VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/TRPMAll.cpp@ 45276

Last change on this file since 45276 was 45276, checked in by vboxsync, 12 years ago

Ring-1 compression patches, courtesy of trivirt AG:

  • main: diff to remove the hwvirt requirement for QNX
  • rem: diff for dealing with raw ring 0/1 selectors and general changes to allowed guest execution states
  • vmm: changes for using the guest's TSS selector index as our hypervisor TSS selector (makes str safe) (VBOX_WITH_SAFE_STR )
  • vmm: changes for dealing with guest ring 1 code (VBOX_WITH_RAW_RING1)
  • vmm: change to emulate smsw in RC/R0 (QNX uses this old style instruction a lot so going to qemu for emulation is very expensive)
  • vmm: change (hack) to kick out patm virtual handlers in case they conflict with guest GDT/TSS write monitors; we should allow multiple handlers per page, but that change would be rather invasive
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 33.9 KB
Line 
1/* $Id: TRPMAll.cpp 45276 2013-04-02 08:17:11Z vboxsync $ */
2/** @file
3 * TRPM - Trap Monitor - Any Context.
4 */
5
6/*
7 * Copyright (C) 2006-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#define LOG_GROUP LOG_GROUP_TRPM
23#include <VBox/vmm/trpm.h>
24#include <VBox/vmm/pgm.h>
25#include <VBox/vmm/mm.h>
26#include <VBox/vmm/patm.h>
27#include <VBox/vmm/selm.h>
28#include <VBox/vmm/stam.h>
29#include <VBox/vmm/dbgf.h>
30#include "TRPMInternal.h"
31#include <VBox/vmm/vm.h>
32#include <VBox/err.h>
33#include <VBox/vmm/em.h>
34#include <VBox/log.h>
35#include <iprt/assert.h>
36#include <iprt/asm.h>
37#include <iprt/asm-amd64-x86.h>
38#include <iprt/param.h>
39#include <iprt/x86.h>
40#include "internal/pgm.h"
41
42
43
44/**
45 * Query info about the current active trap/interrupt.
46 * If no trap is active active an error code is returned.
47 *
48 * @returns VBox status code.
49 * @param pVCpu Pointer to the VMCPU.
50 * @param pu8TrapNo Where to store the trap number.
51 * @param pEnmType Where to store the trap type
52 */
53VMMDECL(int) TRPMQueryTrap(PVMCPU pVCpu, uint8_t *pu8TrapNo, TRPMEVENT *pEnmType)
54{
55 /*
56 * Check if we have a trap at present.
57 */
58 if (pVCpu->trpm.s.uActiveVector != ~0U)
59 {
60 if (pu8TrapNo)
61 *pu8TrapNo = (uint8_t)pVCpu->trpm.s.uActiveVector;
62 if (pEnmType)
63 *pEnmType = pVCpu->trpm.s.enmActiveType;
64 return VINF_SUCCESS;
65 }
66
67 return VERR_TRPM_NO_ACTIVE_TRAP;
68}
69
70
71/**
72 * Gets the trap number for the current trap.
73 *
74 * The caller is responsible for making sure there is an active trap which
75 * takes an error code when making this request.
76 *
77 * @returns The current trap number.
78 * @param pVCpu Pointer to the VMCPU.
79 */
80VMMDECL(uint8_t) TRPMGetTrapNo(PVMCPU pVCpu)
81{
82 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
83 return (uint8_t)pVCpu->trpm.s.uActiveVector;
84}
85
86
87/**
88 * Gets the error code for the current trap.
89 *
90 * The caller is responsible for making sure there is an active trap which
91 * takes an error code when making this request.
92 *
93 * @returns Error code.
94 * @param pVCpu Pointer to the VMCPU.
95 */
96VMMDECL(RTGCUINT) TRPMGetErrorCode(PVMCPU pVCpu)
97{
98 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
99#ifdef VBOX_STRICT
100 switch (pVCpu->trpm.s.uActiveVector)
101 {
102 case 0x0a:
103 case 0x0b:
104 case 0x0c:
105 case 0x0d:
106 case 0x0e:
107 case 0x11:
108 case 0x08:
109 break;
110 default:
111 AssertMsgFailed(("This trap (%#x) doesn't have any error code\n", pVCpu->trpm.s.uActiveVector));
112 break;
113 }
114#endif
115 return pVCpu->trpm.s.uActiveErrorCode;
116}
117
118
119/**
120 * Gets the fault address for the current trap.
121 *
122 * The caller is responsible for making sure there is an active trap 0x0e when
123 * making this request.
124 *
125 * @returns Fault address associated with the trap.
126 * @param pVCpu Pointer to the VMCPU.
127 */
128VMMDECL(RTGCUINTPTR) TRPMGetFaultAddress(PVMCPU pVCpu)
129{
130 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
131 AssertMsg(pVCpu->trpm.s.uActiveVector == 0xe, ("Not trap 0e!\n"));
132 return pVCpu->trpm.s.uActiveCR2;
133}
134
135
136/**
137 * Clears the current active trap/exception/interrupt.
138 *
139 * The caller is responsible for making sure there is an active trap
140 * when making this request.
141 *
142 * @returns VBox status code.
143 * @param pVCpu Pointer to the VMCPU.
144 */
145VMMDECL(int) TRPMResetTrap(PVMCPU pVCpu)
146{
147 /*
148 * Cannot reset non-existing trap!
149 */
150 if (pVCpu->trpm.s.uActiveVector == ~0U)
151 {
152 AssertMsgFailed(("No active trap!\n"));
153 return VERR_TRPM_NO_ACTIVE_TRAP;
154 }
155
156 /*
157 * Reset it.
158 */
159 pVCpu->trpm.s.uActiveVector = ~0U;
160 return VINF_SUCCESS;
161}
162
163
164/**
165 * Assert trap/exception/interrupt.
166 *
167 * The caller is responsible for making sure there is no active trap
168 * when making this request.
169 *
170 * @returns VBox status code.
171 * @param pVCpu Pointer to the VMCPU.
172 * @param u8TrapNo The trap vector to assert.
173 * @param enmType Trap type.
174 */
175VMMDECL(int) TRPMAssertTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType)
176{
177 Log2(("TRPMAssertTrap: u8TrapNo=%02x type=%d\n", u8TrapNo, enmType));
178
179 /*
180 * Cannot assert a trap when one is already active.
181 */
182 if (pVCpu->trpm.s.uActiveVector != ~0U)
183 {
184 AssertMsgFailed(("CPU%d: Active trap %#x\n", pVCpu->idCpu, pVCpu->trpm.s.uActiveVector));
185 return VERR_TRPM_ACTIVE_TRAP;
186 }
187
188 pVCpu->trpm.s.uActiveVector = u8TrapNo;
189 pVCpu->trpm.s.enmActiveType = enmType;
190 pVCpu->trpm.s.uActiveErrorCode = ~(RTGCUINT)0;
191 pVCpu->trpm.s.uActiveCR2 = 0xdeadface;
192 return VINF_SUCCESS;
193}
194
195
196/**
197 * Sets the error code of the current trap.
198 * (This function is for use in trap handlers and such.)
199 *
200 * The caller is responsible for making sure there is an active trap
201 * which takes an errorcode when making this request.
202 *
203 * @param pVCpu Pointer to the VMCPU.
204 * @param uErrorCode The new error code.
205 */
206VMMDECL(void) TRPMSetErrorCode(PVMCPU pVCpu, RTGCUINT uErrorCode)
207{
208 Log2(("TRPMSetErrorCode: uErrorCode=%RGv\n", uErrorCode)); /** @todo RTGCUINT mess! */
209 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
210 pVCpu->trpm.s.uActiveErrorCode = uErrorCode;
211#ifdef VBOX_STRICT
212 switch (pVCpu->trpm.s.uActiveVector)
213 {
214 case 0x0a: case 0x0b: case 0x0c: case 0x0d: case 0x0e:
215 AssertMsg(uErrorCode != ~(RTGCUINT)0, ("Invalid uErrorCode=%#x u8TrapNo=%d\n", uErrorCode, pVCpu->trpm.s.uActiveVector));
216 break;
217 case 0x11: case 0x08:
218 AssertMsg(uErrorCode == 0, ("Invalid uErrorCode=%#x u8TrapNo=%d\n", uErrorCode, pVCpu->trpm.s.uActiveVector));
219 break;
220 default:
221 AssertMsg(uErrorCode == ~(RTGCUINT)0, ("Invalid uErrorCode=%#x u8TrapNo=%d\n", uErrorCode, pVCpu->trpm.s.uActiveVector));
222 break;
223 }
224#endif
225}
226
227
228/**
229 * Sets the error code of the current trap.
230 * (This function is for use in trap handlers and such.)
231 *
232 * The caller is responsible for making sure there is an active trap 0e
233 * when making this request.
234 *
235 * @param pVCpu Pointer to the VMCPU.
236 * @param uCR2 The new fault address (cr2 register).
237 */
238VMMDECL(void) TRPMSetFaultAddress(PVMCPU pVCpu, RTGCUINTPTR uCR2)
239{
240 Log2(("TRPMSetFaultAddress: uCR2=%RGv\n", uCR2));
241 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
242 AssertMsg(pVCpu->trpm.s.uActiveVector == 0xe, ("Not trap 0e!\n"));
243 pVCpu->trpm.s.uActiveCR2 = uCR2;
244}
245
246
247/**
248 * Checks if the current active trap/interrupt/exception/fault/whatever is a software
249 * interrupt or not.
250 *
251 * The caller is responsible for making sure there is an active trap
252 * when making this request.
253 *
254 * @returns true if software interrupt, false if not.
255 *
256 * @param pVCpu Pointer to the VMCPU.
257 */
258VMMDECL(bool) TRPMIsSoftwareInterrupt(PVMCPU pVCpu)
259{
260 AssertMsg(pVCpu->trpm.s.uActiveVector != ~0U, ("No active trap!\n"));
261 return (pVCpu->trpm.s.enmActiveType == TRPM_SOFTWARE_INT);
262}
263
264
265/**
266 * Check if there is an active trap.
267 *
268 * @returns true if trap active, false if not.
269 * @param pVCpu Pointer to the VMCPU.
270 */
271VMMDECL(bool) TRPMHasTrap(PVMCPU pVCpu)
272{
273 return pVCpu->trpm.s.uActiveVector != ~0U;
274}
275
276
277/**
278 * Query all info about the current active trap/interrupt.
279 * If no trap is active active an error code is returned.
280 *
281 * @returns VBox status code.
282 * @param pVCpu Pointer to the VMCPU.
283 * @param pu8TrapNo Where to store the trap number.
284 * @param pEnmType Where to store the trap type
285 * @param puErrorCode Where to store the error code associated with some traps.
286 * ~0U is stored if the trap has no error code.
287 * @param puCR2 Where to store the CR2 associated with a trap 0E.
288 */
289VMMDECL(int) TRPMQueryTrapAll(PVMCPU pVCpu, uint8_t *pu8TrapNo, TRPMEVENT *pEnmType, PRTGCUINT puErrorCode, PRTGCUINTPTR puCR2)
290{
291 /*
292 * Check if we have a trap at present.
293 */
294 if (pVCpu->trpm.s.uActiveVector == ~0U)
295 return VERR_TRPM_NO_ACTIVE_TRAP;
296
297 if (pu8TrapNo)
298 *pu8TrapNo = (uint8_t)pVCpu->trpm.s.uActiveVector;
299 if (pEnmType)
300 *pEnmType = pVCpu->trpm.s.enmActiveType;
301 if (puErrorCode)
302 *puErrorCode = pVCpu->trpm.s.uActiveErrorCode;
303 if (puCR2)
304 *puCR2 = pVCpu->trpm.s.uActiveCR2;
305
306 return VINF_SUCCESS;
307}
308
309
310/**
311 * Save the active trap.
312 *
313 * This routine useful when doing try/catch in the hypervisor.
314 * Any function which uses temporary trap handlers should
315 * probably also use this facility to save the original trap.
316 *
317 * @param pVM Pointer to the VM.
318 */
319VMMDECL(void) TRPMSaveTrap(PVMCPU pVCpu)
320{
321 pVCpu->trpm.s.uSavedVector = pVCpu->trpm.s.uActiveVector;
322 pVCpu->trpm.s.enmSavedType = pVCpu->trpm.s.enmActiveType;
323 pVCpu->trpm.s.uSavedErrorCode = pVCpu->trpm.s.uActiveErrorCode;
324 pVCpu->trpm.s.uSavedCR2 = pVCpu->trpm.s.uActiveCR2;
325}
326
327
328/**
329 * Restore a saved trap.
330 *
331 * Multiple restores of a saved trap is possible.
332 *
333 * @param pVM Pointer to the VM.
334 */
335VMMDECL(void) TRPMRestoreTrap(PVMCPU pVCpu)
336{
337 pVCpu->trpm.s.uActiveVector = pVCpu->trpm.s.uSavedVector;
338 pVCpu->trpm.s.enmActiveType = pVCpu->trpm.s.enmSavedType;
339 pVCpu->trpm.s.uActiveErrorCode = pVCpu->trpm.s.uSavedErrorCode;
340 pVCpu->trpm.s.uActiveCR2 = pVCpu->trpm.s.uSavedCR2;
341}
342
343
344#ifdef VBOX_WITH_RAW_MODE_NOT_R0
345/**
346 * Forward trap or interrupt to the guest's handler
347 *
348 *
349 * @returns VBox status code.
350 * or does not return at all (when the trap is actually forwarded)
351 *
352 * @param pVM Pointer to the VM.
353 * @param pRegFrame Pointer to the register frame for the trap.
354 * @param iGate Trap or interrupt gate number
355 * @param cbInstr Instruction size (only relevant for software interrupts)
356 * @param enmError TRPM_TRAP_HAS_ERRORCODE or TRPM_TRAP_NO_ERRORCODE.
357 * @param enmType TRPM event type
358 * @param iOrgTrap The original trap.
359 * @internal
360 */
361VMMDECL(int) TRPMForwardTrap(PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t iGate, uint32_t cbInstr,
362 TRPMERRORCODE enmError, TRPMEVENT enmType, int32_t iOrgTrap)
363{
364#ifdef TRPM_FORWARD_TRAPS_IN_GC
365 PVM pVM = pVCpu->CTX_SUFF(pVM);
366 X86EFLAGS eflags;
367 Assert(pVM->cCpus == 1);
368
369 STAM_PROFILE_ADV_START(&pVM->trpm.s.CTX_SUFF_Z(StatForwardProf), a);
370
371# if defined(VBOX_STRICT) || defined(LOG_ENABLED)
372 if (pRegFrame->eflags.Bits.u1VM)
373 Log(("TRPMForwardTrap-VM: eip=%04X:%04X iGate=%d\n", pRegFrame->cs.Sel, pRegFrame->eip, iGate));
374 else
375 Log(("TRPMForwardTrap: eip=%04X:%08X iGate=%d\n", pRegFrame->cs.Sel, pRegFrame->eip, iGate));
376
377 switch (iGate) {
378 case X86_XCPT_PF:
379 if (pRegFrame->eip == pVCpu->trpm.s.uActiveCR2)
380 {
381 RTGCPTR pCallerGC;
382# ifdef IN_RC
383 int rc = MMGCRamRead(pVM, &pCallerGC, (void *)pRegFrame->esp, sizeof(pCallerGC));
384# else
385 int rc = PGMPhysSimpleReadGCPtr(pVCpu, &pCallerGC, (RTGCPTR)pRegFrame->esp, sizeof(pCallerGC));
386# endif
387 if (RT_SUCCESS(rc))
388 Log(("TRPMForwardTrap: caller=%RGv\n", pCallerGC));
389 }
390 /* no break */
391 case X86_XCPT_DF:
392 case X86_XCPT_TS:
393 case X86_XCPT_NP:
394 case X86_XCPT_SS:
395 case X86_XCPT_GP:
396 case X86_XCPT_AC:
397 Assert(enmError == TRPM_TRAP_HAS_ERRORCODE || enmType == TRPM_SOFTWARE_INT);
398 break;
399
400 default:
401 Assert(enmError == TRPM_TRAP_NO_ERRORCODE);
402 break;
403 }
404# endif /* VBOX_STRICT || LOG_ENABLED */
405#ifdef IN_RC
406 AssertReturn(CPUMIsGuestInRawMode(pVCpu), VINF_EM_RESCHEDULE);
407#endif
408
409 /* Retrieve the eflags including the virtualized bits. */
410 /* Note: hackish as the cpumctxcore structure doesn't contain the right value */
411 eflags.u32 = CPUMRawGetEFlags(pVCpu);
412
413 /* VMCPU_FF_INHIBIT_INTERRUPTS should be cleared upfront or don't call this function at all for dispatching hardware interrupts. */
414 Assert(enmType != TRPM_HARDWARE_INT || !VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
415
416 /*
417 * If it's a real guest trap and the guest's page fault handler is marked as safe for GC execution, then we call it directly.
418 * Well, only if the IF flag is set.
419 */
420 /** @todo if the trap handler was modified and marked invalid, then we should *now* go back to the host context and install a new patch. */
421 if ( pVM->trpm.s.aGuestTrapHandler[iGate]
422 && (eflags.Bits.u1IF)
423#ifndef VBOX_RAW_V86
424 && !(eflags.Bits.u1VM) /** @todo implement when needed (illegal for same privilege level transfers). */
425#endif
426 && !PATMIsPatchGCAddr(pVM, pRegFrame->eip)
427 )
428 {
429 uint16_t cbIDT;
430 RTGCPTR GCPtrIDT = (RTGCPTR)CPUMGetGuestIDTR(pVCpu, &cbIDT);
431 uint32_t cpl;
432 VBOXIDTE GuestIdte;
433 RTGCPTR pIDTEntry;
434 int rc;
435
436 Assert(PATMAreInterruptsEnabledByCtxCore(pVM, pRegFrame));
437 Assert(!VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT | VMCPU_FF_TRPM_SYNC_IDT | VMCPU_FF_SELM_SYNC_TSS));
438
439 if (GCPtrIDT && iGate * sizeof(VBOXIDTE) >= cbIDT)
440 goto failure;
441
442 /* Get the current privilege level. */
443 cpl = CPUMGetGuestCPL(pVCpu);
444
445 /*
446 * BIG TODO: The checks are not complete. see trap and interrupt dispatching section in Intel docs for details
447 * All very obscure, but still necessary.
448 * Currently only some CS & TSS selector checks are missing.
449 *
450 */
451 pIDTEntry = (RTGCPTR)((RTGCUINTPTR)GCPtrIDT + sizeof(VBOXIDTE) * iGate);
452#ifdef IN_RC
453 rc = MMGCRamRead(pVM, &GuestIdte, (void *)(uintptr_t)pIDTEntry, sizeof(GuestIdte));
454#else
455 rc = PGMPhysSimpleReadGCPtr(pVCpu, &GuestIdte, pIDTEntry, sizeof(GuestIdte));
456#endif
457 if (RT_FAILURE(rc))
458 {
459 /* The page might be out of sync. */ /** @todo might cross a page boundary) */
460 Log(("Page %RGv out of sync -> prefetch and try again\n", pIDTEntry));
461 rc = PGMPrefetchPage(pVCpu, pIDTEntry); /** @todo r=bird: rainy day: this isn't entirely safe because of access bit virtualiziation and CSAM. */
462 if (rc != VINF_SUCCESS)
463 {
464 Log(("TRPMForwardTrap: PGMPrefetchPage failed with rc=%Rrc\n", rc));
465 goto failure;
466 }
467#ifdef IN_RC
468 rc = MMGCRamRead(pVM, &GuestIdte, (void *)(uintptr_t)pIDTEntry, sizeof(GuestIdte));
469#else
470 rc = PGMPhysSimpleReadGCPtr(pVCpu, &GuestIdte, pIDTEntry, sizeof(GuestIdte));
471#endif
472 }
473 if ( RT_SUCCESS(rc)
474 && GuestIdte.Gen.u1Present
475 && (GuestIdte.Gen.u5Type2 == VBOX_IDTE_TYPE2_TRAP_32 || GuestIdte.Gen.u5Type2 == VBOX_IDTE_TYPE2_INT_32)
476 && (GuestIdte.Gen.u2DPL == 3 || GuestIdte.Gen.u2DPL == 0)
477 && (GuestIdte.Gen.u16SegSel & 0xfffc) /* must not be zero */
478 && (enmType == TRPM_TRAP || enmType == TRPM_HARDWARE_INT || cpl <= GuestIdte.Gen.u2DPL) /* CPL <= DPL if software int */
479 )
480 {
481 RTGCPTR pHandler, dummy;
482 RTGCPTR pTrapStackGC;
483
484 pHandler = (RTGCPTR)VBOXIDTE_OFFSET(GuestIdte);
485
486 /* Note: SELMValidateAndConvertCSAddr checks for code type, memory type, selector validity. */
487 /** @todo dpl <= cpl else GPF */
488
489 /* Note: don't use current eflags as we might be in V86 mode and the IDT always contains protected mode selectors */
490 X86EFLAGS fakeflags;
491 fakeflags.u32 = 0;
492
493 rc = SELMValidateAndConvertCSAddr(pVCpu, fakeflags, 0, GuestIdte.Gen.u16SegSel, NULL, pHandler, &dummy);
494 if (rc == VINF_SUCCESS)
495 {
496 VBOXGDTR gdtr = {0, 0};
497 bool fConforming = false;
498 int idx = 0;
499 uint32_t dpl;
500 uint32_t ss_r0;
501 uint32_t esp_r0;
502 X86DESC Desc;
503 RTGCPTR pGdtEntry;
504
505 CPUMGetGuestGDTR(pVCpu, &gdtr);
506 Assert(gdtr.pGdt && gdtr.cbGdt > GuestIdte.Gen.u16SegSel);
507
508 if (!gdtr.pGdt)
509 goto failure;
510
511 pGdtEntry = gdtr.pGdt + (GuestIdte.Gen.u16SegSel >> X86_SEL_SHIFT) * sizeof(X86DESC);
512#ifdef IN_RC
513 rc = MMGCRamRead(pVM, &Desc, (void *)(uintptr_t)pGdtEntry, sizeof(Desc));
514#else
515 rc = PGMPhysSimpleReadGCPtr(pVCpu, &Desc, pGdtEntry, sizeof(Desc));
516#endif
517 if (RT_FAILURE(rc))
518 {
519 /* The page might be out of sync. */ /** @todo might cross a page boundary) */
520 Log(("Page %RGv out of sync -> prefetch and try again\n", pGdtEntry));
521 rc = PGMPrefetchPage(pVCpu, pGdtEntry); /** @todo r=bird: rainy day: this isn't entirely safe because of access bit virtualiziation and CSAM. */
522 if (rc != VINF_SUCCESS)
523 {
524 Log(("PGMPrefetchPage failed with rc=%Rrc\n", rc));
525 goto failure;
526 }
527#ifdef IN_RC
528 rc = MMGCRamRead(pVM, &Desc, (void *)(uintptr_t)pGdtEntry, sizeof(Desc));
529#else
530 rc = PGMPhysSimpleReadGCPtr(pVCpu, &Desc, pGdtEntry, sizeof(Desc));
531#endif
532 if (RT_FAILURE(rc))
533 {
534 Log(("MMGCRamRead failed with %Rrc\n", rc));
535 goto failure;
536 }
537 }
538
539 if (Desc.Gen.u4Type & X86_SEL_TYPE_CONF)
540 {
541 Log(("Conforming code selector\n"));
542 fConforming = true;
543 }
544 /** @todo check descriptor type!! */
545
546 dpl = Desc.Gen.u2Dpl;
547
548 if (!fConforming && dpl < cpl) /* to inner privilege level */
549 {
550 rc = SELMGetRing1Stack(pVM, &ss_r0, &esp_r0);
551 if (RT_FAILURE(rc))
552 goto failure;
553
554 Assert((ss_r0 & X86_SEL_RPL) == 1);
555
556 if ( !esp_r0
557 || !ss_r0
558 || (ss_r0 & X86_SEL_RPL) != ((dpl == 0) ? 1 : dpl)
559 || SELMToFlatBySelEx(pVCpu, fakeflags, ss_r0, (RTGCPTR)esp_r0, SELMTOFLAT_FLAGS_CPL1,
560 (PRTGCPTR)&pTrapStackGC, NULL) != VINF_SUCCESS
561 )
562 {
563 Log(("Invalid ring 0 stack %04X:%08RX32\n", ss_r0, esp_r0));
564 goto failure;
565 }
566 }
567 else
568 if (fConforming || dpl == cpl) /* to the same privilege level */
569 {
570 ss_r0 = pRegFrame->ss.Sel;
571 esp_r0 = pRegFrame->esp;
572
573 if ( eflags.Bits.u1VM /* illegal */
574 || SELMToFlatBySelEx(pVCpu, fakeflags, ss_r0, (RTGCPTR)esp_r0, SELMTOFLAT_FLAGS_CPL1,
575 (PRTGCPTR)&pTrapStackGC, NULL) != VINF_SUCCESS)
576 {
577 AssertMsgFailed(("Invalid stack %04X:%08RX32??? (VM=%d)\n", ss_r0, esp_r0, eflags.Bits.u1VM));
578 goto failure;
579 }
580 }
581 else
582 {
583 Log(("Invalid cpl-dpl combo %d vs %d\n", cpl, dpl));
584 goto failure;
585 }
586 /*
587 * Build trap stack frame on guest handler's stack
588 */
589 uint32_t *pTrapStack;
590#ifdef IN_RC
591 Assert(eflags.Bits.u1VM || (pRegFrame->ss.Sel & X86_SEL_RPL) != 0);
592 /* Check maximum amount we need (10 when executing in V86 mode) */
593 rc = PGMVerifyAccess(pVCpu, (RTGCUINTPTR)pTrapStackGC - 10*sizeof(uint32_t), 10 * sizeof(uint32_t), X86_PTE_RW);
594 pTrapStack = (uint32_t *)(uintptr_t)pTrapStackGC;
595#else
596 Assert(eflags.Bits.u1VM || (pRegFrame->ss.Sel & X86_SEL_RPL) == 0 || (pRegFrame->ss.Sel & X86_SEL_RPL) == 3 || (EMIsRawRing1Enabled(pVM) && (pRegFrame->ss.Sel & X86_SEL_RPL) == 1));
597 /* Check maximum amount we need (10 when executing in V86 mode) */
598 if ((pTrapStackGC >> PAGE_SHIFT) != ((pTrapStackGC - 10*sizeof(uint32_t)) >> PAGE_SHIFT)) /* fail if we cross a page boundary */
599 goto failure;
600 PGMPAGEMAPLOCK PageMappingLock;
601 rc = PGMPhysGCPtr2CCPtr(pVCpu, pTrapStackGC, (void **)&pTrapStack, &PageMappingLock);
602 if (RT_FAILURE(rc))
603 {
604 AssertRC(rc);
605 goto failure;
606 }
607#endif
608 if (rc == VINF_SUCCESS)
609 {
610 /** if eflags.Bits.u1VM then push gs, fs, ds, es */
611 if (eflags.Bits.u1VM)
612 {
613 Log(("TRAP%02X: (VM) Handler %04X:%RGv Stack %04X:%08X RPL=%d CR2=%08X\n", iGate, GuestIdte.Gen.u16SegSel, pHandler, ss_r0, esp_r0, (pRegFrame->ss.Sel & X86_SEL_RPL), pVCpu->trpm.s.uActiveCR2));
614 pTrapStack[--idx] = pRegFrame->gs.Sel;
615 pTrapStack[--idx] = pRegFrame->fs.Sel;
616 pTrapStack[--idx] = pRegFrame->ds.Sel;
617 pTrapStack[--idx] = pRegFrame->es.Sel;
618
619 /* clear ds, es, fs & gs in current context */
620 pRegFrame->ds.Sel = pRegFrame->es.Sel = pRegFrame->fs.Sel = pRegFrame->gs.Sel = 0;
621 }
622 else
623 Log(("TRAP%02X: Handler %04X:%RGv Stack %04X:%08X RPL=%d CR2=%08X\n", iGate, GuestIdte.Gen.u16SegSel, pHandler, ss_r0, esp_r0, (pRegFrame->ss.Sel & X86_SEL_RPL), pVCpu->trpm.s.uActiveCR2));
624
625 if (!fConforming && dpl < cpl)
626 {
627#ifdef IN_RC /* Only in GC mode we still see tracing of our ring modifications */
628 if ( (pRegFrame->ss.Sel & X86_SEL_RPL) == 1
629 && !eflags.Bits.u1VM)
630 pTrapStack[--idx] = pRegFrame->ss.Sel & ~1; /* Mask away traces of raw ring 0 execution (ring 1). */
631# ifdef VBOX_WITH_RAW_RING1
632 else
633 if ( EMIsRawRing1Enabled(pVM)
634 && (pRegFrame->ss.Sel & X86_SEL_RPL) == 2)
635 pTrapStack[--idx] = (pRegFrame->ss.Sel & ~2) | 1; /* Mask away traces of raw ring 1 execution (ring 2). */
636# endif
637 else
638#endif /* IN_RC */
639 pTrapStack[--idx] = pRegFrame->ss.Sel;
640
641 pTrapStack[--idx] = pRegFrame->esp;
642 }
643
644 /* Note: We use the eflags copy, that includes the virtualized bits! */
645 /* Note: Not really necessary as we grab include those bits in the trap/irq handler trampoline */
646 pTrapStack[--idx] = eflags.u32;
647#ifdef IN_RC /* Only in GC mode we still see tracing of our ring modifications */
648 if ( (pRegFrame->cs.Sel & X86_SEL_RPL) == 1
649 && !eflags.Bits.u1VM)
650 pTrapStack[--idx] = pRegFrame->cs.Sel & ~1; /* Mask away traces of raw ring execution (ring 1). */
651# ifdef VBOX_WITH_RAW_RING1
652 else
653 if ( EMIsRawRing1Enabled(pVM)
654 && (pRegFrame->cs.Sel & X86_SEL_RPL) == 2)
655 pTrapStack[--idx] = (pRegFrame->cs.Sel & ~2) | 1; /* Mask away traces of raw ring 1 execution (ring 2). */
656# endif
657 else
658#endif /* IN_RC */
659 pTrapStack[--idx] = pRegFrame->cs.Sel;
660
661 if (enmType == TRPM_SOFTWARE_INT)
662 {
663 Assert(cbInstr);
664 pTrapStack[--idx] = pRegFrame->eip + cbInstr; /* return address = next instruction */
665 }
666 else
667 pTrapStack[--idx] = pRegFrame->eip;
668
669 if (enmError == TRPM_TRAP_HAS_ERRORCODE)
670 {
671 pTrapStack[--idx] = pVCpu->trpm.s.uActiveErrorCode;
672 }
673
674 Assert(esp_r0 > -idx*sizeof(uint32_t));
675 /* Adjust ESP accordingly */
676 esp_r0 += idx*sizeof(uint32_t);
677
678 /* Mask away dangerous flags for the trap/interrupt handler. */
679 eflags.u32 &= ~(X86_EFL_TF | X86_EFL_VM | X86_EFL_RF | X86_EFL_NT);
680#ifdef DEBUG
681 if (DBGFIsStepping(pVCpu))
682 eflags.u32 |= X86_EFL_TF;
683#endif
684
685 /* Turn off interrupts for interrupt gates. */
686 if (GuestIdte.Gen.u5Type2 == VBOX_IDTE_TYPE2_INT_32)
687 eflags.Bits.u1IF = 0;
688
689 CPUMRawSetEFlags(pVCpu, eflags.u32);
690
691#ifdef DEBUG
692 for (int j = idx; j < 0; j++)
693 LogFlow(("Stack %RRv pos %02d: %08x\n", &pTrapStack[j], j, pTrapStack[j]));
694
695 Log4(("eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x\n"
696 "eip=%08x esp=%08x ebp=%08x iopl=%d\n"
697 "cs=%04x ds=%04x es=%04x fs=%04x gs=%04x eflags=%08x\n",
698 pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx, pRegFrame->esi, pRegFrame->edi,
699 pRegFrame->eip, pRegFrame->esp, pRegFrame->ebp, eflags.Bits.u2IOPL,
700 pRegFrame->cs.Sel, pRegFrame->ds.Sel, pRegFrame->es.Sel,
701 pRegFrame->fs.Sel, pRegFrame->gs.Sel, eflags.u32));
702#endif
703
704 Log(("TRPM: PATM Handler %RRv Adjusted stack %08X new EFLAGS=%08X/%08x idx=%d dpl=%d cpl=%d\n",
705 pVM->trpm.s.aGuestTrapHandler[iGate], esp_r0, eflags.u32, CPUMRawGetEFlags(pVCpu), idx, dpl, cpl));
706
707 /* Make sure the internal guest context structure is up-to-date. */
708 if (iGate == X86_XCPT_PF)
709 CPUMSetGuestCR2(pVCpu, pVCpu->trpm.s.uActiveCR2);
710
711#ifdef IN_RC
712 /* paranoia */
713 Assert(pRegFrame->eflags.Bits.u1IF == 1);
714 eflags.Bits.u1IF = 1;
715 Assert(pRegFrame->eflags.Bits.u2IOPL == 0);
716 eflags.Bits.u2IOPL = 0;
717
718 Assert(eflags.Bits.u1IF);
719 Assert(eflags.Bits.u2IOPL == 0);
720 STAM_COUNTER_INC(&pVM->trpm.s.CTX_SUFF(paStatForwardedIRQ)[iGate]);
721 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.CTX_SUFF_Z(StatForwardProf), a);
722 if (iOrgTrap >= 0 && iOrgTrap < (int)RT_ELEMENTS(pVM->trpm.s.aStatGCTraps))
723 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[iOrgTrap], o);
724
725 PGMRZDynMapReleaseAutoSet(pVCpu);
726 CPUMGCCallGuestTrapHandler(pRegFrame, GuestIdte.Gen.u16SegSel | 1, pVM->trpm.s.aGuestTrapHandler[iGate],
727 eflags.u32, ss_r0, (RTRCPTR)esp_r0);
728 /* does not return */
729#else
730
731 Assert(!CPUMIsGuestInRawMode(pVCpu));
732 pRegFrame->eflags.u32 = eflags.u32;
733 pRegFrame->eip = pVM->trpm.s.aGuestTrapHandler[iGate];
734 pRegFrame->cs.Sel = GuestIdte.Gen.u16SegSel;
735 pRegFrame->esp = esp_r0;
736 pRegFrame->ss.Sel = ss_r0 & ~X86_SEL_RPL; /* set rpl to ring 0 */
737 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.CTX_SUFF_Z(StatForwardProf), a);
738 PGMPhysReleasePageMappingLock(pVM, &PageMappingLock);
739 NOREF(iOrgTrap);
740 return VINF_SUCCESS;
741#endif
742 }
743 else
744 Log(("TRAP%02X: PGMVerifyAccess %RGv failed with %Rrc -> forward to REM\n", iGate, pTrapStackGC, rc));
745 }
746 else
747 Log(("SELMValidateAndConvertCSAddr failed with %Rrc\n", rc));
748 }
749 else
750 Log(("MMRamRead %RGv size %d failed with %Rrc\n", (RTGCUINTPTR)GCPtrIDT + sizeof(VBOXIDTE) * iGate, sizeof(GuestIdte), rc));
751 }
752 else
753 {
754 Log(("Refused to forward trap: eflags=%08x IF=%d\n", eflags.u32, eflags.Bits.u1IF));
755#ifdef VBOX_WITH_STATISTICS
756 if (pVM->trpm.s.aGuestTrapHandler[iGate] == TRPM_INVALID_HANDLER)
757 STAM_COUNTER_INC(&pVM->trpm.s.StatForwardFailNoHandler);
758 else if (PATMIsPatchGCAddr(pVM, pRegFrame->eip))
759 STAM_COUNTER_INC(&pVM->trpm.s.StatForwardFailPatchAddr);
760#endif
761 }
762failure:
763 STAM_COUNTER_INC(&pVM->trpm.s.CTX_SUFF_Z(StatForwardFail));
764 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.CTX_SUFF_Z(StatForwardProf), a);
765
766 Log(("TRAP%02X: forwarding to REM (ss rpl=%d eflags=%08X VMIF=%d handler=%08X\n", iGate, pRegFrame->ss.Sel & X86_SEL_RPL, pRegFrame->eflags.u32, PATMAreInterruptsEnabledByCtxCore(pVM, pRegFrame), pVM->trpm.s.aGuestTrapHandler[iGate]));
767#endif
768 return VINF_EM_RAW_GUEST_TRAP;
769}
770#endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
771
772
773/**
774 * Raises a cpu exception which doesn't take an error code.
775 *
776 * This function may or may not dispatch the exception before returning.
777 *
778 * @returns VBox status code fit for scheduling.
779 * @retval VINF_EM_RAW_GUEST_TRAP if the exception was left pending.
780 * @retval VINF_TRPM_XCPT_DISPATCHED if the exception was raised and dispatched for raw-mode execution.
781 * @retval VINF_EM_RESCHEDULE_REM if the exception was dispatched and cannot be executed in raw-mode.
782 *
783 * @param pVM Pointer to the VM.
784 * @param pCtxCore The CPU context core.
785 * @param enmXcpt The exception.
786 */
787VMMDECL(int) TRPMRaiseXcpt(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, X86XCPT enmXcpt)
788{
789 LogFlow(("TRPMRaiseXcptErr: cs:eip=%RTsel:%RX32 enmXcpt=%#x\n", pCtxCore->cs.Sel, pCtxCore->eip, enmXcpt));
790/** @todo dispatch the trap. */
791 pVCpu->trpm.s.uActiveVector = enmXcpt;
792 pVCpu->trpm.s.enmActiveType = TRPM_TRAP;
793 pVCpu->trpm.s.uActiveErrorCode = 0xdeadbeef;
794 pVCpu->trpm.s.uActiveCR2 = 0xdeadface;
795 return VINF_EM_RAW_GUEST_TRAP;
796}
797
798
799/**
800 * Raises a cpu exception with an errorcode.
801 *
802 * This function may or may not dispatch the exception before returning.
803 *
804 * @returns VBox status code fit for scheduling.
805 * @retval VINF_EM_RAW_GUEST_TRAP if the exception was left pending.
806 * @retval VINF_TRPM_XCPT_DISPATCHED if the exception was raised and dispatched for raw-mode execution.
807 * @retval VINF_EM_RESCHEDULE_REM if the exception was dispatched and cannot be executed in raw-mode.
808 *
809 * @param pVM Pointer to the VM.
810 * @param pCtxCore The CPU context core.
811 * @param enmXcpt The exception.
812 * @param uErr The error code.
813 */
814VMMDECL(int) TRPMRaiseXcptErr(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, X86XCPT enmXcpt, uint32_t uErr)
815{
816 LogFlow(("TRPMRaiseXcptErr: cs:eip=%RTsel:%RX32 enmXcpt=%#x uErr=%RX32\n", pCtxCore->cs.Sel, pCtxCore->eip, enmXcpt, uErr));
817/** @todo dispatch the trap. */
818 pVCpu->trpm.s.uActiveVector = enmXcpt;
819 pVCpu->trpm.s.enmActiveType = TRPM_TRAP;
820 pVCpu->trpm.s.uActiveErrorCode = uErr;
821 pVCpu->trpm.s.uActiveCR2 = 0xdeadface;
822 return VINF_EM_RAW_GUEST_TRAP;
823}
824
825
826/**
827 * Raises a cpu exception with an errorcode and CR2.
828 *
829 * This function may or may not dispatch the exception before returning.
830 *
831 * @returns VBox status code fit for scheduling.
832 * @retval VINF_EM_RAW_GUEST_TRAP if the exception was left pending.
833 * @retval VINF_TRPM_XCPT_DISPATCHED if the exception was raised and dispatched for raw-mode execution.
834 * @retval VINF_EM_RESCHEDULE_REM if the exception was dispatched and cannot be executed in raw-mode.
835 *
836 * @param pVM Pointer to the VM.
837 * @param pCtxCore The CPU context core.
838 * @param enmXcpt The exception.
839 * @param uErr The error code.
840 * @param uCR2 The CR2 value.
841 */
842VMMDECL(int) TRPMRaiseXcptErrCR2(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, X86XCPT enmXcpt, uint32_t uErr, RTGCUINTPTR uCR2)
843{
844 LogFlow(("TRPMRaiseXcptErr: cs:eip=%RTsel:%RX32 enmXcpt=%#x uErr=%RX32 uCR2=%RGv\n", pCtxCore->cs.Sel, pCtxCore->eip, enmXcpt, uErr, uCR2));
845/** @todo dispatch the trap. */
846 pVCpu->trpm.s.uActiveVector = enmXcpt;
847 pVCpu->trpm.s.enmActiveType = TRPM_TRAP;
848 pVCpu->trpm.s.uActiveErrorCode = uErr;
849 pVCpu->trpm.s.uActiveCR2 = uCR2;
850 return VINF_EM_RAW_GUEST_TRAP;
851}
852
853
854/**
855 * Clear guest trap/interrupt gate handler
856 *
857 * @returns VBox status code.
858 * @param pVM Pointer to the VM.
859 * @param iTrap Interrupt/trap number.
860 */
861VMMDECL(int) trpmClearGuestTrapHandler(PVM pVM, unsigned iTrap)
862{
863 /*
864 * Validate.
865 */
866 if (iTrap >= RT_ELEMENTS(pVM->trpm.s.aIdt))
867 {
868 AssertMsg(iTrap < TRPM_HANDLER_INT_BASE, ("Illegal gate number %d!\n", iTrap));
869 return VERR_INVALID_PARAMETER;
870 }
871
872 if (ASMBitTest(&pVM->trpm.s.au32IdtPatched[0], iTrap))
873#ifdef IN_RING3
874 trpmR3ClearPassThroughHandler(pVM, iTrap);
875#else
876 AssertFailed();
877#endif
878
879 pVM->trpm.s.aGuestTrapHandler[iTrap] = TRPM_INVALID_HANDLER;
880 return VINF_SUCCESS;
881}
882
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette