Changeset 45276 in vbox for trunk/src/VBox/VMM/VMMR3/SELM.cpp

Timestamp:

Apr 2, 2013 8:17:11 AM (12 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

84670

Message:

Ring-1 compression patches, courtesy of trivirt AG:

• main: diff to remove the hwvirt requirement for QNX
• rem: diff for dealing with raw ring 0/1 selectors and general changes to allowed guest execution states
• vmm: changes for using the guest's TSS selector index as our hypervisor TSS selector (makes str safe) (VBOX_WITH_SAFE_STR )
• vmm: changes for dealing with guest ring 1 code (VBOX_WITH_RAW_RING1)
• vmm: change to emulate smsw in RC/R0 (QNX uses this old style instruction a lot so going to qemu for emulation is very expensive)
• vmm: change (hack) to kick out patm virtual handlers in case they conflict with guest GDT/TSS write monitors; we should allow multiple handlers per page, but that change would be rather invasive

File:

• trunk/src/VBox/VMM/VMMR3/SELM.cpp (modified) (24 diffs)

trunk/src/VBox/VMM/VMMR3/SELM.cpp

@@ -80 +80 @@
 #include <iprt/string.h>
 
-
-/**
- * Enable or disable tracking of Shadow GDT/LDT/TSS.
- * @{
- */
-#define SELM_TRACK_SHADOW_GDT_CHANGES
-#define SELM_TRACK_SHADOW_LDT_CHANGES
-#define SELM_TRACK_SHADOW_TSS_CHANGES
-/** @} */
 
 
@@ -565 +556 @@
      * Uninstall guest GDT/LDT/TSS write access handlers.
      */
-    int rc;
+    int rc = VINF_SUCCESS;
     if (pVM->selm.s.GuestGdtr.pGdt != RTRCPTR_MAX && pVM->selm.s.fGDTRangeRegistered)
     {
+#ifdef SELM_TRACK_GUEST_GDT_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GuestGdtr.pGdt);
         AssertRC(rc);
+#endif
         pVM->selm.s.GuestGdtr.pGdt = RTRCPTR_MAX;
         pVM->selm.s.GuestGdtr.cbGdt = 0;
@@ -576 +569 @@
     if (pVM->selm.s.GCPtrGuestLdt != RTRCPTR_MAX)
     {
+#ifdef SELM_TRACK_GUEST_LDT_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestLdt);
         AssertRC(rc);
+#endif
         pVM->selm.s.GCPtrGuestLdt = RTRCPTR_MAX;
     }
     if (pVM->selm.s.GCPtrGuestTss != RTRCPTR_MAX)
     {
+#ifdef SELM_TRACK_GUEST_TSS_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestTss);
         AssertRC(rc);
+#endif
         pVM->selm.s.GCPtrGuestTss = RTRCPTR_MAX;
         pVM->selm.s.GCSelTss      = RTSEL_MAX;
@@ -619 +616 @@
     if (pVM->selm.s.GuestGdtr.pGdt != RTRCPTR_MAX && pVM->selm.s.fGDTRangeRegistered)
     {
+#ifdef SELM_TRACK_GUEST_GDT_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GuestGdtr.pGdt);
         AssertRC(rc);
+#endif
         pVM->selm.s.GuestGdtr.pGdt = RTRCPTR_MAX;
         pVM->selm.s.GuestGdtr.cbGdt = 0;
@@ -627 +626 @@
     if (pVM->selm.s.GCPtrGuestLdt != RTRCPTR_MAX)
     {
+#ifdef SELM_TRACK_GUEST_LDT_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestLdt);
         AssertRC(rc);
+#endif
         pVM->selm.s.GCPtrGuestLdt = RTRCPTR_MAX;
     }
     if (pVM->selm.s.GCPtrGuestTss != RTRCPTR_MAX)
     {
+#ifdef SELM_TRACK_GUEST_TSS_CHANGES
         rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestTss);
         AssertRC(rc);
+#endif
         pVM->selm.s.GCPtrGuestTss = RTRCPTR_MAX;
         pVM->selm.s.GCSelTss      = RTSEL_MAX;
@@ -953 +956 @@
     }
 
+#ifdef VBOX_WITH_SAFE_STR
+    /** Use the guest's TR selector to plug the str virtualization hole. */
+    if (CPUMGetGuestTR(pVCpu, NULL) != 0)
+    {
+        Log(("SELM: Use guest TSS selector %x\n", CPUMGetGuestTR(pVCpu, NULL)));
+        aHyperSel[SELM_HYPER_SEL_TSS] = CPUMGetGuestTR(pVCpu, NULL);
+    }
+#endif
+
     /*
      * Work thru the copied GDT entries adjusting them for correct virtualization.
@@ -960 +972 @@
     {
         if (pGDTE->Gen.u1Present)
-            selmGuestToShadowDesc(pGDTE);
+            selmGuestToShadowDesc(pVM, pGDTE);
 
         /* Next GDT entry. */
@@ -990 +1002 @@
         VMR3Relocate(pVM, 0);
     }
-    else if (cbEffLimit >= SELM_HYPER_DEFAULT_BASE)
+    else 
+#ifdef VBOX_WITH_SAFE_STR
+    if (    cbEffLimit >= SELM_HYPER_DEFAULT_BASE
+        ||  CPUMGetGuestTR(pVCpu, NULL) != 0)       /* Our shadow TR entry was overwritten when we synced the guest's GDT. */
+#else
+    if (cbEffLimit >= SELM_HYPER_DEFAULT_BASE)
+#endif
         /* We overwrote all entries above, so we have to save them again. */
         selmR3SetupHyperGDTSelectors(pVM);
@@ -1011 +1029 @@
     {
         Log(("SELMR3UpdateFromCPUM: Guest's GDT is changed to pGdt=%016RX64 cbGdt=%08X\n", GDTR.pGdt, GDTR.cbGdt));
-
+#ifdef SELM_TRACK_GUEST_GDT_CHANGES
         /*
          * [Re]Register write virtual handler for guest's GDT.
@@ -1025 +1043 @@
                                          0, selmR3GuestGDTWriteHandler, "selmRCGuestGDTWriteHandler", 0,
                                          "Guest GDT write access handler");
+# ifdef VBOX_WITH_RAW_RING1
+        /* Some guest OSes (QNX) share code and the GDT on the same page; PGMR3HandlerVirtualRegister doesn't support more than one handler, so we kick out the 
+         * PATM handler as this one is more important. 
+         * @todo fix this properly in PGMR3HandlerVirtualRegister
+         */
+        if (rc == VERR_PGM_HANDLER_VIRTUAL_CONFLICT)
+        {
+            LogRel(("selmR3UpdateShadowGdt: Virtual handler conflict %RGv -> kick out PATM handler for the higher priority GDT page monitor\n", GDTR.pGdt));
+            rc = PGMHandlerVirtualDeregister(pVM, GDTR.pGdt & PAGE_BASE_GC_MASK);
+            AssertRC(rc);
+
+            rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE,
+                                             GDTR.pGdt, GDTR.pGdt + GDTR.cbGdt /* already inclusive */,
+                                             0, selmR3GuestGDTWriteHandler, "selmRCGuestGDTWriteHandler", 0,
+                                             "Guest GDT write access handler");
+        }
+# endif
         if (RT_FAILURE(rc))
             return rc;
-
+#endif
         /* Update saved Guest GDTR. */
         pVM->selm.s.GuestGdtr = GDTR;
@@ -1137 +1172 @@
                  pVM->selm.s.GCPtrGuestLdt, pVM->selm.s.cbLdtLimit, GCPtrLdt, cbLdt, pVM->selm.s.GuestGdtr.pGdt, pVM->selm.s.GuestGdtr.cbGdt));
 
+#ifdef SELM_TRACK_GUEST_LDT_CHANGES
             /*
              * [Re]Register write virtual handler for guest's GDT.
@@ -1146 +1182 @@
                 AssertRC(rc);
             }
-#ifdef DEBUG
+# ifdef DEBUG
             if (pDesc->Gen.u1Present)
                 Log(("LDT selector marked not present!!\n"));
-#endif
+# endif
             rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE, GCPtrLdt, GCPtrLdt + cbLdt /* already inclusive */,
                                              0, selmR3GuestLDTWriteHandler, "selmRCGuestLDTWriteHandler", 0, "Guest LDT write access handler");
@@ -1166 +1202 @@
                 return rc;
             }
-
+#else
+            pVM->selm.s.GCPtrGuestLdt = GCPtrLdt;
+#endif
             pVM->selm.s.cbLdtLimit = cbLdt;
         }
@@ -1205 +1243 @@
     /** @todo investigate how intel handle various operations on half present cross page entries. */
     off = GCPtrLdt & (sizeof(X86DESC) - 1);
-    AssertMsg(!off, ("LDT is not aligned on entry size! GCPtrLdt=%08x\n", GCPtrLdt));
+////    AssertMsg(!off, ("LDT is not aligned on entry size! GCPtrLdt=%08x\n", GCPtrLdt));
 
     /* Note: Do not skip the first selector; unlike the GDT, a zero LDT selector is perfectly valid. */
@@ -1239 +1277 @@
             {
                 if (pLDTE->Gen.u1Present)
-                    selmGuestToShadowDesc(pLDTE);
+                    selmGuestToShadowDesc(pVM, pLDTE);
 
                 /* Next LDT entry. */
@@ -1438 +1476 @@
 }
 
-
+#ifdef SELM_TRACK_GUEST_GDT_CHANGES
 /**
  * \#PF Handler callback for virtual access handler ranges.
@@ -1465 +1503 @@
     return VINF_PGM_HANDLER_DO_DEFAULT;
 }
-
-
+#endif
+
+#ifdef SELM_TRACK_GUEST_LDT_CHANGES
 /**
  * \#PF Handler callback for virtual access handler ranges.
@@ -1493 +1532 @@
     return VINF_PGM_HANDLER_DO_DEFAULT;
 }
-
-
+#endif
+
+
+#ifdef SELM_TRACK_GUEST_TSS_CHANGES
 /**
  * \#PF Handler callback for virtual access handler ranges.
@@ -1526 +1567 @@
     return VINF_PGM_HANDLER_DO_DEFAULT;
 }
-
+#endif
 
 /**
@@ -1675 +1716 @@
             selmSetRing1Stack(pVM, Tss.ss0 | 1, Tss.esp0);
             pVM->selm.s.fSyncTSSRing0Stack = fNoRing1Stack = false;
+
+#ifdef VBOX_WITH_RAW_RING1
+            /* Update our TSS structure for the guest's ring 2 stack */
+            selmSetRing2Stack(pVM, (Tss.ss1 & ~1) | 2, Tss.esp1);
+
+            if (    (pVM->selm.s.Tss.ss2 != ((Tss.ss1 & ~2) | 1))
+                ||  pVM->selm.s.Tss.esp2 != Tss.esp1)
+            {
+                Log(("SELMR3SyncTSS: Updating TSS ring 1 stack to %04X:%08X from %04X:%08X\n", Tss.ss1, Tss.esp1, (pVM->selm.s.Tss.ss2 & ~2) | 1, pVM->selm.s.Tss.esp2));
+            }
+#endif
         }
     }
@@ -1711 +1763 @@
         if (cbMonitoredTss != 0)
         {
+#ifdef SELM_TRACK_GUEST_TSS_CHANGES
             rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE, GCPtrTss, GCPtrTss + cbMonitoredTss - 1,
                                              0, selmR3GuestTSSWriteHandler,
@@ -1716 +1769 @@
             if (RT_FAILURE(rc))
             {
+# ifdef VBOX_WITH_RAW_RING1
+                /* Some guest OSes (QNX) share code and the TSS on the same page; PGMR3HandlerVirtualRegister doesn't support more than one handler, so we kick out the 
+                 * PATM handler as this one is more important. 
+                 * @todo fix this properly in PGMR3HandlerVirtualRegister
+                 */
+                if (rc == VERR_PGM_HANDLER_VIRTUAL_CONFLICT)
+                {
+                    LogRel(("SELMR3SyncTSS: Virtual handler conflict %RGv -> kick out PATM handler for the higher priority TSS page monitor\n", GCPtrTss));
+                    rc = PGMHandlerVirtualDeregister(pVM, GCPtrTss & PAGE_BASE_GC_MASK);
+                    AssertRC(rc);
+
+                    rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE, GCPtrTss, GCPtrTss + cbMonitoredTss - 1,
+                                                     0, selmR3GuestTSSWriteHandler,
+                                                     "selmRCGuestTSSWriteHandler", 0, "Guest TSS write access handler");
+                    if (RT_FAILURE(rc))
+                    {
+                        STAM_PROFILE_STOP(&pVM->selm.s.StatUpdateFromCPUM, a);
+                        return rc;
+                    }
+                }
+# else
                 STAM_PROFILE_STOP(&pVM->selm.s.StatUpdateFromCPUM, a);
                 return rc;
-            }
-
+# endif
+           }
+#endif
             /* Update saved Guest TSS info. */
             pVM->selm.s.GCPtrGuestTss       = GCPtrTss;
@@ -1888 +1963 @@
 VMMR3DECL(bool) SELMR3CheckTSS(PVM pVM)
 {
-#ifdef VBOX_STRICT
+#if defined(VBOX_STRICT) && defined(SELM_TRACK_GUEST_TSS_CHANGES)
     PVMCPU pVCpu = VMMGetCpu(pVM);
 
@@ -2019 +2094 @@
 #endif /* !VBOX_STRICT */
 }
+
+# ifdef VBOX_WITH_SAFE_STR
+/**
+ * Validates the RawR0 TR shadow GDT entry
+ *
+ * @returns true if it matches.
+ * @returns false and assertions on mismatch..
+ * @param   pVM     Pointer to the VM.
+ */
+VMMR3DECL(bool) SELMR3CheckShadowTR(PVM pVM)
+{
+#  ifdef VBOX_STRICT
+    PX86DESC paGdt = pVM->selm.s.paGdtR3;
+
+    /*
+     * TSS descriptor
+     */
+    PX86DESC pDesc = &paGdt[pVM->selm.s.aHyperSel[SELM_HYPER_SEL_TSS] >> 3];
+    RTRCPTR RCPtrTSS = VM_RC_ADDR(pVM, &pVM->selm.s.Tss);
+
+    if (    pDesc->Gen.u16BaseLow      != RT_LOWORD(RCPtrTSS)
+        ||  pDesc->Gen.u8BaseHigh1     != RT_BYTE3(RCPtrTSS)
+        ||  pDesc->Gen.u8BaseHigh2     != RT_BYTE4(RCPtrTSS)
+        ||  pDesc->Gen.u16LimitLow     != sizeof(VBOXTSS) - 1
+        ||  pDesc->Gen.u4LimitHigh     != 0
+        ||  (pDesc->Gen.u4Type         != X86_SEL_TYPE_SYS_386_TSS_AVAIL && pDesc->Gen.u4Type != X86_SEL_TYPE_SYS_386_TSS_BUSY)
+        ||  pDesc->Gen.u1DescType      != 0 /* system */
+        ||  pDesc->Gen.u2Dpl           != 0 /* supervisor */
+        ||  pDesc->Gen.u1Present       != 1
+        ||  pDesc->Gen.u1Available     != 0
+        ||  pDesc->Gen.u1Long          != 0
+        ||  pDesc->Gen.u1DefBig        != 0
+        ||  pDesc->Gen.u1Granularity   != 0 /* byte limit */
+        )
+    {
+        AssertFailed();
+        return false;
+    }
+#  endif
+    return true;
+}
+# endif 
 
 #endif /* VBOX_WITH_RAW_MODE */