Changeset 94838 in vbox for trunk/src/VBox

Timestamp:

May 5, 2022 10:29:49 AM (3 years ago)

Author:

vboxsync

Message:

VMM/IEM: More TLB work. bugref:9898

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (6 diffs)
• VMMAll/IEMAllCImplVmxInstr.cpp (modified) (1 diff)
• VMMR3/IEMR3.cpp (modified) (1 diff)
• include/IEMInline.h (modified) (4 diffs)
• include/IEMInternal.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -605 +605 @@
  * @param   pVCpu       The cross context virtual CPU structure of the calling
  *                      thread.
- * @note    Currently not used. 
+ * @note    Currently not used.
  */
 VMM_INT_DECL(void) IEMTlbInvalidateAllPhysical(PVMCPUCC pVCpu)
@@ -4138 +4138 @@
     return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_AC, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
 }
+
+#ifdef IEM_WITH_SETJMP
+/** \#AC(0) - 11, longjmp.  */
+DECL_NO_RETURN(void) iemRaiseAlignmentCheckExceptionJmp(PVMCPUCC pVCpu) RT_NOEXCEPT
+{
+    longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(iemRaiseAlignmentCheckException(pVCpu)));
+}
+#endif
 
 
@@ -5911 +5919 @@
      */
     /** @todo testcase: check when A and D bits are actually set by the CPU.  */
-    uint64_t const fTlbAccessedDirty = (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0) | IEMTLBE_F_PG_NO_ACCESSED;
+    uint64_t const fTlbAccessedDirty = (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0) | IEMTLBE_F_PT_NO_ACCESSED;
     if (pTlbe->fFlagsAndPhysRev & fTlbAccessedDirty)
     {
@@ -6175 +6183 @@
             && (fAccess & IEM_ACCESS_TYPE_WRITE)
             && (   (    pVCpu->iem.s.uCpl == 3
-                    && !(fAccess & IEM_ACCESS_WHAT_SYS))
+                    && !(fAccess & IEM_ACCESS_WHAT_SYS)) /** @todo check this. Not sure WP applies to all SYS writes... */
                 || (pVCpu->cpum.GstCtx.cr0 & X86_CR0_WP)))
         {
@@ -6205 +6213 @@
      */
     /** @todo testcase: check when A and D bits are actually set by the CPU.  */
-    uint64_t const fTlbAccessedDirty = (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0) | IEMTLBE_F_PG_NO_ACCESSED;
+    uint64_t const fTlbAccessedDirty = (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0) | IEMTLBE_F_PT_NO_ACCESSED;
     if (pTlbe->fFlagsAndPhysRev & fTlbAccessedDirty)
     {
@@ -6600 +6608 @@
 uint32_t iemMemFetchDataU32Jmp(PVMCPUCC pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem) RT_NOEXCEPT
 {
-# if 0 //def IEM_WITH_DATA_TLB
+# if defined(IEM_WITH_DATA_TLB) && defined(IN_RING3)
+    /*
+     * Convert from segmented to flat address and check that it doesn't cross a page boundrary.
+     */
     RTGCPTR GCPtrEff = iemMemApplySegmentToReadJmp(pVCpu, iSegReg, sizeof(uint32_t), GCPtrMem);
-    if (RT_LIKELY((GCPtrEff & X86_PAGE_OFFSET_MASK) <= X86_PAGE_SIZE - sizeof(uint32_t)))
-    {
-        /// @todo more soon...
-    }
-
+    if (RT_LIKELY((GCPtrEff & GUEST_PAGE_OFFSET_MASK) <= GUEST_PAGE_SIZE - sizeof(uint32_t)))
+    {
+        /*
+         * TLB lookup.
+         */
+        uint64_t uTag = ((GCPtrEff << 16) >> (X86_PAGE_SHIFT + 16));
+        Assert(!(uTag >> (48 - X86_PAGE_SHIFT)));
+        uTag         |= pVCpu->iem.s.DataTlb.uTlbRevision;
+        AssertCompile(RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries) == 256);
+        PIEMTLBENTRY const pTlbe = &pVCpu->iem.s.DataTlb.aEntries[(uint8_t)uTag];
+        if (pTlbe->uTag == uTag)
+        {
+            /*
+             * Check TLB page table level access flags.
+             */
+            uint64_t const fNoUser = pVCpu->iem.s.uCpl == 3 ? IEMTLBE_F_PT_NO_USER : 0;
+            if (   (pTlbe->fFlagsAndPhysRev & (  IEMTLBE_F_PHYS_REV       | IEMTLBE_F_PG_UNASSIGNED | IEMTLBE_F_PG_NO_READ
+                                               | IEMTLBE_F_PT_NO_ACCESSED | IEMTLBE_F_NO_MAPPINGR3  | fNoUser))
+                == pVCpu->iem.s.DataTlb.uTlbPhysRev)
+            {
+                STAM_STATS({pVCpu->iem.s.DataTlb.cTlbHits++;});
+
+                /*
+                 * Alignment check:
+                 */
+                /** @todo check priority \#AC vs \#PF */
+                if (   !(GCPtrEff & (sizeof(uint32_t) - 1))
+                    || !(pVCpu->cpum.GstCtx.cr0 & X86_CR0_AM)
+                    || !pVCpu->cpum.GstCtx.eflags.Bits.u1AC
+                    || pVCpu->iem.s.uCpl != 3)
+                {
+                    /*
+                     * Fetch and return the dword
+                     */
+                    Assert(pTlbe->pbMappingR3); /* (Only ever cleared by the owning EMT.) */
+                    Assert(!((uintptr_t)pTlbe->pbMappingR3 & GUEST_PAGE_OFFSET_MASK));
+                    return *(uint32_t const *)&pTlbe->pbMappingR3[GCPtrEff & GUEST_PAGE_OFFSET_MASK];
+                }
+                Log10(("iemMemFetchDataU32Jmp: Raising #AC for %RGv\n", GCPtrEff));
+                iemRaiseAlignmentCheckExceptionJmp(pVCpu);
+            }
+        }
+    }
+
+    /* Fall back on the slow careful approach in case of TLB miss, MMIO, exception
+       outdated page pointer, or other troubles. */
+    Log10(("iemMemFetchDataU32Jmp: %u:%RGv fallback\n", iSegReg, GCPtrMem));
     return iemMemFetchDataU32SafeJmp(pVCpu, iSegReg, GCPtrMem);
+
 # else
     /* The lazy approach. */

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp

@@ -64 +64 @@
 #  define IEM_DISP_GET_S32_SX_U64(a_pVCpu, a_u64Disp, a_offDisp)  do { a_u64Disp = 0; RT_NOREF(a_offDisp); } while (0)
 #  define IEM_DISP_GET_S8_SX_U64(a_pVCpu, a_u64Disp, a_offDisp)   do { a_u64Disp = 0; RT_NOREF(a_offDisp); } while (0)
-#  if 1
+#  if 0
 #   error "Implement me: Getting ModR/M, SIB, displacement needs to work even when instruction crosses a page boundary."
 #  endif

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -232 +232 @@
                     pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_EXEC      ? "NX" : " X",
                     pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_WRITE     ? "RO" : "RW",
-                    pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PG_NO_ACCESSED  ? "-"  : "A",
+                    pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_ACCESSED  ? "-"  : "A",
                     pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_DIRTY     ? "-"  : "D",
                     pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PG_NO_WRITE     ? "-"  : "w",

trunk/src/VBox/VMM/include/IEMInline.h

@@ -2339 +2339 @@
     if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
     {
-        if (iSegReg >= X86_SREG_FS)
+        if (iSegReg >= X86_SREG_FS && iSegReg != UINT8_MAX)
         {
             IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
@@ -2348 +2348 @@
         if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
             return GCPtrMem;
+        iemRaiseGeneralProtectionFault0Jmp(pVCpu);
     }
     /*
      * 16-bit and 32-bit segmentation.
      */
-    else
-    {
+    else if (iSegReg != UINT8_MAX)
+    {
+        /** @todo Does this apply to segments with 4G-1 limit? */
         uint32_t const GCPtrLast32 = (uint32_t)GCPtrMem + (uint32_t)cbMem - 1;
         if (RT_LIKELY(GCPtrLast32 >= (uint32_t)GCPtrMem))
@@ -2359 +2361 @@
             IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
             PCPUMSELREGHID const pSel = iemSRegGetHid(pVCpu, iSegReg);
-            switch (pSel->Attr.u & (X86DESCATTR_P | X86DESCATTR_UNUSABLE | X86_SEL_TYPE_CODE | X86_SEL_TYPE_DOWN))
+            switch (pSel->Attr.u & (  X86DESCATTR_P     | X86DESCATTR_UNUSABLE
+                                    | X86_SEL_TYPE_READ | X86_SEL_TYPE_WRITE /* same as read */
+                                    | X86_SEL_TYPE_DOWN | X86_SEL_TYPE_CONF  /* same as down */
+                                    | X86_SEL_TYPE_CODE))
             {
-                case X86DESCATTR_P:                                         /* data, expand up */
+                case X86DESCATTR_P:                                         /* readonly data, expand up */
+                case X86DESCATTR_P | X86_SEL_TYPE_WRITE:                    /* writable data, expand up */
                 case X86DESCATTR_P | X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ: /* code, read-only */
+                case X86DESCATTR_P | X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ | X86_SEL_TYPE_CONF: /* conforming code, read-only */
                     /* expand up */
                     if (RT_LIKELY(GCPtrLast32 <= pSel->u32Limit))
                         return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
+                    Log10(("iemMemApplySegmentToReadJmp: out of bounds %#x..%#x vs %#x\n",
+                           (uint32_t)GCPtrMem, GCPtrLast32, pSel->u32Limit));
                     break;
 
-                case X86DESCATTR_P | X86_SEL_TYPE_DOWN:                     /* data, expand down */
+                case X86DESCATTR_P | X86_SEL_TYPE_DOWN:                         /* readonly data, expand down */
+                case X86DESCATTR_P | X86_SEL_TYPE_DOWN | X86_SEL_TYPE_WRITE:    /* writable data, expand down */
                     /* expand down */
                     if (RT_LIKELY(   (uint32_t)GCPtrMem > pSel->u32Limit
@@ -2374 +2384 @@
                                       || GCPtrLast32 <= UINT32_C(0xffff)) ))
                         return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
+                    Log10(("iemMemApplySegmentToReadJmp: expand down out of bounds %#x..%#x vs %#x..%#x\n",
+                           (uint32_t)GCPtrMem, GCPtrLast32, pSel->u32Limit, pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT16_MAX));
                     break;
 
                 default:
+                    Log10(("iemMemApplySegmentToReadJmp: bad selector %#x\n", pSel->Attr.u));
                     iemRaiseSelectorInvalidAccessJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_R);
                     break;
             }
         }
+        Log10(("iemMemApplySegmentToReadJmp: out of bounds %#x..%#x\n",(uint32_t)GCPtrMem, GCPtrLast32));
         iemRaiseSelectorBoundsJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_R);
     }
-    iemRaiseGeneralProtectionFault0Jmp(pVCpu);
+    /*
+     * 32-bit flat address.
+     */
+    else
+        return GCPtrMem;
 }
 

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -320 +320 @@
 #define IEMTLBE_F_PG_NO_WRITE       RT_BIT_64(3) /**< Phys page:   Not writable (access handler, ROM, whatever). */
 #define IEMTLBE_F_PG_NO_READ        RT_BIT_64(4) /**< Phys page:   Not readable (MMIO / access handler, ROM) */
-#define IEMTLBE_F_PG_NO_ACCESSED    RT_BIT_64(5) /**< Phys tables: Not accessed (need to be marked accessed). */
+#define IEMTLBE_F_PT_NO_ACCESSED    RT_BIT_64(5) /**< Phys tables: Not accessed (need to be marked accessed). */
 #define IEMTLBE_F_PT_NO_DIRTY       RT_BIT_64(6) /**< Page tables: Not dirty (needs to be made dirty on write). */
 #define IEMTLBE_F_NO_MAPPINGR3      RT_BIT_64(7) /**< TLB entry:   The IEMTLBENTRY::pMappingR3 member is invalid. */
@@ -2547 +2547 @@
 VBOXSTRICTRC            iemRaiseMathFault(PVMCPUCC pVCpu);
 VBOXSTRICTRC            iemRaiseAlignmentCheckException(PVMCPUCC pVCpu);
+#ifdef IEM_WITH_SETJMP
+DECL_NO_RETURN(void)    iemRaiseAlignmentCheckExceptionJmp(PVMCPUCC pVCpu)  RT_NOEXCEPT;
+#endif
 
 IEM_CIMPL_DEF_0(iemCImplRaiseDivideError);