)
@@ -4428 +4483 @@
 
 /**
+ * Updates the IEMCPU::cbWritten counter if applicable.
+ *
+ * @param   pIemCpu             The IEM per CPU data.
+ * @param   fAccess             The access being accounted for.
+ * @param   cbMem               The access size.
+ */
+DECL_FORCE_INLINE(void) iemMemUpdateWrittenCounter(PIEMCPU pIemCpu, uint32_t fAccess, size_t cbMem)
+{
+    if (   (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_STACK | IEM_ACCESS_TYPE_WRITE)
+        || (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_DATA | IEM_ACCESS_TYPE_WRITE) )
+        pIemCpu->cbWritten += (uint32_t)cbMem;
+}
+
+
+/**
  * Checks if the given segment can be written to, raise the appropriate
  * exception if not.
@@ -4662 +4732 @@
         return VERR_PGM_PHYS_TLB_CATCH_ALL;
 #endif
+#ifdef IEM_LOG_MEMORY_ACCESS
+    return VERR_PGM_PHYS_TLB_CATCH_ALL;
+#endif
 
     /** @todo This API may require some improving later.  A private deal with PGM
@@ -4670 +4743 @@
                                   GCPhysMem,
                                   RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE),
-                                  pIemCpu->fByPassHandlers,
+                                  pIemCpu->fBypassHandlers,
                                   ppvMem,
                                   pLock);
@@ -4772 +4845 @@
         uint16_t const  cbSecond = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
         uint8_t const  *pbBuf    = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
-        if (!pIemCpu->fByPassHandlers)
+        if (!pIemCpu->fBypassHandlers)
         {
             rc = PGMPhysWrite(IEMCPU_TO_VM(pIemCpu),
@@ -4800 +4873 @@
             /** @todo status code handling */
             Log(("iemMemBounceBufferCommitAndUnmap: %s GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
-                 pIemCpu->fByPassHandlers ? "PGMPhysWrite" : "PGMPhysSimpleWriteGCPhys",
+                 pIemCpu->fBypassHandlers ? "PGMPhysWrite" : "PGMPhysSimpleWriteGCPhys",
                  pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
                  pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, rc));
@@ -4842 +4915 @@
     }
 #endif
+#ifdef IEM_LOG_MEMORY_ACCESS
+    if (rc == VINF_SUCCESS)
+    {
+        Log(("IEM Wrote %RGp: %.*Rhxs\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
+             RT_MAX(RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbFirst, 64), 1), &pIemCpu->aBounceBuffers[iMemMap].ab[0]));
+        if (pIemCpu->aMemBbMappings[iMemMap].cbSecond)
+            Log(("IEM Wrote %RGp: %.*Rhxs [2nd page]\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
+                 RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbSecond, 64),
+                 &pIemCpu->aBounceBuffers[iMemMap].ab[pIemCpu->aMemBbMappings[iMemMap].cbFirst]));
+    }
+#endif
 
     /*
@@ -4884 +4968 @@
     {
         int rc;
-        if (!pIemCpu->fByPassHandlers)
+        if (!pIemCpu->fBypassHandlers)
         {
             rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysFirst, pbBuf, cbFirstPage);
@@ -4968 +5052 @@
     pIemCpu->cActiveMappings++;
 
+    iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
     *ppvMem = pbBuf;
     return VINF_SUCCESS;
@@ -5003 +5088 @@
         {
             int rc;
-            if (!pIemCpu->fByPassHandlers)
+            if (!pIemCpu->fBypassHandlers)
                 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysFirst, pbBuf, cbMem);
             else
@@ -5011 +5096 @@
                 /** @todo status code handling */
                 Log(("iemMemBounceBufferMapPhys: %s GCPhysFirst=%RGp rc=%Rrc (!!)\n",
-                     pIemCpu->fByPassHandlers ? "PGMPhysRead" : "PGMPhysSimpleReadGCPhys",  GCPhysFirst, rc));
+                     pIemCpu->fBypassHandlers ? "PGMPhysRead" : "PGMPhysSimpleReadGCPhys",  GCPhysFirst, rc));
                 return rc;
             }
@@ -5056 +5141 @@
     pIemCpu->cActiveMappings++;
 
+    iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
     *ppvMem = pbBuf;
     return VINF_SUCCESS;
@@ -5135 +5221 @@
     pIemCpu->cActiveMappings++;
 
-    if (   (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_STACK | IEM_ACCESS_TYPE_WRITE)
-        || (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_DATA | IEM_ACCESS_TYPE_WRITE) )
-        pIemCpu->cbWritten += (uint32_t)cbMem;
+    iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
     *ppvMem = pvMem;
     return VINF_SUCCESS;
@@ -6324 +6408 @@
 #define IEM_MC_FETCH_TR_U32(a_u32Dst)                   (a_u32Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
 #define IEM_MC_FETCH_TR_U64(a_u64Dst)                   (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
+/** @note Not for IOPL or IF testing or modification. */
 #define IEM_MC_FETCH_EFLAGS(a_EFlags)                   (a_EFlags) = (pIemCpu)->CTX_SUFF(pCtx)->eflags.u
 #define IEM_MC_FETCH_EFLAGS_U8(a_EFlags)                (a_EFlags) = (uint8_t)(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
@@ -6348 +6433 @@
 #define IEM_MC_REF_GREG_U32(a_pu32Dst, a_iGReg)         (a_pu32Dst) = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg))
 #define IEM_MC_REF_GREG_U64(a_pu64Dst, a_iGReg)         (a_pu64Dst) = (uint64_t *)iemGRegRef(pIemCpu, (a_iGReg))
+/** @note Not for IOPL or IF testing or modification. */
 #define IEM_MC_REF_EFLAGS(a_pEFlags)                    (a_pEFlags) = &(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
 
@@ -6423 +6509 @@
 
 
+/** @note Not for IOPL or IF modification. */
 #define IEM_MC_SET_EFL_BIT(a_fBit)                      do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u |= (a_fBit); } while (0)
+/** @note Not for IOPL or IF modification. */
 #define IEM_MC_CLEAR_EFL_BIT(a_fBit)                    do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u &= ~(a_fBit); } while (0)
+/** @note Not for IOPL or IF modification. */
 #define IEM_MC_FLIP_EFL_BIT(a_fBit)                     do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u ^= (a_fBit); } while (0)
 
@@ -6875 +6964 @@
     CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_FPU_REM)
 
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BIT_SET(a_fBit)                   if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BIT_NOT_SET(a_fBit)               if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit))) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_ANY_BITS_SET(a_fBits)             if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_NO_BITS_SET(a_fBits)              if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits))) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BITS_NE(a_fBit1, a_fBit2)         \
     if (   !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
         != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BITS_EQ(a_fBit1, a_fBit2)         \
     if (   !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
         == !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BIT_SET_OR_BITS_NE(a_fBit, a_fBit1, a_fBit2) \
     if (   (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
         ||    !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
            != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_EFL_BIT_NOT_SET_AND_BITS_EQ(a_fBit, a_fBit1, a_fBit2) \
     if (   !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
@@ -6896 +6993 @@
 #define IEM_MC_IF_ECX_IS_NZ()                           if (pIemCpu->CTX_SUFF(pCtx)->ecx != 0) {
 #define IEM_MC_IF_RCX_IS_NZ()                           if (pIemCpu->CTX_SUFF(pCtx)->rcx != 0) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
             && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
             && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
             && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
             && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
             && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
+/** @note Not for IOPL or IF testing. */
 #define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
         if (   pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
@@ -8150 +8253 @@
  * @param   pVCpu       The current virtual CPU.
  * @param   pIemCpu     The IEM per CPU data.
- */
-DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, PIEMCPU pIemCpu)
+ * @param   fExecuteInhibit     If set, execute the instruction following CLI,
+ *                      POP SS and MOV SS,GR.
+ */
+DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, PIEMCPU pIemCpu, bool fExecuteInhibit)
 {
     uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
@@ -8163 +8268 @@
     /* Execute the next instruction as well if a cli, pop ss or
        mov ss, Gr has just completed successfully. */
-    if (   rcStrict == VINF_SUCCESS
+    if (   fExecuteInhibit
+        && rcStrict == VINF_SUCCESS
         && VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
         && EMGetInhibitInterruptsPC(pVCpu) == pIemCpu->CTX_SUFF(pCtx)->rip )
     {
-        rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu);
+        rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, pIemCpu->fBypassHandlers);
         if (rcStrict == VINF_SUCCESS)
         {
@@ -8282 +8388 @@
      * Do the decoding and emulation.
      */
-    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu);
+    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
     if (rcStrict == VINF_SUCCESS)
-        rcStrict = iemExecOneInner(pVCpu, pIemCpu);
+        rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
 
 #if defined(IEM_VERIFICATION_MODE) && defined(IN_RING3)
@@ -8305 +8411 @@
     AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
 
-    iemInitDecoder(pIemCpu);
+    iemInitDecoder(pIemCpu, false);
     uint32_t const cbOldWritten = pIemCpu->cbWritten;
 
-    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu);
+    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
     if (rcStrict == VINF_SUCCESS)
     {
-        rcStrict = iemExecOneInner(pVCpu, pIemCpu);
+        rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
         if (pcbWritten)
             *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
@@ -8330 +8436 @@
         && pCtx->rip == OpcodeBytesPC)
     {
-        iemInitDecoder(pIemCpu);
+        iemInitDecoder(pIemCpu, false);
         pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
         memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
@@ -8336 +8442 @@
     }
     else
-        rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu);
+        rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
     if (rcStrict == VINF_SUCCESS)
     {
-        rcStrict = iemExecOneInner(pVCpu, pIemCpu);
-    }
+        rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
+    }
+    return rcStrict;
+}
+
+
+VMMDECL(VBOXSTRICTRC)       IEMExecOneBypassEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
+{
+    PIEMCPU  pIemCpu = &pVCpu->iem.s;
+    PCPUMCTX pCtx    = pVCpu->iem.s.CTX_SUFF(pCtx);
+    AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
+
+    iemInitDecoder(pIemCpu, true);
+    uint32_t const cbOldWritten = pIemCpu->cbWritten;
+
+    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
+    if (rcStrict == VINF_SUCCESS)
+    {
+        rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
+        if (pcbWritten)
+            *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
+    }
+    return rcStrict;
+}
+
+
+VMMDECL(VBOXSTRICTRC)       IEMExecOneBypassWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
+                                                               const void *pvOpcodeBytes, size_t cbOpcodeBytes)
+{
+    PIEMCPU  pIemCpu = &pVCpu->iem.s;
+    PCPUMCTX pCtx    = pVCpu->iem.s.CTX_SUFF(pCtx);
+    AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
+
+    VBOXSTRICTRC rcStrict;
+    if (   cbOpcodeBytes
+        && pCtx->rip == OpcodeBytesPC)
+    {
+        iemInitDecoder(pIemCpu, true);
+        pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
+        memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
+        rcStrict = VINF_SUCCESS;
+    }
+    else
+        rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
+    if (rcStrict == VINF_SUCCESS)
+        rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
     return rcStrict;
 }
@@ -8367 +8517 @@
 VMM_INT_DECL(VBOXSTRICTRC) IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2)
 {
-    iemInitDecoder(&pVCpu->iem.s);
+    iemInitDecoder(&pVCpu->iem.s, false);
 
     uint32_t fFlags;

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -35 +35 @@
 DECLINLINE(VBOXSTRICTRC) iemHlpCheckPortIOPermission(PIEMCPU pIemCpu, PCCPUMCTX pCtx, uint16_t u16Port, uint8_t cbOperand)
 {
+    X86EFLAGS Efl;
+    Efl.u = IEMMISC_GET_EFL(pIemCpu, pCtx);
     if (   (pCtx->cr0 & X86_CR0_PE)
-        && (    pIemCpu->uCpl > pCtx->eflags.Bits.u2IOPL
-            ||  pCtx->eflags.Bits.u1VM) )
+        && (    pIemCpu->uCpl > Efl.Bits.u2IOPL
+            ||  Efl.Bits.u1VM) )
     {
         NOREF(u16Port); NOREF(cbOperand); /** @todo I/O port permission bitmap check */
@@ -469 +471 @@
      * doing this in a C implementation).
      */
-    uint32_t fEfl = pCtx->eflags.u;
+    uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
     if (   (fEfl & X86_EFL_VM)
         && X86_EFL_GET_IOPL(fEfl) != 3 )
@@ -517 +519 @@
 {
     PCPUMCTX        pCtx    = pIemCpu->CTX_SUFF(pCtx);
-    uint32_t const  fEflOld = pCtx->eflags.u;
+    PVMCPU          pVCpu   = IEMCPU_TO_VMCPU(pIemCpu);
+    uint32_t const  fEflOld = IEMMISC_GET_EFL(pIemCpu, pCtx);
     VBOXSTRICTRC    rcStrict;
     uint32_t        fEflNew;
@@ -633 +636 @@
      */
     Assert(fEflNew & RT_BIT_32(1));
-    pCtx->eflags.u = fEflNew;
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEflNew);
     iemRegAddToRip(pIemCpu, cbInstr);
 
@@ -1912 +1915 @@
 IEM_CIMPL_DEF_1(iemCImpl_iret_real_v8086, IEMMODE, enmEffOpSize)
 {
-    PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
+    PCPUMCTX  pCtx  = pIemCpu->CTX_SUFF(pCtx);
+    PVMCPU    pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
+    X86EFLAGS Efl;
+    Efl.u = IEMMISC_GET_EFL(pIemCpu, pCtx);
     NOREF(cbInstr);
 
@@ -1945 +1951 @@
                    | X86_EFL_RF /*| X86_EFL_VM*/ | X86_EFL_AC /*|X86_EFL_VIF*/ /*|X86_EFL_VIP*/
                    | X86_EFL_ID;
-        uNewFlags |= pCtx->eflags.u & (X86_EFL_VM | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_1);
+        uNewFlags |= Efl.u & (X86_EFL_VM | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_1);
     }
     else
@@ -1957 +1963 @@
         uNewFlags &= X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF
                    | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT;
-        uNewFlags |= pCtx->eflags.u & (UINT32_C(0xffff0000) | X86_EFL_1);
+        uNewFlags |= Efl.u & (UINT32_C(0xffff0000) | X86_EFL_1);
         /** @todo The intel pseudo code does not indicate what happens to
          *        reserved flags. We just ignore them. */
@@ -1974 +1980 @@
      * V8086 checks and flag adjustments
      */
-    if (pCtx->eflags.Bits.u1VM)
-    {
-        if (pCtx->eflags.Bits.u2IOPL == 3)
+    if (Efl.Bits.u1VM)
+    {
+        if (Efl.Bits.u2IOPL == 3)
         {
             /* Preserve IOPL and clear RF. */
-            uNewFlags &=                 ~(X86_EFL_IOPL | X86_EFL_RF);
-            uNewFlags |= pCtx->eflags.u & (X86_EFL_IOPL);
+            uNewFlags &=        ~(X86_EFL_IOPL | X86_EFL_RF);
+            uNewFlags |= Efl.u & (X86_EFL_IOPL);
         }
         else if (   enmEffOpSize == IEMMODE_16BIT
                  && (   !(uNewFlags & X86_EFL_IF)
-                     || !pCtx->eflags.Bits.u1VIP )
+                     || !Efl.Bits.u1VIP )
                  && !(uNewFlags & X86_EFL_TF)   )
         {
@@ -1990 +1996 @@
             uNewFlags &= ~X86_EFL_VIF;
             uNewFlags |= (uNewFlags & X86_EFL_IF) << (19 - 9);
-            uNewFlags &=                 ~(X86_EFL_IF | X86_EFL_IOPL | X86_EFL_RF);
-            uNewFlags |= pCtx->eflags.u & (X86_EFL_IF | X86_EFL_IOPL);
+            uNewFlags &=        ~(X86_EFL_IF | X86_EFL_IOPL | X86_EFL_RF);
+            uNewFlags |= Efl.u & (X86_EFL_IF | X86_EFL_IOPL);
         }
         else
@@ -2010 +2016 @@
     /** @todo do we load attribs and limit as well? */
     Assert(uNewFlags & X86_EFL_1);
-    pCtx->eflags.u      = uNewFlags;
+    IEMMISC_SET_EFL(pIemCpu, pCtx, uNewFlags);
 
     return VINF_SUCCESS;
@@ -2345 +2351 @@
         else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
             fEFlagsMask |= X86_EFL_IF;
-        pCtx->eflags.u     &= ~fEFlagsMask;
-        pCtx->eflags.u     |= fEFlagsMask & uNewFlags;
+        uint32_t fEFlagsNew = IEMMISC_GET_EFL(pIemCpu, pCtx);
+        fEFlagsNew         &= ~fEFlagsMask;
+        fEFlagsNew         |= uNewFlags & fEFlagsMask;
+        IEMMISC_SET_EFL(pIemCpu, pCtx, fEFlagsNew);
 
         pIemCpu->uCpl       = uNewCs & X86_SEL_RPL;
@@ -2389 +2397 @@
         pCtx->rsp           = uNewRsp;
 
+        X86EFLAGS NewEfl;
+        NewEfl.u = IEMMISC_GET_EFL(pIemCpu, pCtx);
         uint32_t fEFlagsMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF  | X86_EFL_SF
                              | X86_EFL_TF | X86_EFL_DF | X86_EFL_OF | X86_EFL_NT;
@@ -2395 +2405 @@
         if (pIemCpu->uCpl == 0)
             fEFlagsMask |= X86_EFL_IF | X86_EFL_IOPL | X86_EFL_VIF | X86_EFL_VIP; /* VM is 0 */
-        else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
+        else if (pIemCpu->uCpl <= NewEfl.Bits.u2IOPL)
             fEFlagsMask |= X86_EFL_IF;
-        pCtx->eflags.u         &= ~fEFlagsMask;
-        pCtx->eflags.u         |= fEFlagsMask & uNewFlags;
+        NewEfl.u           &= ~fEFlagsMask;
+        NewEfl.u           |= fEFlagsMask & uNewFlags;
+        IEMMISC_SET_EFL(pIemCpu, pCtx, NewEfl.u);
         /* Done! */
     }
@@ -3277 +3288 @@
             else
                 rcStrict = VINF_SUCCESS;
+
+#ifdef IN_RC
+            /* Return to ring-3 for rescheduling if WP or AM changes. */
+            if (   rcStrict == VINF_SUCCESS
+                && (   (uNewCrX & (X86_CR0_WP | X86_CR0_AM))
+                    != (uOldCrX & (X86_CR0_WP | X86_CR0_AM))) )
+                rcStrict = VINF_EM_RESCHEDULE;
+#endif
             break;
         }
@@ -3871 +3890 @@
      * CPL check
      */
-    if (   (pCtx->cr0 & X86_CR0_PE)
-        && (    pIemCpu->uCpl > pCtx->eflags.Bits.u2IOPL
-            ||  pCtx->eflags.Bits.u1VM) )
-    {
-        /** @todo I/O port permission bitmap check */
-        IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Implement I/O permission bitmap checks.\n"));
-    }
+    VBOXSTRICTRC rcStrict = iemHlpCheckPortIOPermission(pIemCpu, pCtx, u16Port, cbReg);
+    if (rcStrict != VINF_SUCCESS)
+        return rcStrict;
 
     /*
@@ -3890 +3905 @@
         default: AssertFailedReturn(VERR_INTERNAL_ERROR_3);
     }
-    VBOXSTRICTRC rcStrict;
     if (!IEM_VERIFICATION_ENABLED(pIemCpu))
         rcStrict = IOMIOPortWrite(IEMCPU_TO_VM(pIemCpu), u16Port, u32Value, cbReg);
@@ -3922 +3936 @@
 IEM_CIMPL_DEF_0(iemCImpl_cli)
 {
-    PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
-
+    PCPUMCTX        pCtx    = pIemCpu->CTX_SUFF(pCtx);
+    PVMCPU          pVCpu   = IEMCPU_TO_VMCPU(pIemCpu);
+    uint32_t        fEfl    = IEMMISC_GET_EFL(pIemCpu, pCtx);
+    uint32_t const  fEflOld = fEfl;
     if (pCtx->cr0 & X86_CR0_PE)
     {
-        uint8_t const uIopl = pCtx->eflags.Bits.u2IOPL;
-        if (!pCtx->eflags.Bits.u1VM)
+        uint8_t const uIopl = X86_EFL_GET_IOPL(fEfl);
+        if (!(fEfl & X86_EFL_VM))
         {
             if (pIemCpu->uCpl <= uIopl)
-                pCtx->eflags.Bits.u1IF = 0;
+                fEfl &= ~X86_EFL_IF;
             else if (   pIemCpu->uCpl == 3
                      && (pCtx->cr4 & X86_CR4_PVI) )
-                pCtx->eflags.Bits.u1VIF = 0;
+                fEfl &= ~X86_EFL_VIF;
             else
                 return iemRaiseGeneralProtectionFault0(pIemCpu);
@@ -3939 +3955 @@
         /* V8086 */
         else if (uIopl == 3)
-            pCtx->eflags.Bits.u1IF = 0;
+            fEfl &= ~X86_EFL_IF;
         else if (   uIopl < 3
                  && (pCtx->cr4 & X86_CR4_VME) )
-            pCtx->eflags.Bits.u1VIF = 0;
+            fEfl &= ~X86_EFL_VIF;
         else
             return iemRaiseGeneralProtectionFault0(pIemCpu);
@@ -3948 +3964 @@
     /* real mode */
     else
-        pCtx->eflags.Bits.u1IF = 0;
+        fEfl &= ~X86_EFL_IF;
+
+    /* Commit. */
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
     iemRegAddToRip(pIemCpu, cbInstr);
+    Log2(("CLI: %#x -> %#x\n", fEflOld, fEfl)); NOREF(fEflOld);
     return VINF_SUCCESS;
 }
@@ -3959 +3979 @@
 IEM_CIMPL_DEF_0(iemCImpl_sti)
 {
-    PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
+    PCPUMCTX        pCtx    = pIemCpu->CTX_SUFF(pCtx);
+    PVMCPU          pVCpu   = IEMCPU_TO_VMCPU(pIemCpu);
+    uint32_t        fEfl    = IEMMISC_GET_EFL(pIemCpu, pCtx);
+    uint32_t const  fEflOld = fEfl;
 
     if (pCtx->cr0 & X86_CR0_PE)
     {
-        uint8_t const uIopl = pCtx->eflags.Bits.u2IOPL;
-        if (!pCtx->eflags.Bits.u1VM)
+        uint8_t const uIopl = X86_EFL_GET_IOPL(fEfl);
+        if (!(fEfl & X86_EFL_VM))
         {
             if (pIemCpu->uCpl <= uIopl)
-                pCtx->eflags.Bits.u1IF = 1;
+                fEfl |= X86_EFL_IF;
             else if (   pIemCpu->uCpl == 3
                      && (pCtx->cr4 & X86_CR4_PVI)
-                     && !pCtx->eflags.Bits.u1VIP )
-                pCtx->eflags.Bits.u1VIF = 1;
+                     && !(fEfl & X86_EFL_VIP) )
+                fEfl |= X86_EFL_VIF;
             else
                 return iemRaiseGeneralProtectionFault0(pIemCpu);
@@ -3977 +4000 @@
         /* V8086 */
         else if (uIopl == 3)
-            pCtx->eflags.Bits.u1IF = 1;
+            fEfl |= X86_EFL_IF;
         else if (   uIopl < 3
                  && (pCtx->cr4 & X86_CR4_VME)
-                 && !pCtx->eflags.Bits.u1VIP )
-            pCtx->eflags.Bits.u1VIF = 1;
+                 && !(fEfl & X86_EFL_VIP) )
+            fEfl |= X86_EFL_VIF;
         else
             return iemRaiseGeneralProtectionFault0(pIemCpu);
@@ -3987 +4010 @@
     /* real mode */
     else
-        pCtx->eflags.Bits.u1IF = 1;
-
+        fEfl |= X86_EFL_IF;
+
+    /* Commit. */
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
     iemRegAddToRip(pIemCpu, cbInstr);
-    /** @todo don't do this unconditionally... */
-    EMSetInhibitInterruptsPC(IEMCPU_TO_VMCPU(pIemCpu), pCtx->rip);
+    if (!(fEflOld & X86_EFL_IF) && (fEfl & X86_EFL_IF))
+        EMSetInhibitInterruptsPC(IEMCPU_TO_VMCPU(pIemCpu), pCtx->rip);
+    Log2(("STI: %#x -> %#x\n", fEflOld, fEfl));
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -205 +205 @@
 
     /** Whether to bypass access handlers or not. */
-    bool                    fByPassHandlers;
+    bool                    fBypassHandlers;
     /** Explicit alignment padding. */
     bool                    afAlignment0[3];