VirtualBox

source: vbox/trunk/src/VBox/VMM/PATM/PATMInternal.h@ 20833

Last change on this file since 20833 was 20374, checked in by vboxsync, 16 years ago

*: s/RT_\(BEGIN|END\)_DECLS/RT_C_DECLS_\1/g

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 29.4 KB
Line 
1/* $Id: PATMInternal.h 20374 2009-06-08 00:43:21Z vboxsync $ */
2/** @file
3 * PATM - Internal header file.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22#ifndef ___PATMInternal_h
23#define ___PATMInternal_h
24
25#include <VBox/cdefs.h>
26#include <VBox/types.h>
27#include <VBox/patm.h>
28#include <VBox/stam.h>
29#include <VBox/dis.h>
30#include <VBox/pgm.h>
31#include <iprt/avl.h>
32#include <iprt/param.h>
33#include <VBox/log.h>
34
35
36
37#ifdef PATM_WITH_NEW_SSM
38# define PATM_SSM_VERSION 54
39/* Last version to use SSMR3Put/GetMem */
40# define PATM_SSM_VERSION_GETPUTMEM 53
41#else
42# define PATM_SSM_VERSION 55
43# define PATM_SSM_VERSION_FIXUP_HACK 54
44# define PATM_SSM_VERSION_FIXUP_HACK 54
45# define PATM_SSM_VERSION_VER16 53
46#endif
47
48/* Enable for call patching. */
49#define PATM_ENABLE_CALL
50#define PATCH_MEMORY_SIZE (2*1024*1024)
51#define MAX_PATCH_SIZE (1024*4)
52
53/*
54 * Internal patch type flags (starts at RT_BIT(11))
55 */
56
57#define PATMFL_CHECK_SIZE RT_BIT_64(11)
58#define PATMFL_FOUND_PATCHEND RT_BIT_64(12)
59#define PATMFL_SINGLE_INSTRUCTION RT_BIT_64(13)
60#define PATMFL_SYSENTER_XP RT_BIT_64(14)
61#define PATMFL_JUMP_CONFLICT RT_BIT_64(15)
62#define PATMFL_READ_ORIGINAL_BYTES RT_BIT_64(16) /** opcode might have already been patched */
63#define PATMFL_INT3_REPLACEMENT RT_BIT_64(17)
64#define PATMFL_SUPPORT_CALLS RT_BIT_64(18)
65#define PATMFL_SUPPORT_INDIRECT_CALLS RT_BIT_64(19)
66#define PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT RT_BIT_64(20) /** internal flag to avoid duplicate entrypoints */
67#define PATMFL_INHIBIT_IRQS RT_BIT_64(21) /** temporary internal flag */
68#define PATMFL_GENERATE_JUMPTOGUEST RT_BIT_64(22) /** temporary internal flag */
69#define PATMFL_RECOMPILE_NEXT RT_BIT_64(23) /** for recompilation of the next instruction */
70#define PATMFL_CODE_MONITORED RT_BIT_64(24) /** code pages of guest monitored for self-modifying code. */
71#define PATMFL_CALLABLE_AS_FUNCTION RT_BIT_64(25) /** cli and pushf blocks can be used as callable functions. */
72#define PATMFL_GLOBAL_FUNCTIONS RT_BIT_64(26) /** fake patch for global patm functions. */
73#define PATMFL_TRAMPOLINE RT_BIT_64(27) /** trampoline patch that clears PATM_INTERRUPTFLAG and jumps to patch destination */
74#define PATMFL_GENERATE_SETPIF RT_BIT_64(28) /** generate set PIF for the next instruction */
75#define PATMFL_INSTR_HINT RT_BIT_64(29) /** Generate patch, but don't activate it. */
76#define PATMFL_PATCHED_GUEST_CODE RT_BIT_64(30) /** Patched guest code. */
77#define PATMFL_MUST_INSTALL_PATCHJMP RT_BIT_64(31) /** Need to patch guest code in order to activate patch. */
78#define PATMFL_INT3_REPLACEMENT_BLOCK RT_BIT_64(32) /** int 3 replacement block */
79#define PATMFL_EXTERNAL_JUMP_INSIDE RT_BIT_64(33) /** A trampoline patch was created that jumps to an instruction in the patch block */
80#define PATMFL_CODE_REFERENCED RT_BIT_64(34) /** patch block referenced (called, jumped to) by another patch. */
81
82#define SIZEOF_NEARJUMP8 2 //opcode byte + 1 byte relative offset
83#define SIZEOF_NEARJUMP16 3 //opcode byte + 2 byte relative offset
84#define SIZEOF_NEARJUMP32 5 //opcode byte + 4 byte relative offset
85#define SIZEOF_NEAR_COND_JUMP32 6 //0xF + opcode byte + 4 byte relative offset
86
87#define MAX_INSTR_SIZE 16
88
89//Patch states
90#define PATCH_REFUSED 1
91#define PATCH_DISABLED 2
92#define PATCH_ENABLED 4
93#define PATCH_UNUSABLE 8
94#define PATCH_DIRTY 16
95#define PATCH_DISABLE_PENDING 32
96
97
98#define MAX_PATCH_TRAPS 4
99#define PATM_MAX_CALL_DEPTH 32
100/* Maximum nr of writes before a patch is marked dirty. (disabled) */
101#define PATM_MAX_CODE_WRITES 32
102/* Maximum nr of invalid writes before a patch is disabled. */
103#define PATM_MAX_INVALID_WRITES 16384
104
105#define FIXUP_ABSOLUTE 0
106#define FIXUP_REL_JMPTOPATCH 1
107#define FIXUP_REL_JMPTOGUEST 2
108
109#define PATM_ILLEGAL_DESTINATION 0xDEADBEEF
110
111/** Size of the instruction that's used for requests from patch code (currently only call) */
112#define PATM_ILLEGAL_INSTR_SIZE 2
113
114
115/** No statistics counter index allocated just yet */
116#define PATM_STAT_INDEX_NONE (uint32_t)-1
117/** Dummy counter to handle overflows */
118#define PATM_STAT_INDEX_DUMMY 0
119#define PATM_STAT_INDEX_IS_VALID(a) (a != PATM_STAT_INDEX_DUMMY && a != PATM_STAT_INDEX_NONE)
120
121#ifdef VBOX_WITH_STATISTICS
122#define PATM_STAT_RUN_INC(pPatch) \
123 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
124 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32A++;
125#define PATM_STAT_FAULT_INC(pPatch) \
126 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
127 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32B++;
128#else
129#define PATM_STAT_RUN_INC(pPatch) do { } while (0)
130#define PATM_STAT_FAULT_INC(pPatch) do { } while (0)
131#endif
132
133/** Maximum number of stat counters. */
134#define PATM_STAT_MAX_COUNTERS 1024
135/** Size of memory allocated for patch statistics. */
136#define PATM_STAT_MEMSIZE (PATM_STAT_MAX_COUNTERS*sizeof(STAMRATIOU32))
137
138/** aCpus[0].fLocalForcedActions fixup (must be uneven to avoid theoretical clashes with valid pointers) */
139#define PATM_FIXUP_CPU_FF_ACTION 0xffffff01
140/** default cpuid pointer fixup */
141#define PATM_FIXUP_CPUID_DEFAULT 0xffffff03
142/** standard cpuid pointer fixup */
143#define PATM_FIXUP_CPUID_STANDARD 0xffffff05
144/** extended cpuid pointer fixup */
145#define PATM_FIXUP_CPUID_EXTENDED 0xffffff07
146/** centaur cpuid pointer fixup */
147#define PATM_FIXUP_CPUID_CENTAUR 0xffffff09
148
149typedef struct
150{
151 /** The key is a HC virtual address. */
152 AVLPVNODECORE Core;
153
154 uint32_t uType;
155 R3PTRTYPE(uint8_t *) pRelocPos;
156 RTRCPTR pSource;
157 RTRCPTR pDest;
158} RELOCREC, *PRELOCREC;
159
160typedef struct
161{
162 R3PTRTYPE(uint8_t *) pPatchLocStartHC;
163 R3PTRTYPE(uint8_t *) pPatchLocEndHC;
164 RCPTRTYPE(uint8_t *) pGuestLoc;
165 uint32_t opsize;
166} P2GLOOKUPREC, *PP2GLOOKUPREC;
167
168typedef struct
169{
170 /** The key is a pointer to a JUMPREC structure. */
171 AVLPVNODECORE Core;
172
173 R3PTRTYPE(uint8_t *) pJumpHC;
174 RCPTRTYPE(uint8_t *) pTargetGC;
175 uint32_t offDispl;
176 uint32_t opcode;
177} JUMPREC, *PJUMPREC;
178
179/**
180 * Patch to guest lookup type (single or both direction)
181 */
182typedef enum
183{
184 PATM_LOOKUP_PATCH2GUEST, /* patch to guest */
185 PATM_LOOKUP_BOTHDIR /* guest to patch + patch to guest */
186} PATM_LOOKUP_TYPE;
187
188/**
189 * Patch to guest address lookup record
190 */
191typedef struct RECPATCHTOGUEST
192{
193 /** The key is an offset inside the patch memory block. */
194 AVLU32NODECORE Core;
195
196 RTRCPTR pOrgInstrGC;
197 PATM_LOOKUP_TYPE enmType;
198 bool fDirty;
199 bool fJumpTarget;
200 uint8_t u8DirtyOpcode; /* original opcode before writing 0xCC there to mark it dirty */
201} RECPATCHTOGUEST, *PRECPATCHTOGUEST;
202
203/**
204 * Guest to patch address lookup record
205 */
206typedef struct RECGUESTTOPATCH
207{
208 /** The key is a GC virtual address. */
209 AVLU32NODECORE Core;
210
211 /** Patch offset (relative to PATM::pPatchMemGC / PATM::pPatchMemHC). */
212 uint32_t PatchOffset;
213} RECGUESTTOPATCH, *PRECGUESTTOPATCH;
214
215/**
216 * Temporary information used in ring 3 only; no need to waste memory in the patch record itself.
217 */
218typedef struct
219{
220 /* Temporary tree for storing the addresses of illegal instructions. */
221 R3PTRTYPE(PAVLPVNODECORE) IllegalInstrTree;
222 uint32_t nrIllegalInstr;
223
224 int32_t nrJumps;
225 uint32_t nrRetInstr;
226
227 /* Temporary tree of encountered jumps. (debug only) */
228 R3PTRTYPE(PAVLPVNODECORE) DisasmJumpTree;
229
230 int32_t nrCalls;
231
232 /** Last original guest instruction pointer; used for disassmebly log. */
233 RTRCPTR pLastDisasmInstrGC;
234
235 /** Keeping track of multiple ret instructions. */
236 RTRCPTR pPatchRetInstrGC;
237 uint32_t uPatchRetParam1;
238} PATCHINFOTEMP, *PPATCHINFOTEMP;
239
240typedef struct _PATCHINFO
241{
242 uint32_t uState;
243 uint32_t uOldState;
244 DISCPUMODE uOpMode;
245
246 RCPTRTYPE(uint8_t *) pPrivInstrGC; //GC pointer of privileged instruction
247 R3PTRTYPE(uint8_t *) pPrivInstrHC; //HC pointer of privileged instruction
248 uint8_t aPrivInstr[MAX_INSTR_SIZE];
249 uint32_t cbPrivInstr;
250 uint32_t opcode; //opcode for priv instr (OP_*)
251 uint32_t cbPatchJump; //patch jump size
252
253 /* Only valid for PATMFL_JUMP_CONFLICT patches */
254 RTRCPTR pPatchJumpDestGC;
255
256 RTGCUINTPTR32 pPatchBlockOffset;
257 uint32_t cbPatchBlockSize;
258 uint32_t uCurPatchOffset;
259#if HC_ARCH_BITS == 64
260 uint32_t Alignment0; /**< Align flags correctly. */
261#endif
262
263 uint64_t flags;
264
265 /**
266 * Lowest and highest patched GC instruction address. To optimize searches.
267 */
268 RTRCPTR pInstrGCLowest;
269 RTRCPTR pInstrGCHighest;
270
271 /* Tree of fixup records for the patch. */
272 R3PTRTYPE(PAVLPVNODECORE) FixupTree;
273 int32_t nrFixups;
274
275 /* Tree of jumps inside the generated patch code. */
276 int32_t nrJumpRecs;
277 R3PTRTYPE(PAVLPVNODECORE) JumpTree;
278
279 /**
280 * Lookup trees for determining the corresponding guest address of an
281 * instruction in the patch block.
282 */
283 R3PTRTYPE(PAVLU32NODECORE) Patch2GuestAddrTree;
284 R3PTRTYPE(PAVLU32NODECORE) Guest2PatchAddrTree;
285 uint32_t nrPatch2GuestRecs;
286#if HC_ARCH_BITS == 64
287 uint32_t Alignment1;
288#endif
289
290 // Cache record for PATMGCVirtToHCVirt
291 P2GLOOKUPREC cacheRec;
292
293 /* Temporary information during patch creation. Don't waste hypervisor memory for this. */
294 R3PTRTYPE(PPATCHINFOTEMP) pTempInfo;
295
296 /* Count the number of writes to the corresponding guest code. */
297 uint32_t cCodeWrites;
298
299 /* Count the number of invalid writes to pages monitored for the patch. */
300 //some statistics to determine if we should keep this patch activated
301 uint32_t cTraps;
302
303 uint32_t cInvalidWrites;
304
305 // Index into the uPatchRun and uPatchTrap arrays (0..MAX_PATCHES-1)
306 uint32_t uPatchIdx;
307
308 /* First opcode byte, that's overwritten when a patch is marked dirty. */
309 uint8_t bDirtyOpcode;
310 uint8_t Alignment2[7]; /**< Align the structure size on a 8-byte boundrary. */
311} PATCHINFO, *PPATCHINFO;
312
313#define PATCHCODE_PTR_GC(pPatch) (RTRCPTR) (pVM->patm.s.pPatchMemGC + (pPatch)->pPatchBlockOffset)
314#define PATCHCODE_PTR_HC(pPatch) (uint8_t *)(pVM->patm.s.pPatchMemHC + (pPatch)->pPatchBlockOffset)
315
316/**
317 * Lookup record for patches
318 */
319typedef struct PATMPATCHREC
320{
321 /** The key is a GC virtual address. */
322 AVLOU32NODECORE Core;
323 /** The key is a patch offset. */
324 AVLOU32NODECORE CoreOffset;
325
326 PATCHINFO patch;
327} PATMPATCHREC, *PPATMPATCHREC;
328
329/** Increment for allocating room for pointer array */
330#define PATMPATCHPAGE_PREALLOC_INCREMENT 16
331
332/**
333 * Lookup record for patch pages
334 */
335typedef struct PATMPATCHPAGE
336{
337 /** The key is a GC virtual address. */
338 AVLOU32NODECORE Core;
339 /** Region to monitor. */
340 RTRCPTR pLowestAddrGC;
341 RTRCPTR pHighestAddrGC;
342 /** Number of patches for this page. */
343 uint32_t cCount;
344 /** Maximum nr of pointers in the array. */
345 uint32_t cMaxPatches;
346 /** Array of patch pointers for this page. */
347 R3PTRTYPE(PPATCHINFO *) aPatch;
348} PATMPATCHPAGE, *PPATMPATCHPAGE;
349
350#define PATM_PATCHREC_FROM_COREOFFSET(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, CoreOffset))
351#define PATM_PATCHREC_FROM_PATCHINFO(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, patch))
352
353typedef struct PATMTREES
354{
355 /**
356 * AVL tree with all patches (active or disabled) sorted by guest instruction address
357 */
358 AVLOU32TREE PatchTree;
359
360 /**
361 * AVL tree with all patches sorted by patch address (offset actually)
362 */
363 AVLOU32TREE PatchTreeByPatchAddr;
364
365 /**
366 * AVL tree with all pages which were (partly) patched
367 */
368 AVLOU32TREE PatchTreeByPage;
369
370 uint32_t align[1];
371} PATMTREES, *PPATMTREES;
372
373/**
374 * PATM VM Instance data.
375 * Changes to this must checked against the padding of the patm union in VM!
376 */
377typedef struct PATM
378{
379 /** Offset to the VM structure.
380 * See PATM2VM(). */
381 RTINT offVM;
382
383 RCPTRTYPE(uint8_t *) pPatchMemGC;
384 R3PTRTYPE(uint8_t *) pPatchMemHC;
385 uint32_t cbPatchMem;
386 uint32_t offPatchMem;
387 bool fOutOfMemory;
388
389 int32_t deltaReloc;
390
391 /* GC PATM state pointers */
392 R3PTRTYPE(PPATMGCSTATE) pGCStateHC;
393 RCPTRTYPE(PPATMGCSTATE) pGCStateGC;
394
395 /** PATM stack page for call instruction execution. (2 parts: one for our private stack and one to store the original return address */
396 RCPTRTYPE(RTRCPTR *) pGCStackGC;
397 R3PTRTYPE(RTRCPTR *) pGCStackHC;
398
399 /** GC pointer to CPUMCTX structure. */
400 RCPTRTYPE(PCPUMCTX) pCPUMCtxGC;
401
402 /* GC statistics pointers */
403 RCPTRTYPE(PSTAMRATIOU32) pStatsGC;
404 R3PTRTYPE(PSTAMRATIOU32) pStatsHC;
405
406 /* Current free index value (uPatchRun/uPatchTrap arrays). */
407 uint32_t uCurrentPatchIdx;
408
409 /* Temporary counter for patch installation call depth. (in order not to go on forever) */
410 uint32_t ulCallDepth;
411
412 /** Number of page lookup records. */
413 uint32_t cPageRecords;
414
415 /**
416 * Lowest and highest patched GC instruction addresses. To optimize searches.
417 */
418 RTRCPTR pPatchedInstrGCLowest;
419 RTRCPTR pPatchedInstrGCHighest;
420
421 /** Pointer to the patch tree for instructions replaced by 'int 3'. */
422 RCPTRTYPE(PPATMTREES) PatchLookupTreeGC;
423 R3PTRTYPE(PPATMTREES) PatchLookupTreeHC;
424
425 /** Global PATM lookup and call function (used by call patches). */
426 RTRCPTR pfnHelperCallGC;
427 /** Global PATM return function (used by ret patches). */
428 RTRCPTR pfnHelperRetGC;
429 /** Global PATM jump function (used by indirect jmp patches). */
430 RTRCPTR pfnHelperJumpGC;
431 /** Global PATM return function (used by iret patches). */
432 RTRCPTR pfnHelperIretGC;
433
434 /** Fake patch record for global functions. */
435 R3PTRTYPE(PPATMPATCHREC) pGlobalPatchRec;
436
437 /** Pointer to original sysenter handler */
438 RTRCPTR pfnSysEnterGC;
439 /** Pointer to sysenter handler trampoline */
440 RTRCPTR pfnSysEnterPatchGC;
441 /** Sysenter patch index (for stats only) */
442 uint32_t uSysEnterPatchIdx;
443
444 // GC address of fault in monitored page (set by PATMGCMonitorPage, used by PATMR3HandleMonitoredPage)
445 RTRCPTR pvFaultMonitor;
446
447 /* Temporary information for pending MMIO patch. Set in GC or R0 context. */
448 struct
449 {
450 RTGCPHYS GCPhys;
451 RTRCPTR pCachedData;
452 RTRCPTR Alignment0; /**< Align the structure size on a 8-byte boundrary. */
453 } mmio;
454
455 /* Temporary storage during load/save state */
456 struct
457 {
458 R3PTRTYPE(PSSMHANDLE) pSSM;
459 uint32_t cPatches;
460#if HC_ARCH_BITS == 64
461 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundrary. */
462#endif
463 } savedstate;
464
465 STAMCOUNTER StatNrOpcodeRead;
466 STAMCOUNTER StatDisabled;
467 STAMCOUNTER StatUnusable;
468 STAMCOUNTER StatEnabled;
469 STAMCOUNTER StatInstalled;
470 STAMCOUNTER StatInstalledFunctionPatches;
471 STAMCOUNTER StatInstalledTrampoline;
472 STAMCOUNTER StatInstalledJump;
473 STAMCOUNTER StatInt3Callable;
474 STAMCOUNTER StatInt3BlockRun;
475 STAMCOUNTER StatOverwritten;
476 STAMCOUNTER StatFixedConflicts;
477 STAMCOUNTER StatFlushed;
478 STAMCOUNTER StatPageBoundaryCrossed;
479 STAMCOUNTER StatMonitored;
480 STAMPROFILEADV StatHandleTrap;
481 STAMCOUNTER StatSwitchBack;
482 STAMCOUNTER StatSwitchBackFail;
483 STAMCOUNTER StatPATMMemoryUsed;
484 STAMCOUNTER StatDuplicateREQSuccess;
485 STAMCOUNTER StatDuplicateREQFailed;
486 STAMCOUNTER StatDuplicateUseExisting;
487 STAMCOUNTER StatFunctionFound;
488 STAMCOUNTER StatFunctionNotFound;
489 STAMPROFILEADV StatPatchWrite;
490 STAMPROFILEADV StatPatchWriteDetect;
491 STAMCOUNTER StatDirty;
492 STAMCOUNTER StatPushTrap;
493 STAMCOUNTER StatPatchWriteInterpreted;
494 STAMCOUNTER StatPatchWriteInterpretedFailed;
495
496 STAMCOUNTER StatSysEnter;
497 STAMCOUNTER StatSysExit;
498 STAMCOUNTER StatEmulIret;
499 STAMCOUNTER StatEmulIretFailed;
500
501 STAMCOUNTER StatInstrDirty;
502 STAMCOUNTER StatInstrDirtyGood;
503 STAMCOUNTER StatInstrDirtyBad;
504
505 STAMCOUNTER StatPatchPageInserted;
506 STAMCOUNTER StatPatchPageRemoved;
507
508 STAMCOUNTER StatPatchRefreshSuccess;
509 STAMCOUNTER StatPatchRefreshFailed;
510
511 STAMCOUNTER StatGenRet;
512 STAMCOUNTER StatGenRetReused;
513 STAMCOUNTER StatGenJump;
514 STAMCOUNTER StatGenCall;
515 STAMCOUNTER StatGenPopf;
516
517 STAMCOUNTER StatCheckPendingIRQ;
518
519 STAMCOUNTER StatFunctionLookupReplace;
520 STAMCOUNTER StatFunctionLookupInsert;
521 uint32_t StatU32FunctionMaxSlotsUsed;
522 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundrary. */
523} PATM, *PPATM;
524
525
526/**
527 * Execute state save operation.
528 *
529 * @returns VBox status code.
530 * @param pVM VM Handle.
531 * @param pSSM SSM operation handle.
532 */
533DECLCALLBACK(int) patmr3Save(PVM pVM, PSSMHANDLE pSSM);
534
535DECLCALLBACK(int) patmVirtPageHandler(PVM pVM, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser);
536
537/**
538 * Execute state load operation.
539 *
540 * @returns VBox status code.
541 * @param pVM VM Handle.
542 * @param pSSM SSM operation handle.
543 * @param u32Version Data layout version.
544 */
545DECLCALLBACK(int) patmr3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t u32Version);
546
547#ifdef IN_RING3
548RTRCPTR patmPatchGCPtr2GuestGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t *) pPatchGC);
549RTRCPTR patmGuestGCPtrToPatchGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t*) pInstrGC);
550RTRCPTR patmGuestGCPtrToClosestPatchGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t*) pInstrGC);
551#endif
552
553/* Add a patch to guest lookup record
554 *
555 * @param pVM The VM to operate on.
556 * @param pPatch Patch structure ptr
557 * @param pPatchInstrHC Guest context pointer to patch block
558 * @param pInstrGC Guest context pointer to privileged instruction
559 * @param enmType Lookup type
560 * @param fDirty Dirty flag
561 *
562 */
563void patmr3AddP2GLookupRecord(PVM pVM, PPATCHINFO pPatch, uint8_t *pPatchInstrHC, RTRCPTR pInstrGC, PATM_LOOKUP_TYPE enmType, bool fDirty=false);
564
565/**
566 * Insert page records for all guest pages that contain instructions that were recompiled for this patch
567 *
568 * @returns VBox status code.
569 * @param pVM The VM to operate on.
570 * @param pPatch Patch record
571 */
572int patmInsertPatchPages(PVM pVM, PPATCHINFO pPatch);
573
574/**
575 * Remove page records for all guest pages that contain instructions that were recompiled for this patch
576 *
577 * @returns VBox status code.
578 * @param pVM The VM to operate on.
579 * @param pPatch Patch record
580 */
581int patmRemovePatchPages(PVM pVM, PPATCHINFO pPatch);
582
583/**
584 * Returns the GC address of the corresponding patch statistics counter
585 *
586 * @returns Stat address
587 * @param pVM The VM to operate on.
588 * @param pPatch Patch structure
589 */
590RTRCPTR patmPatchQueryStatAddress(PVM pVM, PPATCHINFO pPatch);
591
592/**
593 * Remove patch for privileged instruction at specified location
594 *
595 * @returns VBox status code.
596 * @param pVM The VM to operate on.
597 * @param pPatchRec Patch record
598 * @param fForceRemove Remove *all* patches
599 */
600int PATMRemovePatch(PVM pVM, PPATMPATCHREC pPatchRec, bool fForceRemove);
601
602/**
603 * Call for analysing the instructions following the privileged instr. for compliance with our heuristics
604 *
605 * @returns VBox status code.
606 * @param pVM The VM to operate on.
607 * @param pCpu CPU disassembly state
608 * @param pInstrHC Guest context pointer to privileged instruction
609 * @param pCurInstrHC Guest context pointer to current instruction
610 * @param pUserData User pointer
611 *
612 */
613typedef int (VBOXCALL *PFN_PATMR3ANALYSE)(PVM pVM, DISCPUSTATE *pCpu, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData);
614
615/**
616 * Install guest OS specific patch
617 *
618 * @returns VBox status code.
619 * @param pVM The VM to operate on
620 * @param pCpu Disassembly state of instruction.
621 * @param pInstrGC GC Instruction pointer for instruction
622 * @param pInstrHC GC Instruction pointer for instruction
623 * @param pPatchRec Patch structure
624 *
625 */
626int PATMInstallGuestSpecificPatch(PVM pVM, PDISCPUSTATE pCpu, RTRCPTR pInstrGC, uint8_t *pInstrHC, PPATMPATCHREC pPatchRec);
627
628/**
629 * Convert guest context address to host context pointer
630 *
631 * @returns VBox status code.
632 * @param pVM The VM to operate on.
633 * @param pPatch Patch block structure pointer
634 * @param pGCPtr Guest context pointer
635 *
636 * @returns Host context pointer or NULL in case of an error
637 *
638 */
639R3PTRTYPE(uint8_t *) PATMGCVirtToHCVirt(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t *) pGCPtr);
640
641
642/**
643 * Check if the instruction is patched as a duplicated function
644 *
645 * @returns patch record
646 * @param pVM The VM to operate on.
647 * @param pInstrGC Guest context point to the instruction
648 *
649 */
650VMMDECL(PPATMPATCHREC) PATMQueryFunctionPatch(PVM pVM, RTRCPTR pInstrGC);
651
652
653/**
654 * Empty the specified tree (PV tree, MMR3 heap)
655 *
656 * @param pVM The VM to operate on.
657 * @param ppTree Tree to empty
658 */
659void patmEmptyTree(PVM pVM, PPAVLPVNODECORE ppTree);
660
661
662/**
663 * Empty the specified tree (U32 tree, MMR3 heap)
664 *
665 * @param pVM The VM to operate on.
666 * @param ppTree Tree to empty
667 */
668void patmEmptyTreeU32(PVM pVM, PPAVLU32NODECORE ppTree);
669
670
671/**
672 * Return the name of the patched instruction
673 *
674 * @returns instruction name
675 *
676 * @param opcode DIS instruction opcode
677 * @param fPatchFlags Patch flags
678 */
679VMMDECL(const char *) patmGetInstructionString(uint32_t opcode, uint32_t fPatchFlags);
680
681
682/**
683 * Read callback for disassembly function; supports reading bytes that cross a page boundary
684 *
685 * @returns VBox status code.
686 * @param pSrc GC source pointer
687 * @param pDest HC destination pointer
688 * @param size Number of bytes to read
689 * @param pvUserdata Callback specific user data (pCpu)
690 *
691 */
692int patmReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata);
693
694
695#ifndef IN_RC
696
697#define PATMREAD_RAWCODE 1 /* read code as-is */
698#define PATMREAD_ORGCODE 2 /* read original guest opcode bytes; not the patched bytes */
699#define PATMREAD_NOCHECK 4 /* don't check for patch conflicts */
700
701/*
702 * Private structure used during disassembly
703 */
704typedef struct
705{
706 PVM pVM;
707 PPATCHINFO pPatchInfo;
708 R3PTRTYPE(uint8_t *) pInstrHC;
709 RTRCPTR pInstrGC;
710 uint32_t fReadFlags;
711} PATMDISASM, *PPATMDISASM;
712
713inline bool PATMR3DISInstr(PVM pVM, PPATCHINFO pPatch, DISCPUSTATE *pCpu, RTRCPTR InstrGC,
714 uint8_t *InstrHC, uint32_t *pOpsize, char *pszOutput,
715 uint32_t fReadFlags = PATMREAD_ORGCODE)
716{
717 PATMDISASM disinfo;
718 disinfo.pVM = pVM;
719 disinfo.pPatchInfo = pPatch;
720 disinfo.pInstrHC = InstrHC;
721 disinfo.pInstrGC = InstrGC;
722 disinfo.fReadFlags = fReadFlags;
723 (pCpu)->pfnReadBytes = patmReadBytes;
724 (pCpu)->apvUserData[0] = &disinfo;
725 return RT_SUCCESS(DISInstr(pCpu, InstrGC, 0, pOpsize, pszOutput));
726}
727#endif /* !IN_RC */
728
729RT_C_DECLS_BEGIN
730/**
731 * #PF Virtual Handler callback for Guest access a page monitored by PATM
732 *
733 * @returns VBox status code (appropritate for trap handling and GC return).
734 * @param pVM VM Handle.
735 * @param uErrorCode CPU Error code.
736 * @param pRegFrame Trap register frame.
737 * @param pvFault The fault address (cr2).
738 * @param pvRange The base address of the handled virtual range.
739 * @param offRange The offset of the access into this range.
740 * (If it's a EIP range this's the EIP, if not it's pvFault.)
741 */
742VMMRCDECL(int) PATMGCMonitorPage(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange);
743
744/**
745 * Find patch for privileged instruction at specified location
746 *
747 * @returns Patch structure pointer if found; else NULL
748 * @param pVM The VM to operate on.
749 * @param pInstr Guest context point to instruction that might lie within 5 bytes of an existing patch jump
750 * @param fIncludeHints Include hinted patches or not
751 *
752 */
753PPATCHINFO PATMFindActivePatchByEntrypoint(PVM pVM, RTRCPTR pInstrGC, bool fIncludeHints=false);
754
755/**
756 * Patch cli/sti pushf/popf instruction block at specified location
757 *
758 * @returns VBox status code.
759 * @param pVM The VM to operate on.
760 * @param pInstrGC Guest context point to privileged instruction
761 * @param pInstrHC Host context point to privileged instruction
762 * @param uOpcode Instruction opcodee
763 * @param uOpSize Size of starting instruction
764 * @param pPatchRec Patch record
765 *
766 * @note returns failure if patching is not allowed or possible
767 *
768 */
769VMMR3DECL(int) PATMR3PatchBlock(PVM pVM, RTRCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC,
770 uint32_t uOpcode, uint32_t uOpSize, PPATMPATCHREC pPatchRec);
771
772
773/**
774 * Replace an instruction with a breakpoint (0xCC), that is handled dynamically in the guest context.
775 *
776 * @returns VBox status code.
777 * @param pVM The VM to operate on.
778 * @param pInstrGC Guest context point to privileged instruction
779 * @param pInstrHC Host context point to privileged instruction
780 * @param pCpu Disassembly CPU structure ptr
781 * @param pPatch Patch record
782 *
783 * @note returns failure if patching is not allowed or possible
784 *
785 */
786VMMR3DECL(int) PATMR3PatchInstrInt3(PVM pVM, RTRCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC, DISCPUSTATE *pCpu, PPATCHINFO pPatch);
787
788/**
789 * Mark patch as dirty
790 *
791 * @returns VBox status code.
792 * @param pVM The VM to operate on.
793 * @param pPatch Patch record
794 *
795 * @note returns failure if patching is not allowed or possible
796 *
797 */
798VMMR3DECL(int) PATMR3MarkDirtyPatch(PVM pVM, PPATCHINFO pPatch);
799
800/**
801 * Calculate the branch destination
802 *
803 * @returns branch destination or 0 if failed
804 * @param pCpu Disassembly state of instruction.
805 * @param pBranchInstrGC GC pointer of branch instruction
806 */
807inline RTRCPTR PATMResolveBranch(PDISCPUSTATE pCpu, RTRCPTR pBranchInstrGC)
808{
809 uint32_t disp;
810 if (pCpu->param1.flags & USE_IMMEDIATE8_REL)
811 {
812 disp = (int32_t)(char)pCpu->param1.parval;
813 }
814 else
815 if (pCpu->param1.flags & USE_IMMEDIATE16_REL)
816 {
817 disp = (int32_t)(uint16_t)pCpu->param1.parval;
818 }
819 else
820 if (pCpu->param1.flags & USE_IMMEDIATE32_REL)
821 {
822 disp = (int32_t)pCpu->param1.parval;
823 }
824 else
825 {
826 Log(("We don't support far jumps here!! (%08X)\n", pCpu->param1.flags));
827 return 0;
828 }
829#ifdef IN_RC
830 return (RTRCPTR)((uint8_t *)pBranchInstrGC + pCpu->opsize + disp);
831#else
832 return pBranchInstrGC + pCpu->opsize + disp;
833#endif
834}
835
836RT_C_DECLS_END
837
838#ifdef LOG_ENABLED
839int patmr3DisasmCallback(PVM pVM, DISCPUSTATE *pCpu, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData);
840int patmr3DisasmCodeStream(PVM pVM, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Analyse, void *pUserData);
841#endif
842
843#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette