Changeset 56013 in vbox for trunk/src

Timestamp:

May 21, 2015 5:04:14 PM (10 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

100526

Message:

PGM: Made the virtual handler callbacks return VBOXSTRICTRC and prepared for RC execution.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/CSAMAll.cpp (modified) (1 diff)
• VMMAll/PATMAll.cpp (modified) (1 diff)
• VMMAll/PGMAllBth.h (modified) (3 diffs)
• VMMAll/SELMAll.cpp (modified) (1 diff)
• VMMAll/TRPMAll.cpp (modified) (1 diff)
• VMMR3/PGMHandler.cpp (modified) (2 diffs)
• VMMR3/SELM.cpp (modified) (7 diffs)
• VMMR3/TRPM.cpp (modified) (4 diffs)
• VMMRC/CSAMRC.cpp (modified) (1 diff)
• VMMRC/PATMRC.cpp (modified) (1 diff)
• VMMRC/SELMRC.cpp (modified) (13 diffs)
• VMMRC/TRPMRC.cpp (modified) (2 diffs)
• include/CSAMInternal.h (modified) (1 diff)
• include/PATMInternal.h (modified) (1 diff)
• include/PGMInternal.h (modified) (1 diff)
• include/SELMInternal.h (modified) (1 diff)
• include/TRPMInternal.h (modified) (3 diffs)

trunk/src/VBox/VMM/VMMAll/CSAMAll.cpp

@@ -72 +72 @@
  * @param   pvUser          User argument.
  */
-PGM_ALL_CB2_DECL(int) csamCodePageWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                               PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+csamCodePageWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
 {
     RTGCPTR const GCPtrMonitored = (uintptr_t)pvUser | (GCPtr & PAGE_OFFSET_MASK);

trunk/src/VBox/VMM/VMMAll/PATMAll.cpp

@@ -58 +58 @@
  * @param   pvUser          The address of the guest page we're monitoring.
  */
-PGM_ALL_CB2_DECL(int) patmVirtPageHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                          PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+PGM_ALL_CB2_DECL(VBOXSTRICTRC) patmVirtPageHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                                                   PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
 {
     Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -719 +719 @@
                     &&  uErr & X86_TRAP_PF_RW)
                 {
+                    VBOXSTRICTRC rcStrict;
 #   ifdef IN_RC
                     STAM_PROFILE_START(&pCur->Stat, h);
@@ -724 +725 @@
                     void *pvUser = pCur->CTX_SUFF(pvUser);
                     pgmUnlock(pVM);
-                    rc = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, pCur->Core.Key,
-                                                          pvFault - pCur->Core.Key, pvUser);
+                    rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, pCur->Core.Key,
+                                                                pvFault - pCur->Core.Key, pvUser);
                     pgmLock(pVM);
                     STAM_PROFILE_STOP(&pCur->Stat, h);
 #   else
                     AssertFailed();
-                    rc = VINF_EM_RAW_EMULATE_INSTR; /* can't happen with VMX */
+                    rcStrict = VINF_EM_RAW_EMULATE_INSTR; /* can't happen with VMX */
 #   endif
                     STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersMapping);
                     STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Mapping; });
-                    return rc;
+                    return VBOXSTRICTRC_TODO(rcStrict);
                 }
 
@@ -816 +817 @@
                      ||  pCurType->enmKind != PGMVIRTHANDLERKIND_WRITE ) )
             {
+                VBOXSTRICTRC rcStrict;
 #   ifdef IN_RC
                 STAM_PROFILE_START(&pCur->Stat, h);
                 void *pvUser = pCur->CTX_SUFF(pvUser);
                 pgmUnlock(pVM);
-                rc = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, pCur->Core.Key,
-                                                      pvFault - pCur->Core.Key, pvUser);
+                rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, pCur->Core.Key,
+                                                            pvFault - pCur->Core.Key, pvUser);
                 pgmLock(pVM);
                 STAM_PROFILE_STOP(&pCur->Stat, h);
 #   else
-                rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
+                rcStrict = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
 #   endif
                 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2HndVirt; });
-                return rc;
+                return VBOXSTRICTRC_TODO(rcStrict);
             }
         }

trunk/src/VBox/VMM/VMMAll/SELMAll.cpp

@@ -47 +47 @@
 #endif
 
+
+#ifndef IN_RING0
+
+# ifdef SELM_TRACK_GUEST_GDT_CHANGES
+/**
+ * @callback_method_impl{FNPGMVIRTHANDLER}
+ */
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+selmGuestGDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
+    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
+    Log(("selmGuestGDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
+    NOREF(pvPtr); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
+
+#  ifdef IN_RING3
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_GDT);
+    return VINF_PGM_HANDLER_DO_DEFAULT;
+
+#  else  /* IN_RC: */
+    /*
+     * Execute the write, doing necessary pre and post shadow GDT checks.
+     */
+    PCPUMCTX pCtx        = CPUMQueryGuestCtxPtr(pVCpu);
+    uint32_t offGuestGdt = pCtx->gdtr.pGdt - GCPtr;
+    selmRCGuestGdtPreWriteCheck(pVM, pVCpu, offGuestGdt, cbBuf, pCtx);
+    memcpy(pvBuf, pvPtr, cbBuf);
+    VBOXSTRICTRC rcStrict = selmRCGuestGdtPostWriteCheck(pVM, pVCpu, offGuestGdt, cbBuf, pCtx);
+    if (!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT))
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTHandled);
+    else
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTUnhandled);
+    return rcStrict;
+#  endif
+}
+# endif
+
+
+# ifdef SELM_TRACK_GUEST_LDT_CHANGES
+/**
+ * @callback_method_impl{FNPGMVIRTHANDLER}
+ */
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+selmGuestLDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
+    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
+    Log(("selmGuestLDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
+    NOREF(pvPtr); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
+
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_LDT);
+#  ifdef IN_RING3
+    return VINF_PGM_HANDLER_DO_DEFAULT;
+#  else
+    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestLDT);
+    return VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT;
+#  endif
+}
+# endif
+
+
+# ifdef SELM_TRACK_GUEST_TSS_CHANGES
+/**
+ * @callback_method_impl{FNPGMVIRTHANDLER}
+ */
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+selmGuestTSSWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
+    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
+    Log(("selmGuestTSSWriteHandler: write %.*Rhxs to %RGv size %d\n", RT_MIN(8, cbBuf), pvBuf, GCPtr, cbBuf));
+    NOREF(pvBuf); NOREF(GCPtr); NOREF(cbBuf); NOREF(enmOrigin); NOREF(pvUser); NOREF(pvPtr);
+
+#  ifdef IN_RING3
+    /** @todo This can be optimized by checking for the ESP0 offset and tracking TR
+     *        reloads in REM (setting VM_FF_SELM_SYNC_TSS if TR is reloaded). We
+     *        should probably also deregister the virtual handler if TR.base/size
+     *        changes while we're in REM.  May also share
+     *        selmRCGuestTssPostWriteCheck code. */
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
+    return VINF_PGM_HANDLER_DO_DEFAULT;
+
+#  else  /* IN_RC */
+    /*
+     * Do the write and check if anything relevant changed.
+     */
+    Assert(pVM->selm.s.GCPtrGuestTss != (uintptr_t)RTRCPTR_MAX);
+    memcpy(pvPtr, pvBuf, cbBuf);
+    return selmRCGuestTssPostWriteCheck(pVM, pVCpu, GCPtr - pVM->selm.s.GCPtrGuestTss, cbBuf);
+#  endif
+}
+# endif
+
+#endif /* IN_RING0 */
 
 

trunk/src/VBox/VMM/VMMAll/TRPMAll.cpp

@@ -41 +41 @@
 #include "internal/pgm.h"
 
+
+
+#if defined(TRPM_TRACK_GUEST_IDT_CHANGES) && !defined(IN_RING0)
+/**
+ * \#PF Handler callback for virtual access handler ranges.
+ *
+ * Important to realize that a physical page in a range can have aliases, and
+ * for ALL and WRITE handlers these will also trigger.
+ *
+ * @returns VINF_SUCCESS if the handler have carried out the operation.
+ * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
+ * @param   pVM             Pointer to the VM.
+ * @param   pVCpu           Pointer to the cross context CPU context for the
+ *                          calling EMT.
+ * @param   GCPtr           The virtual address the guest is writing to. (not correct if it's an alias!)
+ * @param   pvPtr           The HC mapping of that address.
+ * @param   pvBuf           What the guest is reading/writing.
+ * @param   cbBuf           How much it's reading/writing.
+ * @param   enmAccessType   The access type.
+ * @param   enmOrigin       The origin of this call.
+ * @param   pvUser          User argument.
+ */
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+trpmGuestIDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
+    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
+    Log(("trpmGuestIDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
+    NOREF(pvPtr); NOREF(pvUser); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
+    Assert(!HMIsEnabled(pVM));
+
+    /** @todo Check which IDT entry and keep the update cost low in TRPMR3SyncIDT() and CSAMCheckGates(). */
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_TRPM_SYNC_IDT);
+# ifdef IN_RC
+    STAM_COUNTER_INC(&pVM->trpm.s.StatRCWriteGuestIDTFault);
+# endif
+    return VINF_PGM_HANDLER_DO_DEFAULT;
+}
+#endif /* TRPM_TRACK_GUEST_IDT_CHANGES && !IN_RING0 */
 
 

trunk/src/VBox/VMM/VMMR3/PGMHandler.cpp

@@ -292 +292 @@
 VMMR3_INT_DECL(int) PGMR3HandlerVirtualTypeRegisterEx(PVM pVM, PGMVIRTHANDLERKIND enmKind, bool fRelocUserRC,
                                                       PFNPGMR3VIRTINVALIDATE pfnInvalidateR3,
-                                                      PFNPGMR3VIRTHANDLER pfnHandlerR3,
+                                                      PFNPGMVIRTHANDLER pfnHandlerR3,
                                                       RCPTRTYPE(FNPGMRCVIRTPFHANDLER) pfnPfHandlerRC,
                                                       const char *pszDesc, PPGMVIRTHANDLERTYPE phType)
@@ -354 +354 @@
 VMMR3_INT_DECL(int) PGMR3HandlerVirtualTypeRegister(PVM pVM, PGMVIRTHANDLERKIND enmKind, bool fRelocUserRC,
                                                     PFNPGMR3VIRTINVALIDATE pfnInvalidateR3,
-                                                    PFNPGMR3VIRTHANDLER pfnHandlerR3,
+                                                    PFNPGMVIRTHANDLER pfnHandlerR3,
                                                     const char *pszPfHandlerRC, const char *pszDesc,
                                                     PPGMVIRTHANDLERTYPE phType)

trunk/src/VBox/VMM/VMMR3/SELM.cpp

@@ -95 +95 @@
 static DECLCALLBACK(int)  selmR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass);
 static DECLCALLBACK(int)  selmR3LoadDone(PVM pVM, PSSMHANDLE pSSM);
-static FNPGMR3VIRTHANDLER selmR3GuestGDTWriteHandler;
-static FNPGMR3VIRTHANDLER selmR3GuestLDTWriteHandler;
-static FNPGMR3VIRTHANDLER selmR3GuestTSSWriteHandler;
 static DECLCALLBACK(void) selmR3InfoGdt(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
 static DECLCALLBACK(void) selmR3InfoGdtGuest(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
@@ -222 +219 @@
 # endif
         rc = PGMR3HandlerVirtualTypeRegister(pVM, PGMVIRTHANDLERKIND_WRITE, false /*fRelocUserRC*/,
-                                             NULL /*pfnInvalidateR3*/, selmR3GuestGDTWriteHandler,
+                                             NULL /*pfnInvalidateR3*/, selmGuestGDTWriteHandler,
                                              "selmRCGuestGDTWritePfHandler",
                                              "Guest GDT write access handler", &pVM->selm.s.hGuestGdtWriteHandlerType);
         AssertRCReturn(rc, rc);
         rc = PGMR3HandlerVirtualTypeRegister(pVM, PGMVIRTHANDLERKIND_WRITE, false /*fRelocUserRC*/,
-                                             NULL /*pfnInvalidateR3*/, selmR3GuestLDTWriteHandler,
+                                             NULL /*pfnInvalidateR3*/, selmGuestLDTWriteHandler,
                                              "selmRCGuestLDTWritePfHandler",
                                              "Guest LDT write access handler", &pVM->selm.s.hGuestLdtWriteHandlerType);
         AssertRCReturn(rc, rc);
         rc = PGMR3HandlerVirtualTypeRegister(pVM, PGMVIRTHANDLERKIND_WRITE, false /*fRelocUserRC*/,
-                                             NULL /*pfnInvalidateR3*/, selmR3GuestTSSWriteHandler,
+                                             NULL /*pfnInvalidateR3*/, selmGuestTSSWriteHandler,
                                              "selmRCGuestTSSWritePfHandler",
                                              "Guest TSS write access handler", &pVM->selm.s.hGuestTssWriteHandlerType);
@@ -1479 +1476 @@
 }
 
-#endif /*VBOX_WITH_RAW_MODE*/
-
-#ifdef SELM_TRACK_GUEST_GDT_CHANGES
-/**
- * \#PF Handler callback for virtual access handler ranges.
- *
- * Important to realize that a physical page in a range can have aliases, and
- * for ALL and WRITE handlers these will also trigger.
- *
- * @returns VINF_SUCCESS if the handler have carried out the operation.
- * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
- * @param   pVM             Pointer to the VM.
- * @param   pVCpu           Pointer to the cross context CPU context for the
- *                          calling EMT.
- * @param   GCPtr           The virtual address the guest is writing to. (not correct if it's an alias!)
- * @param   pvPtr           The HC mapping of that address.
- * @param   pvBuf           What the guest is reading/writing.
- * @param   cbBuf           How much it's reading/writing.
- * @param   enmAccessType   The access type.
- * @param   enmOrigin       Who is making this write.
- * @param   pvUser          Unused.
- */
-static DECLCALLBACK(int) selmR3GuestGDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                                    PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
-{
-    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
-    Log(("selmR3GuestGDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
-    NOREF(pvPtr); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
-
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_GDT);
-    return VINF_PGM_HANDLER_DO_DEFAULT;
-}
-#endif
-
-#ifdef SELM_TRACK_GUEST_LDT_CHANGES
-/**
- * \#PF Handler callback for virtual access handler ranges.
- *
- * Important to realize that a physical page in a range can have aliases, and
- * for ALL and WRITE handlers these will also trigger.
- *
- * @returns VINF_SUCCESS if the handler have carried out the operation.
- * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
- * @param   pVM             Pointer to the VM.
- * @param   pVCpu           Pointer to the cross context CPU context for the
- *                          calling EMT.
- * @param   GCPtr           The virtual address the guest is writing to. (not correct if it's an alias!)
- * @param   pvPtr           The HC mapping of that address.
- * @param   pvBuf           What the guest is reading/writing.
- * @param   cbBuf           How much it's reading/writing.
- * @param   enmAccessType   The access type.
- * @param   enmOrigin       Who is making this write.
- * @param   pvUser          Unused.
- */
-static DECLCALLBACK(int) selmR3GuestLDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                                    PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
-{
-    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
-    Log(("selmR3GuestLDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
-    NOREF(pvPtr); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
-
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_LDT);
-    return VINF_PGM_HANDLER_DO_DEFAULT;
-}
-#endif
-
-
-#ifdef SELM_TRACK_GUEST_TSS_CHANGES
-/**
- * \#PF Handler callback for virtual access handler ranges.
- *
- * Important to realize that a physical page in a range can have aliases, and
- * for ALL and WRITE handlers these will also trigger.
- *
- * @returns VINF_SUCCESS if the handler have carried out the operation.
- * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
- * @param   pVM             Pointer to the VM.
- * @param   pVCpu           Pointer to the cross context CPU context for the
- *                          calling EMT.
- * @param   GCPtr           The virtual address the guest is writing to. (not correct if it's an alias!)
- * @param   pvPtr           The HC mapping of that address.
- * @param   pvBuf           What the guest is reading/writing.
- * @param   cbBuf           How much it's reading/writing.
- * @param   enmAccessType   The access type.
- * @param   enmOrigin       Who is making this write.
- * @param   pvUser          Unused.
- */
-static DECLCALLBACK(int) selmR3GuestTSSWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                                    PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
-{
-    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
-    Log(("selmR3GuestTSSWriteHandler: write %.*Rhxs to %RGv size %d\n", RT_MIN(8, cbBuf), pvBuf, GCPtr, cbBuf));
-    NOREF(pvBuf); NOREF(GCPtr); NOREF(cbBuf); NOREF(enmOrigin); NOREF(pvUser); NOREF(pvPtr);
-
-    /** @todo This can be optimized by checking for the ESP0 offset and tracking TR
-     *        reloads in REM (setting VM_FF_SELM_SYNC_TSS if TR is reloaded). We
-     *        should probably also deregister the virtual handler if TR.base/size
-     *        changes while we're in REM. */
-
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
-    return VINF_PGM_HANDLER_DO_DEFAULT;
-}
-#endif
-
-#ifdef VBOX_WITH_RAW_MODE
 
 /**
@@ -1835 +1727 @@
 VMMR3DECL(int) SELMR3DebugCheck(PVM pVM)
 {
-#ifdef VBOX_STRICT
+# ifdef VBOX_STRICT
     PVMCPU pVCpu = VMMGetCpu(pVM);
     AssertReturn(!HMIsEnabled(pVM), VERR_SELM_HM_IPE);
@@ -1956 +1848 @@
     }
 
-#else  /* !VBOX_STRICT */
+# else  /* !VBOX_STRICT */
     NOREF(pVM);
-#endif /* !VBOX_STRICT */
+# endif /* !VBOX_STRICT */
 
     return VINF_SUCCESS;
@@ -1973 +1865 @@
 VMMR3DECL(bool) SELMR3CheckTSS(PVM pVM)
 {
-#if defined(VBOX_STRICT) && defined(SELM_TRACK_GUEST_TSS_CHANGES)
+# if defined(VBOX_STRICT) && defined(SELM_TRACK_GUEST_TSS_CHANGES)
     PVMCPU pVCpu = VMMGetCpu(pVM);
 
@@ -2099 +1991 @@
     return true;
 
-#else  /* !VBOX_STRICT */
+# else  /* !VBOX_STRICT */
     NOREF(pVM);
     return true;
-#endif /* !VBOX_STRICT */
+# endif /* !VBOX_STRICT */
 }
 

trunk/src/VBox/VMM/VMMR3/TRPM.cpp

@@ -424 +424 @@
 
 
-#ifdef VBOX_WITH_RAW_MODE
-/** Enable or disable tracking of Guest's IDT. */
-# define TRPM_TRACK_GUEST_IDT_CHANGES
-/** Enable or disable tracking of Shadow IDT. */
-# define TRPM_TRACK_SHADOW_IDT_CHANGES
-#endif
-
 /** TRPM saved state version. */
 #define TRPM_SAVED_STATE_VERSION        9
@@ -441 +434 @@
 static DECLCALLBACK(int) trpmR3Save(PVM pVM, PSSMHANDLE pSSM);
 static DECLCALLBACK(int) trpmR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass);
-#ifdef TRPM_TRACK_GUEST_IDT_CHANGES
-static FNPGMR3VIRTHANDLER trpmR3GuestIDTWriteHandler;
-#endif
 
 
@@ -523 +513 @@
 # endif
         rc = PGMR3HandlerVirtualTypeRegister(pVM, PGMVIRTHANDLERKIND_WRITE, false /*fRelocUserRC*/,
-                                             NULL /*pfnInvalidateR3*/, trpmR3GuestIDTWriteHandler,
+                                             NULL /*pfnInvalidateR3*/, trpmGuestIDTWriteHandler,
                                              "trpmRCGuestIDTWritePfHandler",
                                              "Guest IDT write access handler", &pVM->trpm.s.hGuestIdtWriteHandlerType);
@@ -1169 +1159 @@
     return VINF_SUCCESS;
 }
-
-
-# ifdef TRPM_TRACK_GUEST_IDT_CHANGES
-/**
- * \#PF Handler callback for virtual access handler ranges.
- *
- * Important to realize that a physical page in a range can have aliases, and
- * for ALL and WRITE handlers these will also trigger.
- *
- * @returns VINF_SUCCESS if the handler have carried out the operation.
- * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
- * @param   pVM             Pointer to the VM.
- * @param   pVCpu           Pointer to the cross context CPU context for the
- *                          calling EMT.
- * @param   GCPtr           The virtual address the guest is writing to. (not correct if it's an alias!)
- * @param   pvPtr           The HC mapping of that address.
- * @param   pvBuf           What the guest is reading/writing.
- * @param   cbBuf           How much it's reading/writing.
- * @param   enmAccessType   The access type.
- * @param   enmOrigin       The origin of this call.
- * @param   pvUser          User argument.
- */
-static DECLCALLBACK(int) trpmR3GuestIDTWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
-                                                    PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
-{
-    Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
-    Log(("trpmR3GuestIDTWriteHandler: write to %RGv size %d\n", GCPtr, cbBuf)); NOREF(GCPtr); NOREF(cbBuf);
-    NOREF(pvPtr); NOREF(pvUser); NOREF(pvBuf); NOREF(enmOrigin); NOREF(pvUser);
-    Assert(!HMIsEnabled(pVM));
-
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_TRPM_SYNC_IDT);
-    return VINF_PGM_HANDLER_DO_DEFAULT;
-}
-# endif /* TRPM_TRACK_GUEST_IDT_CHANGES */
 
 

trunk/src/VBox/VMM/VMMRC/CSAMRC.cpp

@@ -67 +67 @@
  * @param   pvUser      Ignored.
  */
-DECLEXPORT(int) csamRCCodePageWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                             RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+DECLEXPORT(VBOXSTRICTRC) csamRCCodePageWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                      RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     PPATMGCSTATE pPATMGCState;

trunk/src/VBox/VMM/VMMRC/PATMRC.cpp

@@ -60 +60 @@
  * @param   pvUser      The physical address of the guest page being monitored.
  */
-DECLEXPORT(int) patmRCVirtPagePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                        RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+DECLEXPORT(VBOXSTRICTRC) patmRCVirtPagePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                 RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     NOREF(pVCpu); NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange);

trunk/src/VBox/VMM/VMMRC/SELMRC.cpp

@@ -48 +48 @@
 
 #ifdef SELM_TRACK_GUEST_GDT_CHANGES
+
 /**
  * Synchronizes one GDT entry (guest -> shadow).
@@ -53 +54 @@
  * @returns VBox strict status code (appropriate for trap handling and GC
  *          return).
+ * @retval  VINF_SUCCESS
  * @retval  VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT
  * @retval  VINF_SELM_SYNC_GDT
- * @retval  VINF_EM_RESCHEDULE_REM
  *
  * @param   pVM         Pointer to the VM.
  * @param   pVCpu       The current virtual CPU.
- * @param   pRegFrame   Trap register frame.
+ * @param   pCtx        CPU context for the current CPU.
  * @param   iGDTEntry   The GDT entry to sync.
  *
  * @remarks Caller checks that this isn't the LDT entry!
  */
-static VBOXSTRICTRC selmRCSyncGDTEntry(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, unsigned iGDTEntry)
+static VBOXSTRICTRC selmRCSyncGDTEntry(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, unsigned iGDTEntry)
 {
     Log2(("GDT %04X LDTR=%04X\n", iGDTEntry, CPUMGetGuestLDTR(pVCpu)));
@@ -90 +91 @@
             VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_GDT);
             VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3); /* paranoia */
-            return VINF_EM_RESCHEDULE_REM;
+            /* return VINF_EM_RESCHEDULE_REM; - bad idea if we're in a patch. */
+            return VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT;
         }
     }
@@ -136 +138 @@
      */
     VBOXSTRICTRC rcStrict = VINF_SUCCESS;
-    PCPUMCTX     pCtx     = CPUMQueryGuestCtxPtr(pVCpu); Assert(CPUMCTX2CORE(pCtx) == pRegFrame);
     PCPUMSELREG  paSReg   = CPUMCTX_FIRST_SREG(pCtx);
     for (unsigned iSReg = 0; iSReg <= X86_SREG_COUNT; iSReg++)
@@ -180 +181 @@
  * @param   pVM         Pointer to the VM.
  * @param   pVCpu       The current virtual CPU.
- * @param   pRegFrame   Trap register frame.
+ * @param   pCtx        The CPU context.
  * @param   iGDTEntry   The GDT entry to sync.
  */
-static void selmRCSyncGDTSegRegs(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, unsigned iGDTEntry)
+void selmRCSyncGdtSegRegs(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, unsigned iGDTEntry)
 {
     /*
@@ -200 +201 @@
     PCX86DESC       pDesc    = &pVM->selm.s.CTX_SUFF(paGdt)[iGDTEntry];
     uint32_t        uCpl     = CPUMGetGuestCPL(pVCpu);
-    PCPUMCTX        pCtx     = CPUMQueryGuestCtxPtr(pVCpu); Assert(CPUMCTX2CORE(pCtx) == pRegFrame);
     PCPUMSELREG     paSReg   = CPUMCTX_FIRST_SREG(pCtx);
     for (unsigned iSReg = 0; iSReg <= X86_SREG_COUNT; iSReg++)
@@ -219 +219 @@
         }
     }
-
-}
-
-
-/**
- * \#PF Virtual Handler callback for Guest write access to the Guest's own GDT.
- *
- * @returns VBox status code (appropriate for trap handling and GC return).
- * @param   pVM         Pointer to the VM.
- * @param   pVCpu       Pointer to the cross context CPU context for the
- *                      calling EMT.
- * @param   uErrorCode  CPU Error code.
- * @param   pRegFrame   Trap register frame.
- * @param   pvFault     The fault address (cr2).
- * @param   pvRange     The base address of the handled virtual range.
- * @param   offRange    The offset of the access into this range.
- *                      (If it's a EIP range this is the EIP, if not it's pvFault.)
- */
-DECLEXPORT(int) selmRCGuestGDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                             RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+}
+
+
+/**
+ * Syncs hidden selector register parts before emulating a GDT change.
+ *
+ * This is shared between the selmRCGuestGDTWritePfHandler and
+ * selmGuestGDTWriteHandler.
+ *
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pVCpu           Pointer to the cross context virtual CPU structure.
+ * @param   offGuestTss     The offset into the TSS of the write that was made.
+ * @param   cbWrite         The number of bytes written.
+ * @param   pCtx            The current CPU context.
+ */
+void selmRCGuestGdtPreWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestGdt, uint32_t cbWrite, PCPUMCTX pCtx)
+{
+    uint32_t       iGdt      = offGuestGdt >> X86_SEL_SHIFT;
+    uint32_t const iGdtLast  = (offGuestGdt + cbWrite - 1) >> X86_SEL_SHIFT;
+    do
+    {
+        selmRCSyncGdtSegRegs(pVM, pVCpu, pCtx, iGdt);
+        iGdt++;
+    } while (iGdt <= iGdtLast);
+}
+
+
+/**
+ * Checks the guest GDT for changes after a write has been emulated.
+ *
+ *
+ * This is shared between the selmRCGuestGDTWritePfHandler and
+ * selmGuestGDTWriteHandler.
+ *
+ * @retval  VINF_SUCCESS
+ * @retval  VINF_SELM_SYNC_GDT
+ * @retval  VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT
+ *
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pVCpu           Pointer to the cross context virtual CPU structure.
+ * @param   offGuestTss     The offset into the TSS of the write that was made.
+ * @param   cbWrite         The number of bytes written.
+ * @param   pCtx            The current CPU context.
+ */
+VBOXSTRICTRC selmRCGuestGdtPostWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestGdt, uint32_t cbWrite, PCPUMCTX pCtx)
+{
+    VBOXSTRICTRC rcStrict = VINF_SUCCESS;
+
+    /* Check if the LDT was in any way affected.  Do not sync the
+       shadow GDT if that's the case or we might have trouble in
+       the world switcher (or so they say). */
+    uint32_t const iGdtFirst = offGuestGdt >> X86_SEL_SHIFT;
+    uint32_t const iGdtLast  = (offGuestGdt + cbWrite - 1) >> X86_SEL_SHIFT;
+    uint32_t const iLdt      = CPUMGetGuestLDTR(pVCpu) >> X86_SEL_SHIFT;
+    if (iGdtFirst <= iLdt && iGdtLast >= iLdt)
+    {
+        Log(("LDTR selector change -> fall back to HC!!\n"));
+        VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_GDT);
+        rcStrict = VINF_SELM_SYNC_GDT;
+        /** @todo Implement correct stale LDT handling.  */
+    }
+    else
+    {
+        /* Sync the shadow GDT and continue provided the update didn't
+           cause any segment registers to go stale in any way. */
+        uint32_t iGdt = iGdtFirst;
+        do
+        {
+            VBOXSTRICTRC rcStrict2 = selmRCSyncGDTEntry(pVM, pVCpu, pCtx, iGdt);
+            Assert(rcStrict2 == VINF_SUCCESS || rcStrict2 == VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT || rcStrict2 == VINF_SELM_SYNC_GDT);
+            if (rcStrict == VINF_SUCCESS)
+                rcStrict = rcStrict2;
+            iGdt++;
+        } while (   iGdt <= iGdtLast
+                 && (rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT));
+        if (rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT)
+            STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTHandled);
+    }
+    return rcStrict;
+}
+
+
+/**
+ * @callback_method_impl{FNPGMVIRTHANDLER, Guest GDT write access \#PF handler }
+ */
+DECLEXPORT(VBOXSTRICTRC) selmRCGuestGDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                      RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     LogFlow(("selmRCGuestGDTWritePfHandler errcode=%x fault=%RGv offRange=%08x\n", (uint32_t)uErrorCode, pvFault, offRange));
@@ -246 +313 @@
      * Check if any selectors might be affected.
      */
-    unsigned const iGDTE1 = offRange >> X86_SEL_SHIFT;
-    selmRCSyncGDTSegRegs(pVM, pVCpu, pRegFrame, iGDTE1);
-    if (((offRange + 8) >> X86_SEL_SHIFT) != iGDTE1)
-        selmRCSyncGDTSegRegs(pVM, pVCpu, pRegFrame, iGDTE1 + 1);
+    selmRCGuestGdtPreWriteCheck(pVM, pVCpu, offRange, 8 /*cbWrite*/, CPUMCTX_FROM_CORE(pRegFrame));
 
     /*
@@ -257 +321 @@
     VBOXSTRICTRC rcStrict = EMInterpretInstructionEx(pVCpu, pRegFrame, (RTGCPTR)(RTRCUINTPTR)pvFault, &cb);
     if (RT_SUCCESS(rcStrict) && cb)
-    {
-        /* Check if the LDT was in any way affected.  Do not sync the
-           shadow GDT if that's the case or we might have trouble in
-           the world switcher (or so they say). */
-        unsigned const iLdt   = CPUMGetGuestLDTR(pVCpu) >> X86_SEL_SHIFT;
-        unsigned const iGDTE2 = (offRange + cb - 1) >> X86_SEL_SHIFT;
-        if (   iGDTE1 == iLdt
-            || iGDTE2 == iLdt)
-        {
-            Log(("LDTR selector change -> fall back to HC!!\n"));
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_GDT);
-            rcStrict = VINF_SELM_SYNC_GDT;
-            /** @todo Implement correct stale LDT handling.  */
-        }
-        else
-        {
-            /* Sync the shadow GDT and continue provided the update didn't
-               cause any segment registers to go stale in any way. */
-            VBOXSTRICTRC rcStrict2 = selmRCSyncGDTEntry(pVM, pVCpu, pRegFrame, iGDTE1);
-            if (rcStrict2 == VINF_SUCCESS || rcStrict2 == VINF_EM_RESCHEDULE_REM)
-            {
-                if (rcStrict == VINF_SUCCESS)
-                    rcStrict = rcStrict2;
-
-                if (iGDTE1 != iGDTE2)
-                {
-                    rcStrict2 = selmRCSyncGDTEntry(pVM, pVCpu, pRegFrame, iGDTE2);
-                    if (rcStrict == VINF_SUCCESS)
-                        rcStrict = rcStrict2;
-                }
-
-                if (rcStrict2 == VINF_SUCCESS || rcStrict2 == VINF_EM_RESCHEDULE_REM)
-                {
-                    /* VINF_EM_RESCHEDULE_REM - bad idea if we're in a patch. */
-                    if (rcStrict2 == VINF_EM_RESCHEDULE_REM)
-                        rcStrict = VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT;
-                    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTHandled);
-                    return VBOXSTRICTRC_TODO(rcStrict);
-                }
-            }
-
-            /* sync failed, return to ring-3 and resync the GDT. */
-            if (rcStrict == VINF_SUCCESS || RT_FAILURE(rcStrict2))
-                rcStrict = rcStrict2;
-        }
-    }
+        rcStrict = selmRCGuestGdtPostWriteCheck(pVM, pVCpu, offRange, cb, CPUMCTX_FROM_CORE(pRegFrame));
     else
     {
@@ -311 +330 @@
     }
 
-    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTUnhandled);
-    return VBOXSTRICTRC_TODO(rcStrict);
-}
+    if (!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT))
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTHandled);
+    else
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestGDTUnhandled);
+    return rcStrict;
+}
+
 #endif /* SELM_TRACK_GUEST_GDT_CHANGES */
 
-
 #ifdef SELM_TRACK_GUEST_LDT_CHANGES
 /**
- * \#PF Virtual Handler callback for Guest write access to the Guest's own LDT.
+ * @callback_method_impl{FNPGMVIRTHANDLER, Guest LDT write access \#PF handler }
+ */
+DECLEXPORT(VBOXSTRICTRC) selmRCGuestLDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                      RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+{
+    /** @todo To be implemented... or not. */
+    ////LogCom(("selmRCGuestLDTWriteHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
+    NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange); NOREF(pvUser);
+
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_LDT);
+    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestLDT);
+    return VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT;
+}
+#endif
+
+
+#ifdef SELM_TRACK_GUEST_TSS_CHANGES
+
+/**
+ * Read wrapper used by selmRCGuestTSSWriteHandler.
+ * @returns VBox status code (appropriate for trap handling and GC return).
+ * @param   pVM         Pointer to the VM.
+ * @param   pvDst       Where to put the bits we read.
+ * @param   pvSrc       Guest address to read from.
+ * @param   cb          The number of bytes to read.
+ */
+DECLINLINE(int) selmRCReadTssBits(PVM pVM, PVMCPU pVCpu, void *pvDst, void const *pvSrc, size_t cb)
+{
+    int rc = MMGCRamRead(pVM, pvDst, (void *)pvSrc, cb);
+    if (RT_SUCCESS(rc))
+        return VINF_SUCCESS;
+
+    /** @todo use different fallback?    */
+    rc = PGMPrefetchPage(pVCpu, (uintptr_t)pvSrc);
+    AssertMsg(rc == VINF_SUCCESS, ("PGMPrefetchPage %p failed with %Rrc\n", &pvSrc, rc));
+    if (rc == VINF_SUCCESS)
+    {
+        rc = MMGCRamRead(pVM, pvDst, (void *)pvSrc, cb);
+        AssertMsg(rc == VINF_SUCCESS, ("MMGCRamRead %p failed with %Rrc\n", &pvSrc, rc));
+    }
+    return rc;
+}
+
+
+/**
+ * Checks the guest TSS for changes after a write has been emulated.
+ *
+ * This is shared between the
+ *
+ * @returns Strict VBox status code appropriate for raw-mode returns.
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pVCpu           Pointer to the cross context virtual CPU structure.
+ * @param   offGuestTss     The offset into the TSS of the write that was made.
+ * @param   cbWrite         The number of bytes written.
+ */
+VBOXSTRICTRC selmRCGuestTssPostWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestTss, uint32_t cbWrite)
+{
+    VBOXSTRICTRC rcStrict = VINF_SUCCESS;
+
+    /*
+     * If it's on the same page as the esp0 and ss0 fields or actually one of them,
+     * then check if any of these has changed.
+     */
+/** @todo just read the darn fields and put them on the stack. */
+    PCVBOXTSS pGuestTss = (PVBOXTSS)(uintptr_t)pVM->selm.s.GCPtrGuestTss;
+    if (   PAGE_ADDRESS(&pGuestTss->esp0) == PAGE_ADDRESS(&pGuestTss->padding_ss0)
+        && PAGE_ADDRESS(&pGuestTss->esp0) == PAGE_ADDRESS((uint8_t *)pGuestTss + offGuestTss)
+        && (   pGuestTss->esp0 !=  pVM->selm.s.Tss.esp1
+            || pGuestTss->ss0  != (pVM->selm.s.Tss.ss1 & ~1)) /* undo raw-r0 */
+       )
+    {
+        Log(("selmRCGuestTSSWritePfHandler: R0 stack: %RTsel:%RGv -> %RTsel:%RGv\n",
+             (RTSEL)(pVM->selm.s.Tss.ss1 & ~1), (RTGCPTR)pVM->selm.s.Tss.esp1, (RTSEL)pGuestTss->ss0, (RTGCPTR)pGuestTss->esp0));
+        pVM->selm.s.Tss.esp1 = pGuestTss->esp0;
+        pVM->selm.s.Tss.ss1  = pGuestTss->ss0 | 1;
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
+    }
+# ifdef VBOX_WITH_RAW_RING1
+    else if (   EMIsRawRing1Enabled(pVM)
+             && PAGE_ADDRESS(&pGuestTss->esp1) == PAGE_ADDRESS(&pGuestTss->padding_ss1)
+             && PAGE_ADDRESS(&pGuestTss->esp1) == PAGE_ADDRESS((uint8_t *)pGuestTss + offGuestTss)
+             && (   pGuestTss->esp1 !=  pVM->selm.s.Tss.esp2
+                 || pGuestTss->ss1  != ((pVM->selm.s.Tss.ss2 & ~2) | 1)) /* undo raw-r1 */
+            )
+    {
+        Log(("selmRCGuestTSSWritePfHandler: R1 stack: %RTsel:%RGv -> %RTsel:%RGv\n",
+             (RTSEL)((pVM->selm.s.Tss.ss2 & ~2) | 1), (RTGCPTR)pVM->selm.s.Tss.esp2, (RTSEL)pGuestTss->ss1, (RTGCPTR)pGuestTss->esp1));
+        pVM->selm.s.Tss.esp2 = pGuestTss->esp1;
+        pVM->selm.s.Tss.ss2  = (pGuestTss->ss1 & ~1) | 2;
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
+    }
+# endif
+    /* Handle misaligned TSS in a safe manner (just in case). */
+    else if (   offGuestTss >= RT_UOFFSETOF(VBOXTSS, esp0)
+             && offGuestTss < RT_UOFFSETOF(VBOXTSS, padding_ss0))
+    {
+        struct
+        {
+            uint32_t esp0;
+            uint16_t ss0;
+            uint16_t padding_ss0;
+        } s;
+        AssertCompileSize(s, 8);
+        rcStrict = selmRCReadTssBits(pVM, pVCpu, &s, &pGuestTss->esp0, sizeof(s));
+        if (   rcStrict == VINF_SUCCESS
+            && (    s.esp0 !=  pVM->selm.s.Tss.esp1
+                ||  s.ss0  != (pVM->selm.s.Tss.ss1 & ~1)) /* undo raw-r0 */
+           )
+        {
+            Log(("selmRCGuestTSSWritePfHandler: R0 stack: %RTsel:%RGv -> %RTsel:%RGv [x-page]\n",
+                 (RTSEL)(pVM->selm.s.Tss.ss1 & ~1), (RTGCPTR)pVM->selm.s.Tss.esp1, (RTSEL)s.ss0, (RTGCPTR)s.esp0));
+            pVM->selm.s.Tss.esp1 = s.esp0;
+            pVM->selm.s.Tss.ss1  = s.ss0 | 1;
+            STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
+        }
+    }
+
+    /*
+     * If VME is enabled we need to check if the interrupt redirection bitmap
+     * needs updating.
+     */
+    if (   offGuestTss >= RT_UOFFSETOF(VBOXTSS, offIoBitmap)
+        && (CPUMGetGuestCR4(pVCpu) & X86_CR4_VME))
+    {
+        if (offGuestTss - RT_UOFFSETOF(VBOXTSS, offIoBitmap) < sizeof(pGuestTss->offIoBitmap))
+        {
+            uint16_t offIoBitmap = pGuestTss->offIoBitmap;
+            if (offIoBitmap != pVM->selm.s.offGuestIoBitmap)
+            {
+                Log(("TSS offIoBitmap changed: old=%#x new=%#x -> resync in ring-3\n", pVM->selm.s.offGuestIoBitmap, offIoBitmap));
+                VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
+                VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
+            }
+            else
+                Log(("TSS offIoBitmap: old=%#x new=%#x [unchanged]\n", pVM->selm.s.offGuestIoBitmap, offIoBitmap));
+        }
+        else
+        {
+            /** @todo not sure how the partial case is handled; probably not allowed */
+            uint32_t offIntRedirBitmap = pVM->selm.s.offGuestIoBitmap - sizeof(pVM->selm.s.Tss.IntRedirBitmap);
+            if (   offIntRedirBitmap <= offGuestTss
+                && offIntRedirBitmap + sizeof(pVM->selm.s.Tss.IntRedirBitmap) >= offGuestTss + cbWrite
+                && offIntRedirBitmap + sizeof(pVM->selm.s.Tss.IntRedirBitmap) <= pVM->selm.s.cbGuestTss)
+            {
+                Log(("TSS IntRedirBitmap Changed: offIoBitmap=%x offIntRedirBitmap=%x cbTSS=%x offGuestTss=%x cbWrite=%x\n",
+                     pVM->selm.s.offGuestIoBitmap, offIntRedirBitmap, pVM->selm.s.cbGuestTss, offGuestTss, cbWrite));
+
+                /** @todo only update the changed part. */
+                for (uint32_t i = 0; rcStrict == VINF_SUCCESS && i < sizeof(pVM->selm.s.Tss.IntRedirBitmap) / 8; i++)
+                    rcStrict = selmRCReadTssBits(pVM, pVCpu, &pVM->selm.s.Tss.IntRedirBitmap[i * 8],
+                                                 (uint8_t *)pGuestTss + offIntRedirBitmap + i * 8, 8);
+                STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSRedir);
+            }
+        }
+    }
+
+    /*
+     * Return to ring-3 for a full resync if any of the above fails... (?)
+     */
+    if (rcStrict != VINF_SUCCESS)
+    {
+        VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
+        VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
+        if (RT_SUCCESS(rcStrict))
+            rcStrict = VINF_SUCCESS;
+    }
+
+    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandled);
+    return rcStrict;
+}
+
+
+/**
+ * @callback_method_impl{FNPGMVIRTHANDLER, Guest TSS write access \#PF handler}
+ */
+DECLEXPORT(VBOXSTRICTRC) selmRCGuestTSSWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                      RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+{
+    LogFlow(("selmRCGuestTSSWritePfHandler errcode=%x fault=%RGv offRange=%08x\n", (uint32_t)uErrorCode, pvFault, offRange));
+    NOREF(pvRange); NOREF(pvUser);
+
+    /*
+     * Try emulate the access.
+     */
+    uint32_t cb;
+    VBOXSTRICTRC rcStrict = EMInterpretInstructionEx(pVCpu, pRegFrame, (RTGCPTR)(RTRCUINTPTR)pvFault, &cb);
+    if (   RT_SUCCESS(rcStrict)
+        && cb)
+        rcStrict = selmRCGuestTssPostWriteCheck(pVM, pVCpu, offRange, cb);
+    else
+    {
+        AssertMsg(RT_FAILURE(rcStrict), ("cb=%u rcStrict=%#x\n", cb, VBOXSTRICTRC_VAL(rcStrict)));
+        VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
+        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSUnhandled);
+        if (rcStrict == VERR_EM_INTERPRETER)
+            rcStrict = VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT;
+    }
+    return rcStrict;
+}
+
+#endif /* SELM_TRACK_GUEST_TSS_CHANGES */
+
+#ifdef SELM_TRACK_SHADOW_GDT_CHANGES
+/**
+ * \#PF Virtual Handler callback for Guest write access to the VBox shadow GDT.
  *
  * @returns VBox status code (appropriate for trap handling and GC return).
@@ -333 +559 @@
  * @param   pvUser      Unused.
  */
-DECLEXPORT(int) selmRCGuestLDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                             RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
-{
-    /** @todo To be implemented. */
-    ////LogCom(("selmRCGuestLDTWriteHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
-    NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange); NOREF(pvUser);
-
-    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_LDT);
-    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestLDT);
-    return VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT;
+DECLEXPORT(VBOXSTRICTRC) selmRCShadowGDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                       RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+{
+    LogRel(("FATAL ERROR: selmRCShadowGDTWritePfHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
+    NOREF(pVM); NOREF(pVCpu); NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange); NOREF(pvUser);
+    return VERR_SELM_SHADOW_GDT_WRITE;
 }
 #endif
 
 
-#ifdef SELM_TRACK_GUEST_TSS_CHANGES
-/**
- * Read wrapper used by selmRCGuestTSSWriteHandler.
- * @returns VBox status code (appropriate for trap handling and GC return).
- * @param   pVM         Pointer to the VM.
- * @param   pvDst       Where to put the bits we read.
- * @param   pvSrc       Guest address to read from.
- * @param   cb          The number of bytes to read.
- */
-DECLINLINE(int) selmRCReadTssBits(PVM pVM, void *pvDst, void const *pvSrc, size_t cb)
-{
-    PVMCPU pVCpu = VMMGetCpu0(pVM);
-
-    int rc = MMGCRamRead(pVM, pvDst, (void *)pvSrc, cb);
-    if (RT_SUCCESS(rc))
-        return VINF_SUCCESS;
-
-    /** @todo use different fallback?    */
-    rc = PGMPrefetchPage(pVCpu, (uintptr_t)pvSrc);
-    AssertMsg(rc == VINF_SUCCESS, ("PGMPrefetchPage %p failed with %Rrc\n", &pvSrc, rc));
-    if (rc == VINF_SUCCESS)
-    {
-        rc = MMGCRamRead(pVM, pvDst, (void *)pvSrc, cb);
-        AssertMsg(rc == VINF_SUCCESS, ("MMGCRamRead %p failed with %Rrc\n", &pvSrc, rc));
-    }
-    return rc;
-}
-
-/**
- * \#PF Virtual Handler callback for Guest write access to the Guest's own current TSS.
- *
- * @returns VBox status code (appropriate for trap handling and GC return).
- * @param   pVM         Pointer to the VM.
- * @param   pVCpu       Pointer to the cross context CPU context for the
- *                      calling EMT.
- * @param   uErrorCode  CPU Error code.
- * @param   pRegFrame   Trap register frame.
- * @param   pvFault     The fault address (cr2).
- * @param   pvRange     The base address of the handled virtual range.
- * @param   offRange    The offset of the access into this range.
- *                      (If it's a EIP range this is the EIP, if not it's pvFault.)
- * @param   pvUser      Unused.
- */
-DECLEXPORT(int) selmRCGuestTSSWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                             RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
-{
-    LogFlow(("selmRCGuestTSSWritePfHandler errcode=%x fault=%RGv offRange=%08x\n", (uint32_t)uErrorCode, pvFault, offRange));
-    NOREF(pvRange); NOREF(pvUser);
-
-    /*
-     * Try emulate the access.
-     */
-    uint32_t cb;
-    VBOXSTRICTRC rcStrict = EMInterpretInstructionEx(pVCpu, pRegFrame, (RTGCPTR)(RTRCUINTPTR)pvFault, &cb);
-    if (   RT_SUCCESS(rcStrict)
-        && cb)
-    {
-        rcStrict = VINF_SUCCESS;
-
-        /*
-         * If it's on the same page as the esp0 and ss0 fields or actually one of them,
-         * then check if any of these has changed.
-         */
-        PCVBOXTSS pGuestTss = (PVBOXTSS)(uintptr_t)pVM->selm.s.GCPtrGuestTss;
-        if (    PAGE_ADDRESS(&pGuestTss->esp0) == PAGE_ADDRESS(&pGuestTss->padding_ss0)
-            &&  PAGE_ADDRESS(&pGuestTss->esp0) == PAGE_ADDRESS((uint8_t *)pGuestTss + offRange)
-            &&  (    pGuestTss->esp0 !=  pVM->selm.s.Tss.esp1
-                 ||  pGuestTss->ss0  != (pVM->selm.s.Tss.ss1 & ~1)) /* undo raw-r0 */
-           )
-        {
-            Log(("selmRCGuestTSSWritePfHandler: R0 stack: %RTsel:%RGv -> %RTsel:%RGv\n",
-                 (RTSEL)(pVM->selm.s.Tss.ss1 & ~1), (RTGCPTR)pVM->selm.s.Tss.esp1, (RTSEL)pGuestTss->ss0, (RTGCPTR)pGuestTss->esp0));
-            pVM->selm.s.Tss.esp1 = pGuestTss->esp0;
-            pVM->selm.s.Tss.ss1  = pGuestTss->ss0 | 1;
-            STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
-        }
-#ifdef VBOX_WITH_RAW_RING1
-        else if (    EMIsRawRing1Enabled(pVM)
-                 &&  PAGE_ADDRESS(&pGuestTss->esp1) == PAGE_ADDRESS(&pGuestTss->padding_ss1)
-                 &&  PAGE_ADDRESS(&pGuestTss->esp1) == PAGE_ADDRESS((uint8_t *)pGuestTss + offRange)
-                 &&  (    pGuestTss->esp1 !=  pVM->selm.s.Tss.esp2
-                      ||  pGuestTss->ss1  != ((pVM->selm.s.Tss.ss2 & ~2) | 1)) /* undo raw-r1 */
-                )
-        {
-            Log(("selmRCGuestTSSWritePfHandler: R1 stack: %RTsel:%RGv -> %RTsel:%RGv\n",
-                 (RTSEL)((pVM->selm.s.Tss.ss2 & ~2) | 1), (RTGCPTR)pVM->selm.s.Tss.esp2, (RTSEL)pGuestTss->ss1, (RTGCPTR)pGuestTss->esp1));
-            pVM->selm.s.Tss.esp2 = pGuestTss->esp1;
-            pVM->selm.s.Tss.ss2  = (pGuestTss->ss1 & ~1) | 2;
-            STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
-        }
-#endif
-        /* Handle misaligned TSS in a safe manner (just in case). */
-        else if (   offRange >= RT_UOFFSETOF(VBOXTSS, esp0)
-                 && offRange < RT_UOFFSETOF(VBOXTSS, padding_ss0))
-        {
-            struct
-            {
-                uint32_t esp0;
-                uint16_t ss0;
-                uint16_t padding_ss0;
-            } s;
-            AssertCompileSize(s, 8);
-            rcStrict = selmRCReadTssBits(pVM, &s, &pGuestTss->esp0, sizeof(s));
-            if (    rcStrict == VINF_SUCCESS
-                &&  (    s.esp0 !=  pVM->selm.s.Tss.esp1
-                     ||  s.ss0  != (pVM->selm.s.Tss.ss1 & ~1)) /* undo raw-r0 */
-               )
-            {
-                Log(("selmRCGuestTSSWritePfHandler: R0 stack: %RTsel:%RGv -> %RTsel:%RGv [x-page]\n",
-                     (RTSEL)(pVM->selm.s.Tss.ss1 & ~1), (RTGCPTR)pVM->selm.s.Tss.esp1, (RTSEL)s.ss0, (RTGCPTR)s.esp0));
-                pVM->selm.s.Tss.esp1 = s.esp0;
-                pVM->selm.s.Tss.ss1  = s.ss0 | 1;
-                STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandledChanged);
-            }
-        }
-
-        /*
-         * If VME is enabled we need to check if the interrupt redirection bitmap
-         * needs updating.
-         */
-        if (    offRange >= RT_UOFFSETOF(VBOXTSS, offIoBitmap)
-            &&  (CPUMGetGuestCR4(pVCpu) & X86_CR4_VME))
-        {
-            if (offRange - RT_UOFFSETOF(VBOXTSS, offIoBitmap) < sizeof(pGuestTss->offIoBitmap))
-            {
-                uint16_t offIoBitmap = pGuestTss->offIoBitmap;
-                if (offIoBitmap != pVM->selm.s.offGuestIoBitmap)
-                {
-                    Log(("TSS offIoBitmap changed: old=%#x new=%#x -> resync in ring-3\n", pVM->selm.s.offGuestIoBitmap, offIoBitmap));
-                    VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
-                    VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
-                }
-                else
-                    Log(("TSS offIoBitmap: old=%#x new=%#x [unchanged]\n", pVM->selm.s.offGuestIoBitmap, offIoBitmap));
-            }
-            else
-            {
-                /** @todo not sure how the partial case is handled; probably not allowed */
-                uint32_t offIntRedirBitmap = pVM->selm.s.offGuestIoBitmap - sizeof(pVM->selm.s.Tss.IntRedirBitmap);
-                if (   offIntRedirBitmap <= offRange
-                    && offIntRedirBitmap + sizeof(pVM->selm.s.Tss.IntRedirBitmap) >= offRange + cb
-                    && offIntRedirBitmap + sizeof(pVM->selm.s.Tss.IntRedirBitmap) <= pVM->selm.s.cbGuestTss)
-                {
-                    Log(("TSS IntRedirBitmap Changed: offIoBitmap=%x offIntRedirBitmap=%x cbTSS=%x offRange=%x cb=%x\n",
-                         pVM->selm.s.offGuestIoBitmap, offIntRedirBitmap, pVM->selm.s.cbGuestTss, offRange, cb));
-
-                    /** @todo only update the changed part. */
-                    for (uint32_t i = 0; i < sizeof(pVM->selm.s.Tss.IntRedirBitmap) / 8; i++)
-                    {
-                        rcStrict = selmRCReadTssBits(pVM, &pVM->selm.s.Tss.IntRedirBitmap[i * 8],
-                                                     (uint8_t *)pGuestTss + offIntRedirBitmap + i * 8, 8);
-                        if (rcStrict != VINF_SUCCESS)
-                            break;
-                    }
-                    STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSRedir);
-                }
-            }
-        }
-
-        /* Return to ring-3 for a full resync if any of the above fails... (?) */
-        if (rcStrict != VINF_SUCCESS)
-        {
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
-            VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
-            if (RT_SUCCESS(rcStrict))
-                rcStrict = VINF_SUCCESS;
-        }
-
-        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSHandled);
-    }
-    else
-    {
-        AssertMsg(RT_FAILURE(rcStrict), ("cb=%u rcStrict=%#x\n", cb, VBOXSTRICTRC_VAL(rcStrict)));
-        VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
-        STAM_COUNTER_INC(&pVM->selm.s.StatRCWriteGuestTSSUnhandled);
-        if (rcStrict == VERR_EM_INTERPRETER)
-            rcStrict = VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT;
-    }
-    return VBOXSTRICTRC_TODO(rcStrict);
-}
-#endif /* SELM_TRACK_GUEST_TSS_CHANGES */
-
-
-#ifdef SELM_TRACK_SHADOW_GDT_CHANGES
-/**
- * \#PF Virtual Handler callback for Guest write access to the VBox shadow GDT.
+#ifdef SELM_TRACK_SHADOW_LDT_CHANGES
+/**
+ * \#PF Virtual Handler callback for Guest write access to the VBox shadow LDT.
  *
  * @returns VBox status code (appropriate for trap handling and GC return).
@@ -546 +585 @@
  * @param   pvUser      Unused.
  */
-DECLEXPORT(int) selmRCShadowGDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                              RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
-{
-    LogRel(("FATAL ERROR: selmRCShadowGDTWritePfHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
+DECLEXPORT(VBOXSTRICTRC) selmRCShadowLDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                       RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+{
+    LogRel(("FATAL ERROR: selmRCShadowLDTWritePfHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
+    Assert(pvFault - (uintptr_t)pVM->selm.s.pvLdtRC < (unsigned)(65536U + PAGE_SIZE));
     NOREF(pVM); NOREF(pVCpu); NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange); NOREF(pvUser);
-    return VERR_SELM_SHADOW_GDT_WRITE;
+    return VERR_SELM_SHADOW_LDT_WRITE;
 }
 #endif
 
 
-#ifdef SELM_TRACK_SHADOW_LDT_CHANGES
-/**
- * \#PF Virtual Handler callback for Guest write access to the VBox shadow LDT.
+#ifdef SELM_TRACK_SHADOW_TSS_CHANGES
+/**
+ * \#PF Virtual Handler callback for Guest write access to the VBox shadow TSS.
  *
  * @returns VBox status code (appropriate for trap handling and GC return).
@@ -572 +612 @@
  * @param   pvUser      Unused.
  */
-DECLEXPORT(int) selmRCShadowLDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                              RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
-{
-    LogRel(("FATAL ERROR: selmRCShadowLDTWritePfHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));
-    Assert(pvFault - (uintptr_t)pVM->selm.s.pvLdtRC < (unsigned)(65536U + PAGE_SIZE));
-    NOREF(pVM); NOREF(pVCpu); NOREF(uErrorCode); NOREF(pRegFrame); NOREF(pvFault); NOREF(pvRange); NOREF(offRange); NOREF(pvUser);
-    return VERR_SELM_SHADOW_LDT_WRITE;
-}
-#endif
-
-
-#ifdef SELM_TRACK_SHADOW_TSS_CHANGES
-/**
- * \#PF Virtual Handler callback for Guest write access to the VBox shadow TSS.
- *
- * @returns VBox status code (appropriate for trap handling and GC return).
- * @param   pVM         Pointer to the VM.
- * @param   pVCpu       Pointer to the cross context CPU context for the
- *                      calling EMT.
- * @param   uErrorCode   CPU Error code.
- * @param   pRegFrame   Trap register frame.
- * @param   pvFault     The fault address (cr2).
- * @param   pvRange     The base address of the handled virtual range.
- * @param   offRange    The offset of the access into this range.
- *                      (If it's a EIP range this is the EIP, if not it's pvFault.)
- * @param   pvUser      Unused.
- */
-DECLEXPORT(int) selmRCShadowTSSWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                              RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+DECLEXPORT(VBOXSTRICTRC) selmRCShadowTSSWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                       RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     LogRel(("FATAL ERROR: selmRCShadowTSSWritePfHandler: eip=%08X pvFault=%RGv pvRange=%RGv\r\n", pRegFrame->eip, pvFault, pvRange));

trunk/src/VBox/VMM/VMMRC/TRPMRC.cpp

@@ -105 +105 @@
  * @param   pvUser      Unused.
  */
-DECLEXPORT(int) trpmRCGuestIDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                             RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+DECLEXPORT(VBOXSTRICTRC) trpmRCGuestIDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                      RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     uint16_t    cbIDT;
@@ -171 +171 @@
  * @param   pvUser      Unused.
  */
-DECLEXPORT(int) trpmRCShadowIDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
-                                              RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
+DECLEXPORT(VBOXSTRICTRC) trpmRCShadowIDTWritePfHandler(PVM pVM, PVMCPU pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                       RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange, void *pvUser)
 {
     LogRel(("FATAL ERROR: trpmRCShadowIDTWritePfHandler: eip=%08X pvFault=%RGv pvRange=%08RGv\r\n", pRegFrame->eip, pvFault, pvRange));

trunk/src/VBox/VMM/include/CSAMInternal.h

@@ -282 +282 @@
 }
 
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER)  csamCodePageWriteHandler;
 RT_C_DECLS_BEGIN
 DECLEXPORT(FNPGMRCVIRTPFHANDLER)    csamRCCodePageWritePfHandler;
 RT_C_DECLS_END
-PGM_ALL_CB2_DECL(FNPGMR3VIRTHANDLER)  csamCodePageWriteHandler;
-
-#endif
+
+#endif

trunk/src/VBox/VMM/include/PATMInternal.h

@@ -687 +687 @@
 void patmR3DbgAddPatch(PVM pVM, PPATMPATCHREC pPatchRec);
 
-PGM_ALL_CB2_DECL(FNPGMR3VIRTHANDLER) patmVirtPageHandler;
-
-#endif
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER) patmVirtPageHandler;
+
+#endif

trunk/src/VBox/VMM/include/PGMInternal.h

@@ -715 +715 @@
     R3PTRTYPE(PFNPGMR3VIRTINVALIDATE)   pfnInvalidateR3;
     /** Pointer to R3 callback function. */
-    R3PTRTYPE(PFNPGMR3VIRTHANDLER)      pfnHandlerR3;
+    R3PTRTYPE(PFNPGMVIRTHANDLER)        pfnHandlerR3;
     /** Description / Name. For easing debugging. */
     R3PTRTYPE(const char *)             pszDesc;

trunk/src/VBox/VMM/include/SELMInternal.h

@@ -230 +230 @@
 RT_C_DECLS_BEGIN
 
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCGuestGDTWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCGuestLDTWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCGuestTSSWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCShadowGDTWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCShadowLDTWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) selmRCShadowTSSWritePfHandler;
-
-void           selmSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER)  selmGuestGDTWriteHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCGuestGDTWritePfHandler;
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER)  selmGuestLDTWriteHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCGuestLDTWritePfHandler;
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER)  selmGuestTSSWriteHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCGuestTSSWritePfHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCShadowGDTWritePfHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCShadowLDTWritePfHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    selmRCShadowTSSWritePfHandler;
+
+void            selmRCSyncGdtSegRegs(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, unsigned iGDTEntry);
+void            selmRCGuestGdtPreWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestGdt, uint32_t cbWrite, PCPUMCTX pCtx);
+VBOXSTRICTRC    selmRCGuestGdtPostWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestTss, uint32_t cbWrite, PCPUMCTX pCtx);
+VBOXSTRICTRC    selmRCGuestTssPostWriteCheck(PVM pVM, PVMCPU pVCpu, uint32_t offGuestTss, uint32_t cbWrite);
+void            selmSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
 #ifdef VBOX_WITH_RAW_RING1
-void           selmSetRing2Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
+void            selmSetRing2Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
 #endif
 

trunk/src/VBox/VMM/include/TRPMInternal.h

@@ -25 +25 @@
 #include <VBox/vmm/pgm.h>
 
-
-
-/** Enable to allow trap forwarding in GC. */
-#ifdef VBOX_WITH_RAW_MODE
-# define TRPM_FORWARD_TRAPS_IN_GC
-#endif
-
-/** First interrupt handler. Used for validating input. */
-#define TRPM_HANDLER_INT_BASE  0x20
-
 RT_C_DECLS_BEGIN
 
@@ -43 +33 @@
  * @{
  */
+
+
+#ifdef VBOX_WITH_RAW_MODE
+/** Enable or disable tracking of Guest's IDT. */
+# define TRPM_TRACK_GUEST_IDT_CHANGES
+/** Enable or disable tracking of Shadow IDT. */
+# define TRPM_TRACK_SHADOW_IDT_CHANGES
+#endif
+
+
+/** Enable to allow trap forwarding in GC. */
+#ifdef VBOX_WITH_RAW_MODE
+# define TRPM_FORWARD_TRAPS_IN_GC
+#endif
+
+/** First interrupt handler. Used for validating input. */
+#define TRPM_HANDLER_INT_BASE  0x20
+
 
 /** @name   TRPMGCTrapIn* flags.
@@ -249 +257 @@
 
 
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) trpmRCGuestIDTWritePfHandler;
-DECLEXPORT(FNPGMRCVIRTPFHANDLER) trpmRCShadowIDTWritePfHandler;
+PGM_ALL_CB2_DECL(FNPGMVIRTHANDLER)  trpmGuestIDTWriteHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    trpmRCGuestIDTWritePfHandler;
+DECLEXPORT(FNPGMRCVIRTPFHANDLER)    trpmRCShadowIDTWritePfHandler;
 
 /**