PATMA.asm@ 22621

Last change on this file since 22621 was 19141, checked in by vboxsync, 16 years ago
Action flags breakup. Fixed PGM saved state loading of 2.2.2 images. Reduced hacks in PATM state loading (fixups).
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 70.6 KB

Line
1	; $Id: PATMA.asm 19141 2009-04-23 13:52:18Z vboxsync $
2	;; @file
3	; PATM Assembly Routines.
4	;
5
6	; Copyright (C) 2006-2007 Sun Microsystems, Inc.
7	;
8	; This file is part of VirtualBox Open Source Edition (OSE), as
9	; available from http://www.virtualbox.org. This file is free software;
10	; you can redistribute it and/or modify it under the terms of the GNU
11	; General Public License (GPL) as published by the Free Software
12	; Foundation, in version 2 as it comes in the "COPYING" file of the
13	; VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14	; hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15	;
16	; Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
17	; Clara, CA 95054 USA or visit http://www.sun.com if you need
18	; additional information or have any questions.
19	;
20
21	;;
22	; @note This method has problems in theory. If we fault for any reason, then we won't be able to restore
23	; the guest's context properly!!
24	; E.g if one of the push instructions causes a fault or SS isn't wide open and our patch GC state accesses aren't valid.
25	; @assumptions
26	; - Enough stack for a few pushes
27	; - The SS selector has base 0 and limit 0xffffffff
28	;
29	; @todo stack probing is currently hardcoded and not present everywhere (search for 'probe stack')
30
31
32	;*******************************************************************************
33	;* Header Files *
34	;*******************************************************************************
35	%include "VBox/asmdefs.mac"
36	%include "VBox/err.mac"
37	%include "VBox/x86.mac"
38	%include "VBox/vm.mac"
39	%include "PATMA.mac"
40
41	%ifdef DEBUG
42	; Noisy, but useful for debugging certain problems
43	;;;%define PATM_LOG_PATCHINSTR
44	;;%define PATM_LOG_PATCHIRET
45	%endif
46
47	BEGINCONST
48
49	%ifdef RT_ARCH_AMD64
50	BITS 32 ; switch to 32-bit mode (x86).
51	%endif
52
53	%ifdef VBOX_WITH_STATISTICS
54	;
55	; Patch call statistics
56	;
57	BEGINPROC PATMStats
58	PATMStats_Start:
59	mov dword [ss:PATM_INTERRUPTFLAG], 0
60	pushf
61	inc dword [ss:PATM_ALLPATCHCALLS]
62	inc dword [ss:PATM_PERPATCHCALLS]
63	popf
64	mov dword [ss:PATM_INTERRUPTFLAG], 1
65	PATMStats_End:
66	ENDPROC PATMStats
67
68
69	; Patch record for statistics
70	GLOBALNAME PATMStatsRecord
71	RTCCPTR_DEF PATMStats_Start
72	DD 0
73	DD 0
74	DD 0
75	DD PATMStats_End - PATMStats_Start
76	DD 4
77	DD PATM_INTERRUPTFLAG
78	DD 0
79	DD PATM_ALLPATCHCALLS
80	DD 0
81	DD PATM_PERPATCHCALLS
82	DD 0
83	DD PATM_INTERRUPTFLAG
84	DD 0
85	DD 0ffffffffh
86	%endif
87
88	;
89	; Set PATM_INTERRUPTFLAG
90	;
91	BEGINPROC PATMSetPIF
92	PATMSetPIF_Start:
93	mov dword [ss:PATM_INTERRUPTFLAG], 1
94	PATMSetPIF_End:
95	ENDPROC PATMSetPIF
96
97
98	; Patch record for setting PATM_INTERRUPTFLAG
99	GLOBALNAME PATMSetPIFRecord
100	RTCCPTR_DEF PATMSetPIF_Start
101	DD 0
102	DD 0
103	DD 0
104	DD PATMSetPIF_End - PATMSetPIF_Start
105	DD 1
106	DD PATM_INTERRUPTFLAG
107	DD 0
108	DD 0ffffffffh
109
110	;
111	; Clear PATM_INTERRUPTFLAG
112	;
113	BEGINPROC PATMClearPIF
114	PATMClearPIF_Start:
115	; probe stack here as we can't recover from page faults later on
116	not dword [esp-64]
117	not dword [esp-64]
118	mov dword [ss:PATM_INTERRUPTFLAG], 0
119	PATMClearPIF_End:
120	ENDPROC PATMClearPIF
121
122
123	; Patch record for clearing PATM_INTERRUPTFLAG
124	GLOBALNAME PATMClearPIFRecord
125	RTCCPTR_DEF PATMClearPIF_Start
126	DD 0
127	DD 0
128	DD 0
129	DD PATMClearPIF_End - PATMClearPIF_Start
130	DD 1
131	DD PATM_INTERRUPTFLAG
132	DD 0
133	DD 0ffffffffh
134
135	;
136	; Clear PATM_INHIBITIRQADDR and fault if IF=0
137	;
138	BEGINPROC PATMClearInhibitIRQFaultIF0
139	PATMClearInhibitIRQFaultIF0_Start:
140	mov dword [ss:PATM_INTERRUPTFLAG], 0
141	mov dword [ss:PATM_INHIBITIRQADDR], 0
142	pushf
143
144	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
145	jz PATMClearInhibitIRQFaultIF0_Fault
146
147	; if interrupts are pending, then we must go back to the host context to handle them!
148	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
149	jz PATMClearInhibitIRQFaultIF0_Continue
150
151	; Go to our hypervisor trap handler to dispatch the pending irq
152	mov dword [ss:PATM_TEMP_EAX], eax
153	mov dword [ss:PATM_TEMP_ECX], ecx
154	mov dword [ss:PATM_TEMP_EDI], edi
155	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
156	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
157	lock or dword [ss:PATM_PENDINGACTION], eax
158	mov ecx, PATM_ACTION_MAGIC
159	mov edi, PATM_NEXTINSTRADDR
160	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
161	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
162	; does not return
163
164	PATMClearInhibitIRQFaultIF0_Fault:
165	popf
166	mov dword [ss:PATM_INTERRUPTFLAG], 1
167	PATM_INT3
168
169	PATMClearInhibitIRQFaultIF0_Continue:
170	popf
171	mov dword [ss:PATM_INTERRUPTFLAG], 1
172	PATMClearInhibitIRQFaultIF0_End:
173	ENDPROC PATMClearInhibitIRQFaultIF0
174
175
176	; Patch record for clearing PATM_INHIBITIRQADDR
177	GLOBALNAME PATMClearInhibitIRQFaultIF0Record
178	RTCCPTR_DEF PATMClearInhibitIRQFaultIF0_Start
179	DD 0
180	DD 0
181	DD 0
182	DD PATMClearInhibitIRQFaultIF0_End - PATMClearInhibitIRQFaultIF0_Start
183	DD 12
184	DD PATM_INTERRUPTFLAG
185	DD 0
186	DD PATM_INHIBITIRQADDR
187	DD 0
188	DD PATM_VMFLAGS
189	DD 0
190	DD PATM_VM_FORCEDACTIONS
191	DD 0
192	DD PATM_TEMP_EAX
193	DD 0
194	DD PATM_TEMP_ECX
195	DD 0
196	DD PATM_TEMP_EDI
197	DD 0
198	DD PATM_TEMP_RESTORE_FLAGS
199	DD 0
200	DD PATM_PENDINGACTION
201	DD 0
202	DD PATM_NEXTINSTRADDR
203	DD 0
204	DD PATM_INTERRUPTFLAG
205	DD 0
206	DD PATM_INTERRUPTFLAG
207	DD 0
208	DD 0ffffffffh
209
210	;
211	; Clear PATM_INHIBITIRQADDR and continue if IF=0 (duplicated function only; never jump back to guest code afterwards!!)
212	;
213	BEGINPROC PATMClearInhibitIRQContIF0
214	PATMClearInhibitIRQContIF0_Start:
215	mov dword [ss:PATM_INTERRUPTFLAG], 0
216	mov dword [ss:PATM_INHIBITIRQADDR], 0
217	pushf
218
219	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
220	jz PATMClearInhibitIRQContIF0_Continue
221
222	; if interrupts are pending, then we must go back to the host context to handle them!
223	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
224	jz PATMClearInhibitIRQContIF0_Continue
225
226	; Go to our hypervisor trap handler to dispatch the pending irq
227	mov dword [ss:PATM_TEMP_EAX], eax
228	mov dword [ss:PATM_TEMP_ECX], ecx
229	mov dword [ss:PATM_TEMP_EDI], edi
230	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
231	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
232	lock or dword [ss:PATM_PENDINGACTION], eax
233	mov ecx, PATM_ACTION_MAGIC
234	mov edi, PATM_NEXTINSTRADDR
235	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
236	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
237	; does not return
238
239	PATMClearInhibitIRQContIF0_Continue:
240	popf
241	mov dword [ss:PATM_INTERRUPTFLAG], 1
242	PATMClearInhibitIRQContIF0_End:
243	ENDPROC PATMClearInhibitIRQContIF0
244
245
246	; Patch record for clearing PATM_INHIBITIRQADDR
247	GLOBALNAME PATMClearInhibitIRQContIF0Record
248	RTCCPTR_DEF PATMClearInhibitIRQContIF0_Start
249	DD 0
250	DD 0
251	DD 0
252	DD PATMClearInhibitIRQContIF0_End - PATMClearInhibitIRQContIF0_Start
253	DD 11
254	DD PATM_INTERRUPTFLAG
255	DD 0
256	DD PATM_INHIBITIRQADDR
257	DD 0
258	DD PATM_VMFLAGS
259	DD 0
260	DD PATM_VM_FORCEDACTIONS
261	DD 0
262	DD PATM_TEMP_EAX
263	DD 0
264	DD PATM_TEMP_ECX
265	DD 0
266	DD PATM_TEMP_EDI
267	DD 0
268	DD PATM_TEMP_RESTORE_FLAGS
269	DD 0
270	DD PATM_PENDINGACTION
271	DD 0
272	DD PATM_NEXTINSTRADDR
273	DD 0
274	DD PATM_INTERRUPTFLAG
275	DD 0
276	DD 0ffffffffh
277
278
279	BEGINPROC PATMCliReplacement
280	PATMCliStart:
281	mov dword [ss:PATM_INTERRUPTFLAG], 0
282	pushf
283	%ifdef PATM_LOG_PATCHINSTR
284	push eax
285	push ecx
286	mov eax, PATM_ACTION_LOG_CLI
287	lock or dword [ss:PATM_PENDINGACTION], eax
288	mov ecx, PATM_ACTION_MAGIC
289	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
290	pop ecx
291	pop eax
292	%endif
293
294	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
295	popf
296
297	mov dword [ss:PATM_INTERRUPTFLAG], 1
298	DB 0xE9
299	PATMCliJump:
300	DD PATM_JUMPDELTA
301	PATMCliEnd:
302	ENDPROC PATMCliReplacement
303
304
305	; Patch record for 'cli'
306	GLOBALNAME PATMCliRecord
307	RTCCPTR_DEF PATMCliStart
308	DD PATMCliJump - PATMCliStart
309	DD 0
310	DD 0
311	DD PATMCliEnd - PATMCliStart
312	%ifdef PATM_LOG_PATCHINSTR
313	DD 4
314	%else
315	DD 3
316	%endif
317	DD PATM_INTERRUPTFLAG
318	DD 0
319	%ifdef PATM_LOG_PATCHINSTR
320	DD PATM_PENDINGACTION
321	DD 0
322	%endif
323	DD PATM_VMFLAGS
324	DD 0
325	DD PATM_INTERRUPTFLAG
326	DD 0
327	DD 0ffffffffh
328
329
330	BEGINPROC PATMStiReplacement
331	PATMStiStart:
332	mov dword [ss:PATM_INTERRUPTFLAG], 0
333	mov dword [ss:PATM_INHIBITIRQADDR], PATM_NEXTINSTRADDR
334	pushf
335	%ifdef PATM_LOG_PATCHINSTR
336	push eax
337	push ecx
338	mov eax, PATM_ACTION_LOG_STI
339	lock or dword [ss:PATM_PENDINGACTION], eax
340	mov ecx, PATM_ACTION_MAGIC
341	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
342	pop ecx
343	pop eax
344	%endif
345	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
346	popf
347	mov dword [ss:PATM_INTERRUPTFLAG], 1
348	PATMStiEnd:
349	ENDPROC PATMStiReplacement
350
351	; Patch record for 'sti'
352	GLOBALNAME PATMStiRecord
353	RTCCPTR_DEF PATMStiStart
354	DD 0
355	DD 0
356	DD 0
357	DD PATMStiEnd - PATMStiStart
358	%ifdef PATM_LOG_PATCHINSTR
359	DD 6
360	%else
361	DD 5
362	%endif
363	DD PATM_INTERRUPTFLAG
364	DD 0
365	DD PATM_INHIBITIRQADDR
366	DD 0
367	DD PATM_NEXTINSTRADDR
368	DD 0
369	%ifdef PATM_LOG_PATCHINSTR
370	DD PATM_PENDINGACTION
371	DD 0
372	%endif
373	DD PATM_VMFLAGS
374	DD 0
375	DD PATM_INTERRUPTFLAG
376	DD 0
377	DD 0ffffffffh
378
379	;
380	; Trampoline code for trap entry (without error code on the stack)
381	;
382	; esp + 32 - GS (V86 only)
383	; esp + 28 - FS (V86 only)
384	; esp + 24 - DS (V86 only)
385	; esp + 20 - ES (V86 only)
386	; esp + 16 - SS (if transfer to inner ring)
387	; esp + 12 - ESP (if transfer to inner ring)
388	; esp + 8 - EFLAGS
389	; esp + 4 - CS
390	; esp - EIP
391	;
392	BEGINPROC PATMTrapEntry
393	PATMTrapEntryStart:
394	mov dword [ss:PATM_INTERRUPTFLAG], 0
395	pushf
396
397	%ifdef PATM_LOG_PATCHIRET
398	push eax
399	push ecx
400	push edx
401	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
402	mov eax, PATM_ACTION_LOG_GATE_ENTRY
403	lock or dword [ss:PATM_PENDINGACTION], eax
404	mov ecx, PATM_ACTION_MAGIC
405	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
406	pop edx
407	pop ecx
408	pop eax
409	%endif
410
411	test dword [esp+12], X86_EFL_VM
412	jnz PATMTrapNoRing1
413
414	; make sure the saved CS selector for ring 1 is made 0
415	test dword [esp+8], 2
416	jnz PATMTrapNoRing1
417	test dword [esp+8], 1
418	jz PATMTrapNoRing1
419	and dword [esp+8], dword ~1 ; yasm / nasm dword
420	PATMTrapNoRing1:
421
422	; correct EFLAGS on the stack to include the current IOPL
423	push eax
424	mov eax, dword [ss:PATM_VMFLAGS]
425	and eax, X86_EFL_IOPL
426	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
427	or dword [esp+16], eax
428	pop eax
429
430	popf
431	mov dword [ss:PATM_INTERRUPTFLAG], 1
432	DB 0xE9
433	PATMTrapEntryJump:
434	DD PATM_JUMPDELTA
435	PATMTrapEntryEnd:
436	ENDPROC PATMTrapEntry
437
438
439	; Patch record for trap gate entrypoint
440	GLOBALNAME PATMTrapEntryRecord
441	RTCCPTR_DEF PATMTrapEntryStart
442	DD PATMTrapEntryJump - PATMTrapEntryStart
443	DD 0
444	DD 0
445	DD PATMTrapEntryEnd - PATMTrapEntryStart
446	%ifdef PATM_LOG_PATCHIRET
447	DD 4
448	%else
449	DD 3
450	%endif
451	DD PATM_INTERRUPTFLAG
452	DD 0
453	%ifdef PATM_LOG_PATCHIRET
454	DD PATM_PENDINGACTION
455	DD 0
456	%endif
457	DD PATM_VMFLAGS
458	DD 0
459	DD PATM_INTERRUPTFLAG
460	DD 0
461	DD 0ffffffffh
462
463	;
464	; Trampoline code for trap entry (with error code on the stack)
465	;
466	; esp + 36 - GS (V86 only)
467	; esp + 32 - FS (V86 only)
468	; esp + 28 - DS (V86 only)
469	; esp + 24 - ES (V86 only)
470	; esp + 20 - SS (if transfer to inner ring)
471	; esp + 16 - ESP (if transfer to inner ring)
472	; esp + 12 - EFLAGS
473	; esp + 8 - CS
474	; esp + 4 - EIP
475	; esp - error code
476	;
477	BEGINPROC PATMTrapEntryErrorCode
478	PATMTrapErrorCodeEntryStart:
479	mov dword [ss:PATM_INTERRUPTFLAG], 0
480	pushf
481
482	%ifdef PATM_LOG_PATCHIRET
483	push eax
484	push ecx
485	push edx
486	lea edx, dword [ss:esp+12+4+4] ;3 dwords + pushed flags + error code -> iret eip
487	mov eax, PATM_ACTION_LOG_GATE_ENTRY
488	lock or dword [ss:PATM_PENDINGACTION], eax
489	mov ecx, PATM_ACTION_MAGIC
490	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
491	pop edx
492	pop ecx
493	pop eax
494	%endif
495
496	test dword [esp+16], X86_EFL_VM
497	jnz PATMTrapErrorCodeNoRing1
498
499	; make sure the saved CS selector for ring 1 is made 0
500	test dword [esp+12], 2
501	jnz PATMTrapErrorCodeNoRing1
502	test dword [esp+12], 1
503	jz PATMTrapErrorCodeNoRing1
504	and dword [esp+12], dword ~1 ; yasm / nasm dword
505	PATMTrapErrorCodeNoRing1:
506
507	; correct EFLAGS on the stack to include the current IOPL
508	push eax
509	mov eax, dword [ss:PATM_VMFLAGS]
510	and eax, X86_EFL_IOPL
511	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(error code)+4(eax)
512	or dword [esp+20], eax
513	pop eax
514
515	popf
516	mov dword [ss:PATM_INTERRUPTFLAG], 1
517	DB 0xE9
518	PATMTrapErrorCodeEntryJump:
519	DD PATM_JUMPDELTA
520	PATMTrapErrorCodeEntryEnd:
521	ENDPROC PATMTrapEntryErrorCode
522
523
524	; Patch record for trap gate entrypoint
525	GLOBALNAME PATMTrapEntryRecordErrorCode
526	RTCCPTR_DEF PATMTrapErrorCodeEntryStart
527	DD PATMTrapErrorCodeEntryJump - PATMTrapErrorCodeEntryStart
528	DD 0
529	DD 0
530	DD PATMTrapErrorCodeEntryEnd - PATMTrapErrorCodeEntryStart
531	%ifdef PATM_LOG_PATCHIRET
532	DD 4
533	%else
534	DD 3
535	%endif
536	DD PATM_INTERRUPTFLAG
537	DD 0
538	%ifdef PATM_LOG_PATCHIRET
539	DD PATM_PENDINGACTION
540	DD 0
541	%endif
542	DD PATM_VMFLAGS
543	DD 0
544	DD PATM_INTERRUPTFLAG
545	DD 0
546	DD 0ffffffffh
547
548
549	;
550	; Trampoline code for interrupt gate entry (without error code on the stack)
551	;
552	; esp + 32 - GS (V86 only)
553	; esp + 28 - FS (V86 only)
554	; esp + 24 - DS (V86 only)
555	; esp + 20 - ES (V86 only)
556	; esp + 16 - SS (if transfer to inner ring)
557	; esp + 12 - ESP (if transfer to inner ring)
558	; esp + 8 - EFLAGS
559	; esp + 4 - CS
560	; esp - EIP
561	;
562	BEGINPROC PATMIntEntry
563	PATMIntEntryStart:
564	mov dword [ss:PATM_INTERRUPTFLAG], 0
565	pushf
566
567	%ifdef PATM_LOG_PATCHIRET
568	push eax
569	push ecx
570	push edx
571	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
572	mov eax, PATM_ACTION_LOG_GATE_ENTRY
573	lock or dword [ss:PATM_PENDINGACTION], eax
574	mov ecx, PATM_ACTION_MAGIC
575	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
576	pop edx
577	pop ecx
578	pop eax
579	%endif
580
581	test dword [esp+12], X86_EFL_VM
582	jnz PATMIntNoRing1
583
584	; make sure the saved CS selector for ring 1 is made 0
585	test dword [esp+8], 2
586	jnz PATMIntNoRing1
587	test dword [esp+8], 1
588	jz PATMIntNoRing1
589	and dword [esp+8], dword ~1 ; yasm / nasm dword
590	PATMIntNoRing1:
591
592	; correct EFLAGS on the stack to include the current IOPL
593	push eax
594	mov eax, dword [ss:PATM_VMFLAGS]
595	and eax, X86_EFL_IOPL
596	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
597	or dword [esp+16], eax
598	pop eax
599
600	popf
601	mov dword [ss:PATM_INTERRUPTFLAG], 1
602	PATMIntEntryEnd:
603	ENDPROC PATMIntEntry
604
605
606	; Patch record for interrupt gate entrypoint
607	GLOBALNAME PATMIntEntryRecord
608	RTCCPTR_DEF PATMIntEntryStart
609	DD 0
610	DD 0
611	DD 0
612	DD PATMIntEntryEnd - PATMIntEntryStart
613	%ifdef PATM_LOG_PATCHIRET
614	DD 4
615	%else
616	DD 3
617	%endif
618	DD PATM_INTERRUPTFLAG
619	DD 0
620	%ifdef PATM_LOG_PATCHIRET
621	DD PATM_PENDINGACTION
622	DD 0
623	%endif
624	DD PATM_VMFLAGS
625	DD 0
626	DD PATM_INTERRUPTFLAG
627	DD 0
628	DD 0ffffffffh
629
630	;
631	; Trampoline code for interrupt gate entry (with error code on the stack)
632	;
633	; esp + 36 - GS (V86 only)
634	; esp + 32 - FS (V86 only)
635	; esp + 28 - DS (V86 only)
636	; esp + 24 - ES (V86 only)
637	; esp + 20 - SS (if transfer to inner ring)
638	; esp + 16 - ESP (if transfer to inner ring)
639	; esp + 12 - EFLAGS
640	; esp + 8 - CS
641	; esp + 4 - EIP
642	; esp - error code
643	;
644	BEGINPROC PATMIntEntryErrorCode
645	PATMIntEntryErrorCodeStart:
646	mov dword [ss:PATM_INTERRUPTFLAG], 0
647	pushf
648
649	%ifdef PATM_LOG_PATCHIRET
650	push eax
651	push ecx
652	push edx
653	lea edx, dword [ss:esp+12+4+4] ;3 dwords + pushed flags + error code -> iret eip
654	mov eax, PATM_ACTION_LOG_GATE_ENTRY
655	lock or dword [ss:PATM_PENDINGACTION], eax
656	mov ecx, PATM_ACTION_MAGIC
657	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
658	pop edx
659	pop ecx
660	pop eax
661	%endif
662
663	test dword [esp+16], X86_EFL_VM
664	jnz PATMIntNoRing1_ErrorCode
665
666	; make sure the saved CS selector for ring 1 is made 0
667	test dword [esp+12], 2
668	jnz PATMIntNoRing1_ErrorCode
669	test dword [esp+12], 1
670	jz PATMIntNoRing1_ErrorCode
671	and dword [esp+12], dword ~1 ; yasm / nasm dword
672	PATMIntNoRing1_ErrorCode:
673
674	; correct EFLAGS on the stack to include the current IOPL
675	push eax
676	mov eax, dword [ss:PATM_VMFLAGS]
677	and eax, X86_EFL_IOPL
678	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(eax)+4(error code)
679	or dword [esp+20], eax
680	pop eax
681
682	popf
683	mov dword [ss:PATM_INTERRUPTFLAG], 1
684	PATMIntEntryErrorCodeEnd:
685	ENDPROC PATMIntEntryErrorCode
686
687
688	; Patch record for interrupt gate entrypoint
689	GLOBALNAME PATMIntEntryRecordErrorCode
690	RTCCPTR_DEF PATMIntEntryErrorCodeStart
691	DD 0
692	DD 0
693	DD 0
694	DD PATMIntEntryErrorCodeEnd - PATMIntEntryErrorCodeStart
695	%ifdef PATM_LOG_PATCHIRET
696	DD 4
697	%else
698	DD 3
699	%endif
700	DD PATM_INTERRUPTFLAG
701	DD 0
702	%ifdef PATM_LOG_PATCHIRET
703	DD PATM_PENDINGACTION
704	DD 0
705	%endif
706	DD PATM_VMFLAGS
707	DD 0
708	DD PATM_INTERRUPTFLAG
709	DD 0
710	DD 0ffffffffh
711
712	;
713	; 32 bits Popf replacement that faults when IF remains 0
714	;
715	BEGINPROC PATMPopf32Replacement
716	PATMPopf32Start:
717	mov dword [ss:PATM_INTERRUPTFLAG], 0
718	%ifdef PATM_LOG_PATCHINSTR
719	push eax
720	push ecx
721	mov eax, PATM_ACTION_LOG_POPF_IF1
722	test dword [esp+8], X86_EFL_IF
723	jnz PATMPopf32_Log
724	mov eax, PATM_ACTION_LOG_POPF_IF0
725
726	PATMPopf32_Log:
727	lock or dword [ss:PATM_PENDINGACTION], eax
728	mov ecx, PATM_ACTION_MAGIC
729	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
730	pop ecx
731	pop eax
732	%endif
733
734	test dword [esp], X86_EFL_IF
735	jnz PATMPopf32_Ok
736	mov dword [ss:PATM_INTERRUPTFLAG], 1
737	PATM_INT3
738
739	PATMPopf32_Ok:
740	; Note: we don't allow popf instructions to change the current IOPL; we simply ignore such changes (!!!)
741	; In this particular patch it's rather unlikely the pushf was included, so we have no way to check if the flags on the stack were correctly synched
742	; PATMPopf32Replacement_NoExit is different, because it's only used in IDT and function patches
743	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
744
745	; if interrupts are pending, then we must go back to the host context to handle them!
746	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
747	jz PATMPopf32_Continue
748
749	; Go to our hypervisor trap handler to dispatch the pending irq
750	mov dword [ss:PATM_TEMP_EAX], eax
751	mov dword [ss:PATM_TEMP_ECX], ecx
752	mov dword [ss:PATM_TEMP_EDI], edi
753	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
754	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
755	lock or dword [ss:PATM_PENDINGACTION], eax
756	mov ecx, PATM_ACTION_MAGIC
757	mov edi, PATM_NEXTINSTRADDR
758
759	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
760	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
761	; does not return
762
763	PATMPopf32_Continue:
764	popfd ; restore flags we pushed above
765	mov dword [ss:PATM_INTERRUPTFLAG], 1
766	DB 0xE9
767	PATMPopf32Jump:
768	DD PATM_JUMPDELTA
769	PATMPopf32End:
770	ENDPROC PATMPopf32Replacement
771
772
773	; Patch record for 'popfd'
774	GLOBALNAME PATMPopf32Record
775	RTCCPTR_DEF PATMPopf32Start
776	DD PATMPopf32Jump - PATMPopf32Start
777	DD 0
778	DD 0
779	DD PATMPopf32End - PATMPopf32Start
780	%ifdef PATM_LOG_PATCHINSTR
781	DD 12
782	%else
783	DD 11
784	%endif
785	DD PATM_INTERRUPTFLAG
786	DD 0
787	%ifdef PATM_LOG_PATCHINSTR
788	DD PATM_PENDINGACTION
789	DD 0
790	%endif
791	DD PATM_INTERRUPTFLAG
792	DD 0
793	DD PATM_VMFLAGS
794	DD 0
795	DD PATM_VM_FORCEDACTIONS
796	DD 0
797	DD PATM_TEMP_EAX
798	DD 0
799	DD PATM_TEMP_ECX
800	DD 0
801	DD PATM_TEMP_EDI
802	DD 0
803	DD PATM_TEMP_RESTORE_FLAGS
804	DD 0
805	DD PATM_PENDINGACTION
806	DD 0
807	DD PATM_NEXTINSTRADDR
808	DD 0
809	DD PATM_INTERRUPTFLAG
810	DD 0
811	DD 0ffffffffh
812
813	; no need to check the IF flag when popf isn't an exit point of a patch (e.g. function duplication)
814	BEGINPROC PATMPopf32Replacement_NoExit
815	PATMPopf32_NoExitStart:
816	mov dword [ss:PATM_INTERRUPTFLAG], 0
817	%ifdef PATM_LOG_PATCHINSTR
818	push eax
819	push ecx
820	mov eax, PATM_ACTION_LOG_POPF_IF1
821	test dword [esp+8], X86_EFL_IF
822	jnz PATMPopf32_NoExitLog
823	mov eax, PATM_ACTION_LOG_POPF_IF0
824
825	PATMPopf32_NoExitLog:
826	lock or dword [ss:PATM_PENDINGACTION], eax
827	mov ecx, PATM_ACTION_MAGIC
828	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
829	pop ecx
830	pop eax
831	%endif
832	test dword [esp], X86_EFL_IF
833	jz PATMPopf32_NoExit_Continue
834
835	; if interrupts are pending, then we must go back to the host context to handle them!
836	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
837	jz PATMPopf32_NoExit_Continue
838
839	; Go to our hypervisor trap handler to dispatch the pending irq
840	mov dword [ss:PATM_TEMP_EAX], eax
841	mov dword [ss:PATM_TEMP_ECX], ecx
842	mov dword [ss:PATM_TEMP_EDI], edi
843	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
844	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
845	lock or dword [ss:PATM_PENDINGACTION], eax
846	mov ecx, PATM_ACTION_MAGIC
847	mov edi, PATM_NEXTINSTRADDR
848
849	pop dword [ss:PATM_VMFLAGS] ; restore flags now (the or instruction changes the flags as well)
850	push dword [ss:PATM_VMFLAGS]
851	popfd
852
853	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
854	; does not return
855
856	PATMPopf32_NoExit_Continue:
857	pop dword [ss:PATM_VMFLAGS]
858	push dword [ss:PATM_VMFLAGS]
859	popfd
860	mov dword [ss:PATM_INTERRUPTFLAG], 1
861	PATMPopf32_NoExitEnd:
862	ENDPROC PATMPopf32Replacement_NoExit
863
864
865	; Patch record for 'popfd'
866	GLOBALNAME PATMPopf32Record_NoExit
867	RTCCPTR_DEF PATMPopf32_NoExitStart
868	DD 0
869	DD 0
870	DD 0
871	DD PATMPopf32_NoExitEnd - PATMPopf32_NoExitStart
872	%ifdef PATM_LOG_PATCHINSTR
873	DD 14
874	%else
875	DD 13
876	%endif
877	DD PATM_INTERRUPTFLAG
878	DD 0
879	%ifdef PATM_LOG_PATCHINSTR
880	DD PATM_PENDINGACTION
881	DD 0
882	%endif
883	DD PATM_VM_FORCEDACTIONS
884	DD 0
885	DD PATM_TEMP_EAX
886	DD 0
887	DD PATM_TEMP_ECX
888	DD 0
889	DD PATM_TEMP_EDI
890	DD 0
891	DD PATM_TEMP_RESTORE_FLAGS
892	DD 0
893	DD PATM_PENDINGACTION
894	DD 0
895	DD PATM_NEXTINSTRADDR
896	DD 0
897	DD PATM_VMFLAGS
898	DD 0
899	DD PATM_VMFLAGS
900	DD 0
901	DD PATM_VMFLAGS
902	DD 0
903	DD PATM_VMFLAGS
904	DD 0
905	DD PATM_INTERRUPTFLAG
906	DD 0
907	DD 0ffffffffh
908
909
910	;
911	; 16 bits Popf replacement that faults when IF remains 0
912	;
913	BEGINPROC PATMPopf16Replacement
914	PATMPopf16Start:
915	mov dword [ss:PATM_INTERRUPTFLAG], 0
916	test word [esp], X86_EFL_IF
917	jnz PATMPopf16_Ok
918	mov dword [ss:PATM_INTERRUPTFLAG], 1
919	PATM_INT3
920
921	PATMPopf16_Ok:
922	; if interrupts are pending, then we must go back to the host context to handle them!
923	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
924	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
925	jz PATMPopf16_Continue
926	mov dword [ss:PATM_INTERRUPTFLAG], 1
927	PATM_INT3
928
929	PATMPopf16_Continue:
930
931	pop word [ss:PATM_VMFLAGS]
932	push word [ss:PATM_VMFLAGS]
933	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
934	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
935
936	DB 0x66 ; size override
937	popf ;after the and and or operations!! (flags must be preserved)
938	mov dword [ss:PATM_INTERRUPTFLAG], 1
939
940	DB 0xE9
941	PATMPopf16Jump:
942	DD PATM_JUMPDELTA
943	PATMPopf16End:
944	ENDPROC PATMPopf16Replacement
945
946
947	; Patch record for 'popf'
948	GLOBALNAME PATMPopf16Record
949	RTCCPTR_DEF PATMPopf16Start
950	DD PATMPopf16Jump - PATMPopf16Start
951	DD 0
952	DD 0
953	DD PATMPopf16End - PATMPopf16Start
954	DD 9
955	DD PATM_INTERRUPTFLAG
956	DD 0
957	DD PATM_INTERRUPTFLAG
958	DD 0
959	DD PATM_VM_FORCEDACTIONS
960	DD 0
961	DD PATM_INTERRUPTFLAG
962	DD 0
963	DD PATM_VMFLAGS
964	DD 0
965	DD PATM_VMFLAGS
966	DD 0
967	DD PATM_VMFLAGS
968	DD 0
969	DD PATM_VMFLAGS
970	DD 0
971	DD PATM_INTERRUPTFLAG
972	DD 0
973	DD 0ffffffffh
974
975	;
976	; 16 bits Popf replacement that faults when IF remains 0
977	; @todo not necessary to fault in that case (see 32 bits version)
978	BEGINPROC PATMPopf16Replacement_NoExit
979	PATMPopf16Start_NoExit:
980	mov dword [ss:PATM_INTERRUPTFLAG], 0
981	test word [esp], X86_EFL_IF
982	jnz PATMPopf16_Ok_NoExit
983	mov dword [ss:PATM_INTERRUPTFLAG], 1
984	PATM_INT3
985
986	PATMPopf16_Ok_NoExit:
987	; if interrupts are pending, then we must go back to the host context to handle them!
988	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
989	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
990	jz PATMPopf16_Continue_NoExit
991	mov dword [ss:PATM_INTERRUPTFLAG], 1
992	PATM_INT3
993
994	PATMPopf16_Continue_NoExit:
995
996	pop word [ss:PATM_VMFLAGS]
997	push word [ss:PATM_VMFLAGS]
998	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
999	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
1000
1001	DB 0x66 ; size override
1002	popf ;after the and and or operations!! (flags must be preserved)
1003	mov dword [ss:PATM_INTERRUPTFLAG], 1
1004	PATMPopf16End_NoExit:
1005	ENDPROC PATMPopf16Replacement_NoExit
1006
1007
1008	; Patch record for 'popf'
1009	GLOBALNAME PATMPopf16Record_NoExit
1010	RTCCPTR_DEF PATMPopf16Start_NoExit
1011	DD 0
1012	DD 0
1013	DD 0
1014	DD PATMPopf16End_NoExit - PATMPopf16Start_NoExit
1015	DD 9
1016	DD PATM_INTERRUPTFLAG
1017	DD 0
1018	DD PATM_INTERRUPTFLAG
1019	DD 0
1020	DD PATM_VM_FORCEDACTIONS
1021	DD 0
1022	DD PATM_INTERRUPTFLAG
1023	DD 0
1024	DD PATM_VMFLAGS
1025	DD 0
1026	DD PATM_VMFLAGS
1027	DD 0
1028	DD PATM_VMFLAGS
1029	DD 0
1030	DD PATM_VMFLAGS
1031	DD 0
1032	DD PATM_INTERRUPTFLAG
1033	DD 0
1034	DD 0ffffffffh
1035
1036
1037	BEGINPROC PATMPushf32Replacement
1038	PATMPushf32Start:
1039	mov dword [ss:PATM_INTERRUPTFLAG], 0
1040	pushfd
1041	%ifdef PATM_LOG_PATCHINSTR
1042	push eax
1043	push ecx
1044	mov eax, PATM_ACTION_LOG_PUSHF
1045	lock or dword [ss:PATM_PENDINGACTION], eax
1046	mov ecx, PATM_ACTION_MAGIC
1047	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1048	pop ecx
1049	pop eax
1050	%endif
1051
1052	pushfd
1053	push eax
1054	mov eax, dword [esp+8]
1055	and eax, PATM_FLAGS_MASK
1056	or eax, dword [ss:PATM_VMFLAGS]
1057	mov dword [esp+8], eax
1058	pop eax
1059	popfd
1060	mov dword [ss:PATM_INTERRUPTFLAG], 1
1061	PATMPushf32End:
1062	ENDPROC PATMPushf32Replacement
1063
1064
1065	; Patch record for 'pushfd'
1066	GLOBALNAME PATMPushf32Record
1067	RTCCPTR_DEF PATMPushf32Start
1068	DD 0
1069	DD 0
1070	DD 0
1071	DD PATMPushf32End - PATMPushf32Start
1072	%ifdef PATM_LOG_PATCHINSTR
1073	DD 4
1074	%else
1075	DD 3
1076	%endif
1077	DD PATM_INTERRUPTFLAG
1078	DD 0
1079	%ifdef PATM_LOG_PATCHINSTR
1080	DD PATM_PENDINGACTION
1081	DD 0
1082	%endif
1083	DD PATM_VMFLAGS
1084	DD 0
1085	DD PATM_INTERRUPTFLAG
1086	DD 0
1087	DD 0ffffffffh
1088
1089
1090	BEGINPROC PATMPushf16Replacement
1091	PATMPushf16Start:
1092	mov dword [ss:PATM_INTERRUPTFLAG], 0
1093	DB 0x66 ; size override
1094	pushf
1095	DB 0x66 ; size override
1096	pushf
1097	push eax
1098	xor eax, eax
1099	mov ax, word [esp+6]
1100	and eax, PATM_FLAGS_MASK
1101	or eax, dword [ss:PATM_VMFLAGS]
1102	mov word [esp+6], ax
1103	pop eax
1104
1105	DB 0x66 ; size override
1106	popf
1107	mov dword [ss:PATM_INTERRUPTFLAG], 1
1108	PATMPushf16End:
1109	ENDPROC PATMPushf16Replacement
1110
1111
1112	; Patch record for 'pushf'
1113	GLOBALNAME PATMPushf16Record
1114	RTCCPTR_DEF PATMPushf16Start
1115	DD 0
1116	DD 0
1117	DD 0
1118	DD PATMPushf16End - PATMPushf16Start
1119	DD 3
1120	DD PATM_INTERRUPTFLAG
1121	DD 0
1122	DD PATM_VMFLAGS
1123	DD 0
1124	DD PATM_INTERRUPTFLAG
1125	DD 0
1126	DD 0ffffffffh
1127
1128
1129	BEGINPROC PATMPushCSReplacement
1130	PATMPushCSStart:
1131	mov dword [ss:PATM_INTERRUPTFLAG], 0
1132	push cs
1133	pushfd
1134
1135	test dword [esp+4], 2
1136	jnz pushcs_notring1
1137
1138	; change dpl from 1 to 0
1139	and dword [esp+4], dword ~1 ; yasm / nasm dword
1140
1141	pushcs_notring1:
1142	popfd
1143
1144	mov dword [ss:PATM_INTERRUPTFLAG], 1
1145	DB 0xE9
1146	PATMPushCSJump:
1147	DD PATM_JUMPDELTA
1148	PATMPushCSEnd:
1149	ENDPROC PATMPushCSReplacement
1150
1151
1152	; Patch record for 'push cs'
1153	GLOBALNAME PATMPushCSRecord
1154	RTCCPTR_DEF PATMPushCSStart
1155	DD PATMPushCSJump - PATMPushCSStart
1156	DD 0
1157	DD 0
1158	DD PATMPushCSEnd - PATMPushCSStart
1159	DD 2
1160	DD PATM_INTERRUPTFLAG
1161	DD 0
1162	DD PATM_INTERRUPTFLAG
1163	DD 0
1164	DD 0ffffffffh
1165
1166	;;****************************************************
1167	;; Abstract:
1168	;;
1169	;; if eflags.NT==0 && iretstack.eflags.VM==0 && iretstack.eflags.IOPL==0
1170	;; then
1171	;; if return to ring 0 (iretstack.new_cs & 3 == 0)
1172	;; then
1173	;; if iretstack.new_eflags.IF == 1 && iretstack.new_eflags.IOPL == 0
1174	;; then
1175	;; iretstack.new_cs \|= 1
1176	;; else
1177	;; int 3
1178	;; endif
1179	;; uVMFlags &= ~X86_EFL_IF
1180	;; iret
1181	;; else
1182	;; int 3
1183	;;****************************************************
1184	;;
1185	; Stack:
1186	;
1187	; esp + 32 - GS (V86 only)
1188	; esp + 28 - FS (V86 only)
1189	; esp + 24 - DS (V86 only)
1190	; esp + 20 - ES (V86 only)
1191	; esp + 16 - SS (if transfer to outer ring)
1192	; esp + 12 - ESP (if transfer to outer ring)
1193	; esp + 8 - EFLAGS
1194	; esp + 4 - CS
1195	; esp - EIP
1196	;;
1197	BEGINPROC PATMIretReplacement
1198	PATMIretStart:
1199	mov dword [ss:PATM_INTERRUPTFLAG], 0
1200	pushfd
1201
1202	%ifdef PATM_LOG_PATCHIRET
1203	push eax
1204	push ecx
1205	push edx
1206	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
1207	mov eax, PATM_ACTION_LOG_IRET
1208	lock or dword [ss:PATM_PENDINGACTION], eax
1209	mov ecx, PATM_ACTION_MAGIC
1210	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1211	pop edx
1212	pop ecx
1213	pop eax
1214	%endif
1215
1216	test dword [esp], X86_EFL_NT
1217	jnz near iret_fault1
1218
1219	; we can't do an iret to v86 code, as we run with CPL=1. The iret would attempt a protected mode iret and (most likely) fault.
1220	test dword [esp+12], X86_EFL_VM
1221	jnz near iret_return_to_v86
1222
1223	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1224	;;@todo: not correct for iret back to ring 2!!!!!
1225	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1226
1227	test dword [esp+8], 2
1228	jnz iret_notring0
1229
1230	test dword [esp+12], X86_EFL_IF
1231	jz near iret_clearIF
1232
1233	; force ring 1 CS RPL
1234	or dword [esp+8], 1
1235	iret_notring0:
1236
1237	; if interrupts are pending, then we must go back to the host context to handle them!
1238	; Note: This is very important as pending pic interrupts can be overriden by apic interrupts if we don't check early enough (Fedora 5 boot)
1239	; @@todo fix this properly, so we can dispatch pending interrupts in GC
1240	test dword [ss:PATM_VM_FORCEDACTIONS], VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC
1241	jz iret_continue
1242
1243	; Go to our hypervisor trap handler to dispatch the pending irq
1244	mov dword [ss:PATM_TEMP_EAX], eax
1245	mov dword [ss:PATM_TEMP_ECX], ecx
1246	mov dword [ss:PATM_TEMP_EDI], edi
1247	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
1248	mov eax, PATM_ACTION_PENDING_IRQ_AFTER_IRET
1249	lock or dword [ss:PATM_PENDINGACTION], eax
1250	mov ecx, PATM_ACTION_MAGIC
1251	mov edi, PATM_CURINSTRADDR
1252
1253	popfd
1254	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1255	; does not return
1256
1257	iret_continue :
1258	; This section must always be executed (!!)
1259	; Extract the IOPL from the return flags, save them to our virtual flags and
1260	; put them back to zero
1261	; @note we assume iretd doesn't fault!!!
1262	push eax
1263	mov eax, dword [esp+16]
1264	and eax, X86_EFL_IOPL
1265	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1266	or dword [ss:PATM_VMFLAGS], eax
1267	pop eax
1268	and dword [esp+12], ~X86_EFL_IOPL
1269
1270	; Set IF again; below we make sure this won't cause problems.
1271	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
1272
1273	; make sure iret is executed fully (including the iret below; cli ... iret can otherwise be interrupted)
1274	mov dword [ss:PATM_INHIBITIRQADDR], PATM_CURINSTRADDR
1275
1276	popfd
1277	mov dword [ss:PATM_INTERRUPTFLAG], 1
1278	iretd
1279	PATM_INT3
1280
1281	iret_fault:
1282	popfd
1283	mov dword [ss:PATM_INTERRUPTFLAG], 1
1284	PATM_INT3
1285
1286	iret_fault1:
1287	nop
1288	popfd
1289	mov dword [ss:PATM_INTERRUPTFLAG], 1
1290	PATM_INT3
1291
1292	iret_clearIF:
1293	push dword [esp+4] ; eip to return to
1294	pushfd
1295	push eax
1296	push PATM_FIXUP
1297	DB 0E8h ; call
1298	DD PATM_IRET_FUNCTION
1299	add esp, 4 ; pushed address of jump table
1300
1301	cmp eax, 0
1302	je near iret_fault3
1303
1304	mov dword [esp+12+4], eax ; stored eip in iret frame
1305	pop eax
1306	popfd
1307	add esp, 4 ; pushed eip
1308
1309	; always ring 0 return -> change to ring 1 (CS in iret frame)
1310	or dword [esp+8], 1
1311
1312	; This section must always be executed (!!)
1313	; Extract the IOPL from the return flags, save them to our virtual flags and
1314	; put them back to zero
1315	push eax
1316	mov eax, dword [esp+16]
1317	and eax, X86_EFL_IOPL
1318	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1319	or dword [ss:PATM_VMFLAGS], eax
1320	pop eax
1321	and dword [esp+12], ~X86_EFL_IOPL
1322
1323	; Clear IF
1324	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
1325	popfd
1326
1327	; the patched destination code will set PATM_INTERRUPTFLAG after the return!
1328	iretd
1329
1330	iret_return_to_v86:
1331	test dword [esp+12], X86_EFL_IF
1332	jz iret_fault
1333
1334	; Go to our hypervisor trap handler to perform the iret to v86 code
1335	mov dword [ss:PATM_TEMP_EAX], eax
1336	mov dword [ss:PATM_TEMP_ECX], ecx
1337	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX
1338	mov eax, PATM_ACTION_DO_V86_IRET
1339	lock or dword [ss:PATM_PENDINGACTION], eax
1340	mov ecx, PATM_ACTION_MAGIC
1341
1342	popfd
1343
1344	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1345	; does not return
1346
1347
1348	iret_fault3:
1349	pop eax
1350	popfd
1351	add esp, 4 ; pushed eip
1352	jmp iret_fault
1353
1354	align 4
1355	PATMIretTable:
1356	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1357	DW 0 ; ulInsertPos
1358	DD 0 ; cAddresses
1359	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
1360
1361	PATMIretEnd:
1362	ENDPROC PATMIretReplacement
1363
1364	; Patch record for 'iretd'
1365	GLOBALNAME PATMIretRecord
1366	RTCCPTR_DEF PATMIretStart
1367	DD 0
1368	DD 0
1369	DD 0
1370	DD PATMIretEnd- PATMIretStart
1371	%ifdef PATM_LOG_PATCHIRET
1372	DD 26
1373	%else
1374	DD 25
1375	%endif
1376	DD PATM_INTERRUPTFLAG
1377	DD 0
1378	%ifdef PATM_LOG_PATCHIRET
1379	DD PATM_PENDINGACTION
1380	DD 0
1381	%endif
1382	DD PATM_VM_FORCEDACTIONS
1383	DD 0
1384	DD PATM_TEMP_EAX
1385	DD 0
1386	DD PATM_TEMP_ECX
1387	DD 0
1388	DD PATM_TEMP_EDI
1389	DD 0
1390	DD PATM_TEMP_RESTORE_FLAGS
1391	DD 0
1392	DD PATM_PENDINGACTION
1393	DD 0
1394	DD PATM_CURINSTRADDR
1395	DD 0
1396	DD PATM_VMFLAGS
1397	DD 0
1398	DD PATM_VMFLAGS
1399	DD 0
1400	DD PATM_VMFLAGS
1401	DD 0
1402	DD PATM_INHIBITIRQADDR
1403	DD 0
1404	DD PATM_CURINSTRADDR
1405	DD 0
1406	DD PATM_INTERRUPTFLAG
1407	DD 0
1408	DD PATM_INTERRUPTFLAG
1409	DD 0
1410	DD PATM_INTERRUPTFLAG
1411	DD 0
1412	DD PATM_FIXUP
1413	DD PATMIretTable - PATMIretStart
1414	DD PATM_IRET_FUNCTION
1415	DD 0
1416	DD PATM_VMFLAGS
1417	DD 0
1418	DD PATM_VMFLAGS
1419	DD 0
1420	DD PATM_VMFLAGS
1421	DD 0
1422	DD PATM_TEMP_EAX
1423	DD 0
1424	DD PATM_TEMP_ECX
1425	DD 0
1426	DD PATM_TEMP_RESTORE_FLAGS
1427	DD 0
1428	DD PATM_PENDINGACTION
1429	DD 0
1430	DD 0ffffffffh
1431
1432
1433	;
1434	; global function for implementing 'iret' to code with IF cleared
1435	;
1436	; Caller is responsible for right stack layout
1437	; + 16 original return address
1438	; + 12 eflags
1439	; + 8 eax
1440	; + 4 Jump table address
1441	;( + 0 return address )
1442	;
1443	; @note assumes PATM_INTERRUPTFLAG is zero
1444	; @note assumes it can trash eax and eflags
1445	;
1446	; @returns eax=0 on failure
1447	; otherwise return address in eax
1448	;
1449	; @note NEVER change this without bumping the SSM version
1450	align 32
1451	BEGINPROC PATMIretFunction
1452	PATMIretFunction_Start:
1453	push ecx
1454	push edx
1455	push edi
1456
1457	; Event order:
1458	; 1) Check if the return patch address can be found in the lookup table
1459	; 2) Query return patch address from the hypervisor
1460
1461	; 1) Check if the return patch address can be found in the lookup table
1462	mov edx, dword [esp+12+16] ; pushed target address
1463
1464	xor eax, eax ; default result -> nothing found
1465	mov edi, dword [esp+12+4] ; jump table
1466	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1467	cmp ecx, 0
1468	je near PATMIretFunction_AskHypervisor
1469
1470	PATMIretFunction_SearchStart:
1471	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1472	je near PATMIretFunction_SearchHit
1473	inc eax
1474	cmp eax, ecx
1475	jl near PATMIretFunction_SearchStart
1476
1477	PATMIretFunction_AskHypervisor:
1478	; 2) Query return patch address from the hypervisor
1479	; @todo private ugly interface, since we have nothing generic at the moment
1480	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1481	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1482	mov ecx, PATM_ACTION_MAGIC
1483	mov edi, dword [esp+12+4] ; jump table address
1484	mov edx, dword [esp+12+16] ; original return address
1485	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1486	jmp near PATMIretFunction_SearchEnd
1487
1488	PATMIretFunction_SearchHit:
1489	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1490	;@note can be zero, so the next check is required!!
1491
1492	PATMIretFunction_SearchEnd:
1493	cmp eax, 0
1494	jz PATMIretFunction_Failure
1495
1496	add eax, PATM_PATCHBASE
1497
1498	pop edi
1499	pop edx
1500	pop ecx
1501	ret
1502
1503	PATMIretFunction_Failure:
1504	;signal error
1505	xor eax, eax
1506	pop edi
1507	pop edx
1508	pop ecx
1509	ret
1510
1511	PATMIretFunction_End:
1512	ENDPROC PATMIretFunction
1513
1514	GLOBALNAME PATMIretFunctionRecord
1515	RTCCPTR_DEF PATMIretFunction_Start
1516	DD 0
1517	DD 0
1518	DD 0
1519	DD PATMIretFunction_End - PATMIretFunction_Start
1520	DD 2
1521	DD PATM_PENDINGACTION
1522	DD 0
1523	DD PATM_PATCHBASE
1524	DD 0
1525	DD 0ffffffffh
1526
1527
1528	align 32 ; yasm / nasm diff - remove me!
1529	BEGINPROC PATMCpuidReplacement
1530	PATMCpuidStart:
1531	mov dword [ss:PATM_INTERRUPTFLAG], 0
1532	pushf
1533
1534	cmp eax, PATM_CPUID_STD_MAX
1535	jb cpuid_std
1536	cmp eax, 0x80000000
1537	jb cpuid_def
1538	cmp eax, PATM_CPUID_EXT_MAX
1539	jb cpuid_ext
1540	cmp eax, 0xc0000000
1541	jb cpuid_def
1542	cmp eax, PATM_CPUID_CENTAUR_MAX
1543	jb cpuid_centaur
1544
1545	; Dirty assumptions in patmCorrectFixup about the pointer fixup order!!!!
1546	cpuid_def:
1547	mov eax, PATM_CPUID_DEF_PTR
1548	jmp cpuid_fetch
1549
1550	cpuid_std:
1551	mov edx, PATM_CPUID_STD_PTR
1552	jmp cpuid_calc
1553
1554	cpuid_ext:
1555	and eax, 0ffh ; strictly speaking not necessary.
1556	mov edx, PATM_CPUID_EXT_PTR
1557	jmp cpuid_calc
1558
1559	cpuid_centaur:
1560	and eax, 0ffh ; strictly speaking not necessary.
1561	mov edx, PATM_CPUID_CENTAUR_PTR
1562
1563	cpuid_calc:
1564	lea eax, [ss:eax * 4] ; 4 entries...
1565	lea eax, [ss:eax * 4] ; 4 bytes each
1566	add eax, edx
1567
1568	cpuid_fetch:
1569	mov edx, [ss:eax + 12] ; CPUMCPUID layout assumptions!
1570	mov ecx, [ss:eax + 8]
1571	mov ebx, [ss:eax + 4]
1572	mov eax, [ss:eax]
1573
1574	popf
1575	mov dword [ss:PATM_INTERRUPTFLAG], 1
1576
1577	PATMCpuidEnd:
1578	ENDPROC PATMCpuidReplacement
1579
1580	; Patch record for 'cpuid'
1581	GLOBALNAME PATMCpuidRecord
1582	RTCCPTR_DEF PATMCpuidStart
1583	DD 0
1584	DD 0
1585	DD 0
1586	DD PATMCpuidEnd- PATMCpuidStart
1587	DD 9
1588	DD PATM_INTERRUPTFLAG
1589	DD 0
1590	DD PATM_CPUID_STD_MAX
1591	DD 0
1592	DD PATM_CPUID_EXT_MAX
1593	DD 0
1594	DD PATM_CPUID_CENTAUR_MAX
1595	DD 0
1596	DD PATM_CPUID_DEF_PTR
1597	DD 0
1598	DD PATM_CPUID_STD_PTR
1599	DD 0
1600	DD PATM_CPUID_EXT_PTR
1601	DD 0
1602	DD PATM_CPUID_CENTAUR_PTR
1603	DD 0
1604	DD PATM_INTERRUPTFLAG
1605	DD 0
1606	DD 0ffffffffh
1607
1608
1609	BEGINPROC PATMJEcxReplacement
1610	PATMJEcxStart:
1611	mov dword [ss:PATM_INTERRUPTFLAG], 0
1612	pushfd
1613	PATMJEcxSizeOverride:
1614	DB 0x90 ; nop
1615	cmp ecx, dword 0 ; yasm / nasm dword
1616	jnz PATMJEcxContinue
1617
1618	popfd
1619	mov dword [ss:PATM_INTERRUPTFLAG], 1
1620	DB 0xE9
1621	PATMJEcxJump:
1622	DD PATM_JUMPDELTA
1623
1624	PATMJEcxContinue:
1625	popfd
1626	mov dword [ss:PATM_INTERRUPTFLAG], 1
1627	PATMJEcxEnd:
1628	ENDPROC PATMJEcxReplacement
1629
1630	; Patch record for 'JEcx'
1631	GLOBALNAME PATMJEcxRecord
1632	RTCCPTR_DEF PATMJEcxStart
1633	DD 0
1634	DD PATMJEcxJump - PATMJEcxStart
1635	DD PATMJEcxSizeOverride - PATMJEcxStart
1636	DD PATMJEcxEnd- PATMJEcxStart
1637	DD 3
1638	DD PATM_INTERRUPTFLAG
1639	DD 0
1640	DD PATM_INTERRUPTFLAG
1641	DD 0
1642	DD PATM_INTERRUPTFLAG
1643	DD 0
1644	DD 0ffffffffh
1645
1646	align 32; yasm / nasm diffing. remove me!
1647	BEGINPROC PATMLoopReplacement
1648	PATMLoopStart:
1649	mov dword [ss:PATM_INTERRUPTFLAG], 0
1650	pushfd
1651	PATMLoopSizeOverride:
1652	DB 0x90 ; nop
1653	dec ecx
1654	jz PATMLoopContinue
1655
1656	popfd
1657	mov dword [ss:PATM_INTERRUPTFLAG], 1
1658	DB 0xE9
1659	PATMLoopJump:
1660	DD PATM_JUMPDELTA
1661
1662	PATMLoopContinue:
1663	popfd
1664	mov dword [ss:PATM_INTERRUPTFLAG], 1
1665	PATMLoopEnd:
1666	ENDPROC PATMLoopReplacement
1667
1668	; Patch record for 'Loop'
1669	GLOBALNAME PATMLoopRecord
1670	RTCCPTR_DEF PATMLoopStart
1671	DD 0
1672	DD PATMLoopJump - PATMLoopStart
1673	DD PATMLoopSizeOverride - PATMLoopStart
1674	DD PATMLoopEnd- PATMLoopStart
1675	DD 3
1676	DD PATM_INTERRUPTFLAG
1677	DD 0
1678	DD PATM_INTERRUPTFLAG
1679	DD 0
1680	DD PATM_INTERRUPTFLAG
1681	DD 0
1682	DD 0ffffffffh
1683
1684	BEGINPROC PATMLoopZReplacement
1685	PATMLoopZStart:
1686	; jump if ZF=1 AND (E)CX != 0
1687
1688	mov dword [ss:PATM_INTERRUPTFLAG], 0
1689	jnz PATMLoopZEnd
1690	pushfd
1691	PATMLoopZSizeOverride:
1692	DB 0x90 ; nop
1693	dec ecx
1694	jz PATMLoopZContinue
1695
1696	popfd
1697	mov dword [ss:PATM_INTERRUPTFLAG], 1
1698	DB 0xE9
1699	PATMLoopZJump:
1700	DD PATM_JUMPDELTA
1701
1702	PATMLoopZContinue:
1703	popfd
1704	mov dword [ss:PATM_INTERRUPTFLAG], 1
1705	PATMLoopZEnd:
1706	ENDPROC PATMLoopZReplacement
1707
1708	; Patch record for 'Loopz'
1709	GLOBALNAME PATMLoopZRecord
1710	RTCCPTR_DEF PATMLoopZStart
1711	DD 0
1712	DD PATMLoopZJump - PATMLoopZStart
1713	DD PATMLoopZSizeOverride - PATMLoopZStart
1714	DD PATMLoopZEnd- PATMLoopZStart
1715	DD 3
1716	DD PATM_INTERRUPTFLAG
1717	DD 0
1718	DD PATM_INTERRUPTFLAG
1719	DD 0
1720	DD PATM_INTERRUPTFLAG
1721	DD 0
1722	DD 0ffffffffh
1723
1724
1725	BEGINPROC PATMLoopNZReplacement
1726	PATMLoopNZStart:
1727	; jump if ZF=0 AND (E)CX != 0
1728
1729	mov dword [ss:PATM_INTERRUPTFLAG], 0
1730	jz PATMLoopNZEnd
1731	pushfd
1732	PATMLoopNZSizeOverride:
1733	DB 0x90 ; nop
1734	dec ecx
1735	jz PATMLoopNZContinue
1736
1737	popfd
1738	mov dword [ss:PATM_INTERRUPTFLAG], 1
1739	DB 0xE9
1740	PATMLoopNZJump:
1741	DD PATM_JUMPDELTA
1742
1743	PATMLoopNZContinue:
1744	popfd
1745	mov dword [ss:PATM_INTERRUPTFLAG], 1
1746	PATMLoopNZEnd:
1747	ENDPROC PATMLoopNZReplacement
1748
1749	; Patch record for 'LoopNZ'
1750	GLOBALNAME PATMLoopNZRecord
1751	RTCCPTR_DEF PATMLoopNZStart
1752	DD 0
1753	DD PATMLoopNZJump - PATMLoopNZStart
1754	DD PATMLoopNZSizeOverride - PATMLoopNZStart
1755	DD PATMLoopNZEnd- PATMLoopNZStart
1756	DD 3
1757	DD PATM_INTERRUPTFLAG
1758	DD 0
1759	DD PATM_INTERRUPTFLAG
1760	DD 0
1761	DD PATM_INTERRUPTFLAG
1762	DD 0
1763	DD 0ffffffffh
1764
1765	align 32
1766	; Global patch function for indirect calls
1767	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1768	; + 20 push [pTargetGC]
1769	; + 16 pushfd
1770	; + 12 push [JumpTableAddress]
1771	; + 8 push [PATMRelReturnAddress]
1772	; + 4 push [GuestReturnAddress]
1773	;( + 0 return address )
1774	;
1775	; @note NEVER change this without bumping the SSM version
1776	BEGINPROC PATMLookupAndCall
1777	PATMLookupAndCallStart:
1778	push eax
1779	push edx
1780	push edi
1781	push ecx
1782
1783	mov eax, dword [esp+16+4] ; guest return address
1784	mov dword [ss:PATM_CALL_RETURN_ADDR], eax ; temporary storage
1785
1786	mov edx, dword [esp+16+20] ; pushed target address
1787
1788	xor eax, eax ; default result -> nothing found
1789	mov edi, dword [esp+16+12] ; jump table
1790	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1791	cmp ecx, 0
1792	je near PATMLookupAndCall_QueryPATM
1793
1794	PATMLookupAndCall_SearchStart:
1795	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1796	je near PATMLookupAndCall_SearchHit
1797	inc eax
1798	cmp eax, ecx
1799	jl near PATMLookupAndCall_SearchStart
1800
1801	PATMLookupAndCall_QueryPATM:
1802	; nothing found -> let our trap handler try to find it
1803	; @todo private ugly interface, since we have nothing generic at the moment
1804	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1805	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1806	mov ecx, PATM_ACTION_MAGIC
1807	; edx = GC address to find
1808	; edi = jump table address
1809	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1810
1811	jmp near PATMLookupAndCall_SearchEnd
1812
1813	PATMLookupAndCall_Failure:
1814	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1815	pop ecx
1816	pop edi
1817	pop edx
1818	pop eax
1819	ret
1820
1821	PATMLookupAndCall_SearchHit:
1822	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1823
1824	;@note can be zero, so the next check is required!!
1825
1826	PATMLookupAndCall_SearchEnd:
1827	cmp eax, 0
1828	je near PATMLookupAndCall_Failure
1829
1830	mov ecx, eax ; ECX = target address (relative!)
1831	add ecx, PATM_PATCHBASE ; Make it absolute
1832
1833	mov edx, dword PATM_STACKPTR
1834	cmp dword [ss:edx], PATM_STACK_SIZE
1835	ja near PATMLookupAndCall_Failure ; should never happen actually!!!
1836	cmp dword [ss:edx], 0
1837	je near PATMLookupAndCall_Failure ; no more room
1838
1839	; save the patch return address on our private stack
1840	sub dword [ss:edx], 4 ; sizeof(RTGCPTR)
1841	mov eax, dword PATM_STACKBASE
1842	add eax, dword [ss:edx] ; stack base + stack position
1843	mov edi, dword [esp+16+8] ; PATM return address
1844	mov dword [ss:eax], edi ; relative address of patch return (instruction following this block)
1845
1846	; save the original return address as well (checked by ret to make sure the guest hasn't messed around with the stack)
1847	mov edi, dword PATM_STACKBASE_GUEST
1848	add edi, dword [ss:edx] ; stack base (guest) + stack position
1849	mov eax, dword [esp+16+4] ; guest return address
1850	mov dword [ss:edi], eax
1851
1852	mov dword [ss:PATM_CALL_PATCH_TARGET_ADDR], ecx ; temporarily store the target address
1853	pop ecx
1854	pop edi
1855	pop edx
1856	pop eax
1857	add esp, 24 ; parameters + return address pushed by caller (changes the flags, but that shouldn't matter)
1858
1859	%ifdef PATM_LOG_PATCHINSTR
1860	push eax
1861	push ecx
1862	push edx
1863	lea edx, [esp + 12 - 4] ; stack address to store return address
1864	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_CALL
1865	mov eax, PATM_ACTION_LOG_CALL
1866	mov ecx, PATM_ACTION_MAGIC
1867	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1868	pop edx
1869	pop ecx
1870	pop eax
1871	%endif
1872
1873	push dword [ss:PATM_CALL_RETURN_ADDR] ; push original guest return address
1874
1875	; the called function will set PATM_INTERRUPTFLAG (!!)
1876	jmp dword [ss:PATM_CALL_PATCH_TARGET_ADDR]
1877
1878	PATMLookupAndCallEnd:
1879	; returning here -> do not add code here or after the jmp!!!!!
1880	ENDPROC PATMLookupAndCall
1881
1882	; Patch record for indirect calls and jumps
1883	GLOBALNAME PATMLookupAndCallRecord
1884	RTCCPTR_DEF PATMLookupAndCallStart
1885	DD 0
1886	DD 0
1887	DD 0
1888	DD PATMLookupAndCallEnd - PATMLookupAndCallStart
1889	%ifdef PATM_LOG_PATCHINSTR
1890	DD 10
1891	%else
1892	DD 9
1893	%endif
1894	DD PATM_CALL_RETURN_ADDR
1895	DD 0
1896	DD PATM_PENDINGACTION
1897	DD 0
1898	DD PATM_PATCHBASE
1899	DD 0
1900	DD PATM_STACKPTR
1901	DD 0
1902	DD PATM_STACKBASE
1903	DD 0
1904	DD PATM_STACKBASE_GUEST
1905	DD 0
1906	DD PATM_CALL_PATCH_TARGET_ADDR
1907	DD 0
1908	%ifdef PATM_LOG_PATCHINSTR
1909	DD PATM_PENDINGACTION
1910	DD 0
1911	%endif
1912	DD PATM_CALL_RETURN_ADDR
1913	DD 0
1914	DD PATM_CALL_PATCH_TARGET_ADDR
1915	DD 0
1916	DD 0ffffffffh
1917
1918
1919	align 32
1920	; Global patch function for indirect jumps
1921	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1922	; + 8 push [pTargetGC]
1923	; + 4 push [JumpTableAddress]
1924	;( + 0 return address )
1925	; And saving eflags in PATM_TEMP_EFLAGS
1926	;
1927	; @note NEVER change this without bumping the SSM version
1928	BEGINPROC PATMLookupAndJump
1929	PATMLookupAndJumpStart:
1930	push eax
1931	push edx
1932	push edi
1933	push ecx
1934
1935	mov edx, dword [esp+16+8] ; pushed target address
1936
1937	xor eax, eax ; default result -> nothing found
1938	mov edi, dword [esp+16+4] ; jump table
1939	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1940	cmp ecx, 0
1941	je near PATMLookupAndJump_QueryPATM
1942
1943	PATMLookupAndJump_SearchStart:
1944	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1945	je near PATMLookupAndJump_SearchHit
1946	inc eax
1947	cmp eax, ecx
1948	jl near PATMLookupAndJump_SearchStart
1949
1950	PATMLookupAndJump_QueryPATM:
1951	; nothing found -> let our trap handler try to find it
1952	; @todo private ugly interface, since we have nothing generic at the moment
1953	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1954	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1955	mov ecx, PATM_ACTION_MAGIC
1956	; edx = GC address to find
1957	; edi = jump table address
1958	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1959
1960	jmp near PATMLookupAndJump_SearchEnd
1961
1962	PATMLookupAndJump_Failure:
1963	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1964	pop ecx
1965	pop edi
1966	pop edx
1967	pop eax
1968	ret
1969
1970	PATMLookupAndJump_SearchHit:
1971	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1972
1973	;@note can be zero, so the next check is required!!
1974
1975	PATMLookupAndJump_SearchEnd:
1976	cmp eax, 0
1977	je near PATMLookupAndJump_Failure
1978
1979	mov ecx, eax ; ECX = target address (relative!)
1980	add ecx, PATM_PATCHBASE ; Make it absolute
1981
1982	; save jump patch target
1983	mov dword [ss:PATM_TEMP_EAX], ecx
1984	pop ecx
1985	pop edi
1986	pop edx
1987	pop eax
1988	add esp, 12 ; parameters + return address pushed by caller
1989	; restore flags (just to be sure)
1990	push dword [ss:PATM_TEMP_EFLAGS]
1991	popfd
1992
1993	; the jump destination will set PATM_INTERRUPTFLAG (!!)
1994	jmp dword [ss:PATM_TEMP_EAX] ; call duplicated patch destination address
1995
1996	PATMLookupAndJumpEnd:
1997	ENDPROC PATMLookupAndJump
1998
1999	; Patch record for indirect calls and jumps
2000	GLOBALNAME PATMLookupAndJumpRecord
2001	RTCCPTR_DEF PATMLookupAndJumpStart
2002	DD 0
2003	DD 0
2004	DD 0
2005	DD PATMLookupAndJumpEnd - PATMLookupAndJumpStart
2006	DD 5
2007	DD PATM_PENDINGACTION
2008	DD 0
2009	DD PATM_PATCHBASE
2010	DD 0
2011	DD PATM_TEMP_EAX
2012	DD 0
2013	DD PATM_TEMP_EFLAGS
2014	DD 0
2015	DD PATM_TEMP_EAX
2016	DD 0
2017	DD 0ffffffffh
2018
2019
2020
2021
2022	align 32
2023	; Patch function for static calls
2024	; @note static calls have only one lookup slot!
2025	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2026	; push [pTargetGC]
2027	;
2028	BEGINPROC PATMCall
2029	PATMCallStart:
2030	pushfd
2031	push PATM_FIXUP ; fixup for jump table below
2032	push PATM_PATCHNEXTBLOCK
2033	push PATM_RETURNADDR
2034	DB 0E8h ; call
2035	DD PATM_LOOKUP_AND_CALL_FUNCTION
2036	; we only return in case of a failure
2037	add esp, 12 ; pushed address of jump table
2038	popfd
2039	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
2040	mov dword [ss:PATM_INTERRUPTFLAG], 1
2041	PATM_INT3
2042	%ifdef DEBUG
2043	; for disassembly
2044	jmp PATMCallEnd
2045	%endif
2046
2047	align 4
2048	PATMCallTable:
2049	DW 1 ; nrSlots
2050	DW 0 ; ulInsertPos
2051	DD 0 ; cAddresses
2052	TIMES PATCHDIRECTJUMPTABLE_SIZE DB 0 ; only one lookup slot
2053
2054	PATMCallEnd:
2055	; returning here -> do not add code here or after the jmp!!!!!
2056	ENDPROC PATMCall
2057
2058	; Patch record for direct calls
2059	GLOBALNAME PATMCallRecord
2060	RTCCPTR_DEF PATMCallStart
2061	DD 0
2062	DD 0
2063	DD 0
2064	DD PATMCallEnd - PATMCallStart
2065	DD 5
2066	DD PATM_FIXUP
2067	DD PATMCallTable - PATMCallStart
2068	DD PATM_PATCHNEXTBLOCK
2069	DD 0
2070	DD PATM_RETURNADDR
2071	DD 0
2072	DD PATM_LOOKUP_AND_CALL_FUNCTION
2073	DD 0
2074	DD PATM_INTERRUPTFLAG
2075	DD 0
2076	DD 0ffffffffh
2077
2078
2079	align 32
2080	; Patch function for indirect calls
2081	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2082	; push [pTargetGC]
2083	;
2084	BEGINPROC PATMCallIndirect
2085	PATMCallIndirectStart:
2086	pushfd
2087	push PATM_FIXUP ; fixup for jump table below
2088	push PATM_PATCHNEXTBLOCK
2089	push PATM_RETURNADDR
2090	DB 0E8h ; call
2091	DD PATM_LOOKUP_AND_CALL_FUNCTION
2092	; we only return in case of a failure
2093	add esp, 12 ; pushed address of jump table
2094	popfd
2095	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
2096	mov dword [ss:PATM_INTERRUPTFLAG], 1
2097	PATM_INT3
2098	%ifdef DEBUG
2099	; for disassembly
2100	jmp PATMCallIndirectEnd
2101	%endif
2102
2103	align 4
2104	PATMCallIndirectTable:
2105	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2106	DW 0 ; ulInsertPos
2107	DD 0 ; cAddresses
2108	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2109
2110	PATMCallIndirectEnd:
2111	; returning here -> do not add code here or after the jmp!!!!!
2112	ENDPROC PATMCallIndirect
2113
2114	; Patch record for indirect calls
2115	GLOBALNAME PATMCallIndirectRecord
2116	RTCCPTR_DEF PATMCallIndirectStart
2117	DD 0
2118	DD 0
2119	DD 0
2120	DD PATMCallIndirectEnd - PATMCallIndirectStart
2121	DD 5
2122	DD PATM_FIXUP
2123	DD PATMCallIndirectTable - PATMCallIndirectStart
2124	DD PATM_PATCHNEXTBLOCK
2125	DD 0
2126	DD PATM_RETURNADDR
2127	DD 0
2128	DD PATM_LOOKUP_AND_CALL_FUNCTION
2129	DD 0
2130	DD PATM_INTERRUPTFLAG
2131	DD 0
2132	DD 0ffffffffh
2133
2134
2135	align 32
2136	; Patch function for indirect jumps
2137	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2138	; push [pTargetGC]
2139	;
2140	BEGINPROC PATMJumpIndirect
2141	PATMJumpIndirectStart:
2142	; save flags (just to be sure)
2143	pushfd
2144	pop dword [ss:PATM_TEMP_EFLAGS]
2145
2146	push PATM_FIXUP ; fixup for jump table below
2147	DB 0E8h ; call
2148	DD PATM_LOOKUP_AND_JUMP_FUNCTION
2149	; we only return in case of a failure
2150	add esp, 8 ; pushed address of jump table + pushed target address
2151
2152	; restore flags (just to be sure)
2153	push dword [ss:PATM_TEMP_EFLAGS]
2154	popfd
2155
2156	mov dword [ss:PATM_INTERRUPTFLAG], 1
2157	PATM_INT3
2158
2159	%ifdef DEBUG
2160	; for disassembly
2161	jmp PATMJumpIndirectEnd
2162	%endif
2163
2164	align 4
2165	PATMJumpIndirectTable:
2166	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2167	DW 0 ; ulInsertPos
2168	DD 0 ; cAddresses
2169	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2170
2171	PATMJumpIndirectEnd:
2172	; returning here -> do not add code here or after the jmp!!!!!
2173	ENDPROC PATMJumpIndirect
2174
2175	; Patch record for indirect jumps
2176	GLOBALNAME PATMJumpIndirectRecord
2177	RTCCPTR_DEF PATMJumpIndirectStart
2178	DD 0
2179	DD 0
2180	DD 0
2181	DD PATMJumpIndirectEnd - PATMJumpIndirectStart
2182	DD 5
2183	DD PATM_TEMP_EFLAGS
2184	DD 0
2185	DD PATM_FIXUP
2186	DD PATMJumpIndirectTable - PATMJumpIndirectStart
2187	DD PATM_LOOKUP_AND_JUMP_FUNCTION
2188	DD 0
2189	DD PATM_TEMP_EFLAGS
2190	DD 0
2191	DD PATM_INTERRUPTFLAG
2192	DD 0
2193	DD 0ffffffffh
2194
2195	;
2196	; return from duplicated function
2197	;
2198	align 32
2199	BEGINPROC PATMRet
2200	PATMRet_Start:
2201	; probe stack here as we can't recover from page faults later on
2202	not dword [esp-32]
2203	not dword [esp-32]
2204	mov dword [ss:PATM_INTERRUPTFLAG], 0
2205	pushfd
2206	push eax
2207	push PATM_FIXUP
2208	DB 0E8h ; call
2209	DD PATM_RETURN_FUNCTION
2210	add esp, 4 ; pushed address of jump table
2211
2212	cmp eax, 0
2213	jne near PATMRet_Success
2214
2215	pop eax
2216	popfd
2217	mov dword [ss:PATM_INTERRUPTFLAG], 1
2218	PATM_INT3
2219
2220	%ifdef DEBUG
2221	; for disassembly
2222	jmp PATMRet_Success
2223	%endif
2224	align 4
2225	PATMRetTable:
2226	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2227	DW 0 ; ulInsertPos
2228	DD 0 ; cAddresses
2229	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2230
2231	PATMRet_Success:
2232	mov dword [esp+8], eax ; overwrite the saved return address
2233	pop eax
2234	popf
2235	; caller will duplicate the ret or ret n instruction
2236	; the patched call will set PATM_INTERRUPTFLAG after the return!
2237	PATMRet_End:
2238	ENDPROC PATMRet
2239
2240	GLOBALNAME PATMRetRecord
2241	RTCCPTR_DEF PATMRet_Start
2242	DD 0
2243	DD 0
2244	DD 0
2245	DD PATMRet_End - PATMRet_Start
2246	DD 4
2247	DD PATM_INTERRUPTFLAG
2248	DD 0
2249	DD PATM_FIXUP
2250	DD PATMRetTable - PATMRet_Start
2251	DD PATM_RETURN_FUNCTION
2252	DD 0
2253	DD PATM_INTERRUPTFLAG
2254	DD 0
2255	DD 0ffffffffh
2256
2257	;
2258	; global function for implementing 'retn'
2259	;
2260	; Caller is responsible for right stack layout
2261	; + 16 original return address
2262	; + 12 eflags
2263	; + 8 eax
2264	; + 4 Jump table address
2265	;( + 0 return address )
2266	;
2267	; @note assumes PATM_INTERRUPTFLAG is zero
2268	; @note assumes it can trash eax and eflags
2269	;
2270	; @returns eax=0 on failure
2271	; otherwise return address in eax
2272	;
2273	; @note NEVER change this without bumping the SSM version
2274	align 32
2275	BEGINPROC PATMRetFunction
2276	PATMRetFunction_Start:
2277	push ecx
2278	push edx
2279	push edi
2280
2281	; Event order:
2282	; (@todo figure out which path is taken most often (1 or 2))
2283	; 1) Check if the return patch address was pushed onto the PATM stack
2284	; 2) Check if the return patch address can be found in the lookup table
2285	; 3) Query return patch address from the hypervisor
2286
2287
2288	; 1) Check if the return patch address was pushed on the PATM stack
2289	cmp dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2290	jae near PATMRetFunction_FindReturnAddress
2291
2292	mov edx, dword PATM_STACKPTR
2293
2294	; check if the return address is what we expect it to be
2295	mov eax, dword PATM_STACKBASE_GUEST
2296	add eax, dword [ss:edx] ; stack base + stack position
2297	mov eax, dword [ss:eax] ; original return address
2298	cmp eax, dword [esp+12+16] ; pushed return address
2299
2300	; the return address was changed -> let our trap handler try to find it
2301	; (can happen when the guest messes with the stack (seen it) or when we didn't call this function ourselves)
2302	jne near PATMRetFunction_FindReturnAddress
2303
2304	; found it, convert relative to absolute patch address and return the result to the caller
2305	mov eax, dword PATM_STACKBASE
2306	add eax, dword [ss:edx] ; stack base + stack position
2307	mov eax, dword [ss:eax] ; relative patm return address
2308	add eax, PATM_PATCHBASE
2309
2310	%ifdef PATM_LOG_PATCHINSTR
2311	push eax
2312	push ebx
2313	push ecx
2314	push edx
2315	mov edx, eax ; return address
2316	lea ebx, [esp+16+12+16] ; stack address containing the return address
2317	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
2318	mov eax, PATM_ACTION_LOG_RET
2319	mov ecx, PATM_ACTION_MAGIC
2320	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2321	pop edx
2322	pop ecx
2323	pop ebx
2324	pop eax
2325	%endif
2326
2327	add dword [ss:edx], 4 ; pop return address from the PATM stack (sizeof(RTGCPTR); @note hardcoded assumption!)
2328
2329	pop edi
2330	pop edx
2331	pop ecx
2332	ret
2333
2334	PATMRetFunction_FindReturnAddress:
2335	; 2) Check if the return patch address can be found in the lookup table
2336	mov edx, dword [esp+12+16] ; pushed target address
2337
2338	xor eax, eax ; default result -> nothing found
2339	mov edi, dword [esp+12+4] ; jump table
2340	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
2341	cmp ecx, 0
2342	je near PATMRetFunction_AskHypervisor
2343
2344	PATMRetFunction_SearchStart:
2345	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
2346	je near PATMRetFunction_SearchHit
2347	inc eax
2348	cmp eax, ecx
2349	jl near PATMRetFunction_SearchStart
2350
2351	PATMRetFunction_AskHypervisor:
2352	; 3) Query return patch address from the hypervisor
2353	; @todo private ugly interface, since we have nothing generic at the moment
2354	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
2355	mov eax, PATM_ACTION_LOOKUP_ADDRESS
2356	mov ecx, PATM_ACTION_MAGIC
2357	mov edi, dword [esp+12+4] ; jump table address
2358	mov edx, dword [esp+12+16] ; original return address
2359	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2360	jmp near PATMRetFunction_SearchEnd
2361
2362	PATMRetFunction_SearchHit:
2363	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
2364	;@note can be zero, so the next check is required!!
2365
2366	PATMRetFunction_SearchEnd:
2367	cmp eax, 0
2368	jz PATMRetFunction_Failure
2369
2370	add eax, PATM_PATCHBASE
2371
2372	%ifdef PATM_LOG_PATCHINSTR
2373	push eax
2374	push ebx
2375	push ecx
2376	push edx
2377	mov edx, eax ; return address
2378	lea ebx, [esp+16+12+16] ; stack address containing the return address
2379	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
2380	mov eax, PATM_ACTION_LOG_RET
2381	mov ecx, PATM_ACTION_MAGIC
2382	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2383	pop edx
2384	pop ecx
2385	pop ebx
2386	pop eax
2387	%endif
2388
2389	pop edi
2390	pop edx
2391	pop ecx
2392	ret
2393
2394	PATMRetFunction_Failure:
2395	;signal error
2396	xor eax, eax
2397	pop edi
2398	pop edx
2399	pop ecx
2400	ret
2401
2402	PATMRetFunction_End:
2403	ENDPROC PATMRetFunction
2404
2405	GLOBALNAME PATMRetFunctionRecord
2406	RTCCPTR_DEF PATMRetFunction_Start
2407	DD 0
2408	DD 0
2409	DD 0
2410	DD PATMRetFunction_End - PATMRetFunction_Start
2411	%ifdef PATM_LOG_PATCHINSTR
2412	DD 9
2413	%else
2414	DD 7
2415	%endif
2416	DD PATM_STACKPTR
2417	DD 0
2418	DD PATM_STACKPTR
2419	DD 0
2420	DD PATM_STACKBASE_GUEST
2421	DD 0
2422	DD PATM_STACKBASE
2423	DD 0
2424	DD PATM_PATCHBASE
2425	DD 0
2426	%ifdef PATM_LOG_PATCHINSTR
2427	DD PATM_PENDINGACTION
2428	DD 0
2429	%endif
2430	DD PATM_PENDINGACTION
2431	DD 0
2432	DD PATM_PATCHBASE
2433	DD 0
2434	%ifdef PATM_LOG_PATCHINSTR
2435	DD PATM_PENDINGACTION
2436	DD 0
2437	%endif
2438	DD 0ffffffffh
2439
2440
2441	;
2442	; Jump to original instruction if IF=1
2443	;
2444	BEGINPROC PATMCheckIF
2445	PATMCheckIF_Start:
2446	mov dword [ss:PATM_INTERRUPTFLAG], 0
2447	pushf
2448	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2449	jnz PATMCheckIF_Safe
2450	nop
2451
2452	; IF=0 -> unsafe, so we must call the duplicated function (which we don't do here)
2453	popf
2454	mov dword [ss:PATM_INTERRUPTFLAG], 1
2455	jmp PATMCheckIF_End
2456
2457	PATMCheckIF_Safe:
2458	; invalidate the PATM stack as we'll jump back to guest code
2459	mov dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2460
2461	%ifdef PATM_LOG_PATCHINSTR
2462	push eax
2463	push ecx
2464	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_IF1
2465	mov eax, PATM_ACTION_LOG_IF1
2466	mov ecx, PATM_ACTION_MAGIC
2467	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2468	pop ecx
2469	pop eax
2470	%endif
2471	popf
2472	mov dword [ss:PATM_INTERRUPTFLAG], 1
2473	; IF=1 -> we can safely jump back to the original instruction
2474	DB 0xE9
2475	PATMCheckIF_Jump:
2476	DD PATM_JUMPDELTA
2477	PATMCheckIF_End:
2478	ENDPROC PATMCheckIF
2479
2480	; Patch record for call instructions
2481	GLOBALNAME PATMCheckIFRecord
2482	RTCCPTR_DEF PATMCheckIF_Start
2483	DD PATMCheckIF_Jump - PATMCheckIF_Start
2484	DD 0
2485	DD 0
2486	DD PATMCheckIF_End - PATMCheckIF_Start
2487	%ifdef PATM_LOG_PATCHINSTR
2488	DD 6
2489	%else
2490	DD 5
2491	%endif
2492	DD PATM_INTERRUPTFLAG
2493	DD 0
2494	DD PATM_VMFLAGS
2495	DD 0
2496	DD PATM_INTERRUPTFLAG
2497	DD 0
2498	DD PATM_STACKPTR
2499	DD 0
2500	%ifdef PATM_LOG_PATCHINSTR
2501	DD PATM_PENDINGACTION
2502	DD 0
2503	%endif
2504	DD PATM_INTERRUPTFLAG
2505	DD 0
2506	DD 0ffffffffh
2507
2508	;
2509	; Jump back to guest if IF=1, else fault
2510	;
2511	BEGINPROC PATMJumpToGuest_IF1
2512	PATMJumpToGuest_IF1_Start:
2513	mov dword [ss:PATM_INTERRUPTFLAG], 0
2514	pushf
2515	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2516	jnz PATMJumpToGuest_IF1_Safe
2517	nop
2518
2519	; IF=0 -> unsafe, so fault
2520	popf
2521	mov dword [ss:PATM_INTERRUPTFLAG], 1
2522	PATM_INT3
2523
2524	PATMJumpToGuest_IF1_Safe:
2525	; IF=1 -> we can safely jump back to the original instruction
2526	popf
2527	mov dword [ss:PATM_INTERRUPTFLAG], 1
2528	DB 0xE9
2529	PATMJumpToGuest_IF1_Jump:
2530	DD PATM_JUMPDELTA
2531	PATMJumpToGuest_IF1_End:
2532	ENDPROC PATMJumpToGuest_IF1
2533
2534	; Patch record for call instructions
2535	GLOBALNAME PATMJumpToGuest_IF1Record
2536	RTCCPTR_DEF PATMJumpToGuest_IF1_Start
2537	DD PATMJumpToGuest_IF1_Jump - PATMJumpToGuest_IF1_Start
2538	DD 0
2539	DD 0
2540	DD PATMJumpToGuest_IF1_End - PATMJumpToGuest_IF1_Start
2541	DD 4
2542	DD PATM_INTERRUPTFLAG
2543	DD 0
2544	DD PATM_VMFLAGS
2545	DD 0
2546	DD PATM_INTERRUPTFLAG
2547	DD 0
2548	DD PATM_INTERRUPTFLAG
2549	DD 0
2550	DD 0ffffffffh
2551
2552
2553	; check and correct RPL of pushed ss
2554	BEGINPROC PATMMovFromSS
2555	PATMMovFromSS_Start:
2556	push eax
2557	pushfd
2558	mov ax, ss
2559	and ax, 3
2560	cmp ax, 1
2561	jne near PATMMovFromSS_Continue
2562
2563	and dword [esp+8], ~3 ; clear RPL 1
2564	PATMMovFromSS_Continue:
2565	popfd
2566	pop eax
2567	PATMMovFromSS_Start_End:
2568	ENDPROC PATMMovFromSS
2569
2570	GLOBALNAME PATMMovFromSSRecord
2571	RTCCPTR_DEF PATMMovFromSS_Start
2572	DD 0
2573	DD 0
2574	DD 0
2575	DD PATMMovFromSS_Start_End - PATMMovFromSS_Start
2576	DD 0
2577	DD 0ffffffffh
2578
2579
2580
2581
2582	; For assertion during init (to make absolutely sure the flags are in sync in vm.mac & vm.h)
2583	GLOBALNAME PATMInterruptFlag
2584	DD VMCPU_FF_INTERRUPT_APIC \| VMCPU_FF_INTERRUPT_PIC \| VMCPU_FF_TIMER \| VMCPU_FF_REQUEST
2585

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/VMM/PATM/PATMA.asm@ 22621

Download in other formats: