VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMGC/TRPMGCHandlers.cpp@ 19032

Last change on this file since 19032 was 19032, checked in by vboxsync, 15 years ago

Split TM for SMP guests.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 45.1 KB
Line 
1/* $Id: TRPMGCHandlers.cpp 19032 2009-04-20 15:03:08Z vboxsync $ */
2/** @file
3 * TRPM - Guest Context Trap Handlers, CPP part
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22
23/*******************************************************************************
24* Header Files *
25*******************************************************************************/
26#define LOG_GROUP LOG_GROUP_TRPM
27#include <VBox/selm.h>
28#include <VBox/iom.h>
29#include <VBox/pgm.h>
30#include <VBox/pdm.h>
31#include <VBox/dbgf.h>
32#include <VBox/em.h>
33#include <VBox/csam.h>
34#include <VBox/patm.h>
35#include <VBox/mm.h>
36#include <VBox/cpum.h>
37#include "TRPMInternal.h"
38#include <VBox/vm.h>
39#include <VBox/vmm.h>
40#include <VBox/param.h>
41
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/x86.h>
46#include <VBox/log.h>
47#include <VBox/tm.h>
48#include <iprt/asm.h>
49#include <iprt/assert.h>
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/* still here. MODR/M byte parsing */
55#define X86_OPCODE_MODRM_MOD_MASK 0xc0
56#define X86_OPCODE_MODRM_REG_MASK 0x38
57#define X86_OPCODE_MODRM_RM_MASK 0x07
58
59/** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
60#define DTRACE_EXPERIMENT
61
62
63/*******************************************************************************
64* Structures and Typedefs *
65*******************************************************************************/
66/** Pointer to a readonly hypervisor trap record. */
67typedef const struct TRPMGCHYPER *PCTRPMGCHYPER;
68
69/**
70 * A hypervisor trap record.
71 * This contains information about a handler for a instruction range.
72 *
73 * @remark This must match what TRPM_HANDLER outputs.
74 */
75typedef struct TRPMGCHYPER
76{
77 /** The start address. */
78 uintptr_t uStartEIP;
79 /** The end address. (exclusive)
80 * If NULL the it's only for the instruction at pvStartEIP. */
81 uintptr_t uEndEIP;
82 /**
83 * The handler.
84 *
85 * @returns VBox status code
86 * VINF_SUCCESS means we've handled the trap.
87 * Any other error code means returning to the host context.
88 * @param pVM The VM handle.
89 * @param pRegFrame The register frame.
90 * @param uUser The user argument.
91 */
92 DECLRCCALLBACKMEMBER(int, pfnHandler, (PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser));
93 /** Whatever the handler desires to put here. */
94 uintptr_t uUser;
95} TRPMGCHYPER;
96
97
98/*******************************************************************************
99* Global Variables *
100*******************************************************************************/
101__BEGIN_DECLS
102/** Defined in VMMGC0.asm or VMMGC99.asm.
103 * @{ */
104extern const TRPMGCHYPER g_aTrap0bHandlers[1];
105extern const TRPMGCHYPER g_aTrap0bHandlersEnd[1];
106extern const TRPMGCHYPER g_aTrap0dHandlers[1];
107extern const TRPMGCHYPER g_aTrap0dHandlersEnd[1];
108extern const TRPMGCHYPER g_aTrap0eHandlers[1];
109extern const TRPMGCHYPER g_aTrap0eHandlersEnd[1];
110/** @} */
111__END_DECLS
112
113
114/*******************************************************************************
115* Internal Functions *
116*******************************************************************************/
117__BEGIN_DECLS /* addressed from asm (not called so no DECLASM). */
118DECLCALLBACK(int) trpmGCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser);
119__END_DECLS
120
121
122
123/**
124 * Exits the trap, called when exiting a trap handler.
125 *
126 * Will reset the trap if it's not a guest trap or the trap
127 * is already handled. Will process resume guest FFs.
128 *
129 * @returns rc, can be adjusted if its VINF_SUCCESS or something really bad
130 * happened.
131 * @param pVM VM handle.
132 * @param rc The VBox status code to return.
133 * @param pRegFrame Pointer to the register frame for the trap.
134 */
135static int trpmGCExitTrap(PVM pVM, int rc, PCPUMCTXCORE pRegFrame)
136{
137 PVMCPU pVCpu = VMMGetCpu0(pVM);
138 uint32_t uOldActiveVector = pVCpu->trpm.s.uActiveVector;
139 NOREF(uOldActiveVector);
140
141 /* Reset trap? */
142 if ( rc != VINF_EM_RAW_GUEST_TRAP
143 && rc != VINF_EM_RAW_RING_SWITCH_INT)
144 pVCpu->trpm.s.uActiveVector = ~0;
145
146#ifdef VBOX_HIGH_RES_TIMERS_HACK
147 /*
148 * We should poll the timers occationally.
149 * We must *NOT* do this too frequently as it adds a significant overhead
150 * and it'll kill us if the trap load is high. (See #1354.)
151 * (The heuristic is not very intelligent, we should really check trap
152 * frequency etc. here, but alas, we lack any such information atm.)
153 */
154 static unsigned s_iTimerPoll = 0;
155 if (rc == VINF_SUCCESS)
156 {
157 if (!(++s_iTimerPoll & 0xf))
158 {
159 uint64_t cTicks = TMTimerPoll(pVM); NOREF(cTicks);
160 Log2(("TMTimerPoll at %08RX32 returned %RX64 (VM_FF_TIMER=%d)\n", pRegFrame->eip, cTicks, VM_FF_ISPENDING(pVM, VM_FF_TIMER)));
161 }
162 }
163 else
164 s_iTimerPoll = 0;
165#endif
166
167 /* Clear pending inhibit interrupt state if required. (necessary for dispatching interrupts later on) */
168 if (VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS))
169 {
170 Log2(("VM_FF_INHIBIT_INTERRUPTS at %08RX32 successor %RGv\n", pRegFrame->eip, EMGetInhibitInterruptsPC(pVM, pVCpu)));
171 if (pRegFrame->eip != EMGetInhibitInterruptsPC(pVM, pVCpu))
172 {
173 /** @note we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here if the eip is the same as the inhibited instr address.
174 * Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
175 * force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
176 * break the guest. Sounds very unlikely, but such timing sensitive problem are not as rare as you might think.
177 */
178 VM_FF_CLEAR(pVM, VM_FF_INHIBIT_INTERRUPTS);
179 }
180 }
181
182 /*
183 * Pending resume-guest-FF?
184 * Or pending (A)PIC interrupt? Windows XP will crash if we delay APIC interrupts.
185 */
186 if ( rc == VINF_SUCCESS
187 && VM_FF_ISPENDING(pVM, VM_FF_TO_R3 | VM_FF_TIMER | VM_FF_INTERRUPT_APIC | VM_FF_INTERRUPT_PIC | VM_FF_REQUEST
188 | VM_FF_PGM_SYNC_CR3 | VM_FF_PGM_SYNC_CR3_NON_GLOBAL | VM_FF_PGM_NO_MEMORY))
189 {
190 /* The out of memory condition naturally outrang the others. */
191 if (RT_UNLIKELY(VM_FF_ISPENDING(pVM, VM_FF_PGM_NO_MEMORY)))
192 rc = VINF_EM_NO_MEMORY;
193 /* Pending Ring-3 action. */
194 else if (VM_FF_ISPENDING(pVM, VM_FF_TO_R3))
195 {
196 VM_FF_CLEAR(pVM, VM_FF_TO_R3);
197 rc = VINF_EM_RAW_TO_R3;
198 }
199 /* Pending timer action. */
200 else if (VM_FF_ISPENDING(pVM, VM_FF_TIMER))
201 rc = VINF_EM_RAW_TIMER_PENDING;
202 /* Pending interrupt: dispatch it. */
203 else if ( VM_FF_ISPENDING(pVM, VM_FF_INTERRUPT_APIC | VM_FF_INTERRUPT_PIC)
204 && !VM_FF_ISSET(pVM, VM_FF_INHIBIT_INTERRUPTS)
205 && PATMAreInterruptsEnabledByCtxCore(pVM, pRegFrame)
206 )
207 {
208 uint8_t u8Interrupt;
209 rc = PDMGetInterrupt(pVM, &u8Interrupt);
210 Log(("trpmGCExitTrap: u8Interrupt=%d (%#x) rc=%Rrc\n", u8Interrupt, u8Interrupt, rc));
211 AssertFatalMsgRC(rc, ("PDMGetInterrupt failed with %Rrc\n", rc));
212 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)u8Interrupt, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_HARDWARE_INT, uOldActiveVector);
213 /* can't return if successful */
214 Assert(rc != VINF_SUCCESS);
215
216 /* Stop the profile counter that was started in TRPMGCHandlersA.asm */
217 Assert(uOldActiveVector <= 16);
218 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
219
220 /* Assert the trap and go to the recompiler to dispatch it. */
221 TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
222
223 STAM_PROFILE_ADV_START(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
224 rc = VINF_EM_RAW_INTERRUPT_PENDING;
225 }
226 /*
227 * Try sync CR3?
228 */
229 else if (VM_FF_ISPENDING(pVM, VM_FF_PGM_SYNC_CR3 | VM_FF_PGM_SYNC_CR3_NON_GLOBAL))
230#if 1
231 rc = PGMSyncCR3(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR3(pVCpu), CPUMGetGuestCR4(pVCpu), VM_FF_ISSET(pVM, VM_FF_PGM_SYNC_CR3));
232#else
233 rc = VINF_PGM_SYNC_CR3;
234#endif
235 /* Pending request packets might contain actions that need immediate attention, such as pending hardware interrupts. */
236 else if (VM_FF_ISPENDING(pVM, VM_FF_REQUEST))
237 rc = VINF_EM_PENDING_REQUEST;
238 }
239
240 AssertMsg( rc != VINF_SUCCESS
241 || ( pRegFrame->eflags.Bits.u1IF
242 && ( pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss & X86_SEL_RPL) || pRegFrame->eflags.Bits.u1VM))
243 , ("rc=%Rrc\neflags=%RX32 ss=%RTsel IOPL=%d\n", rc, pRegFrame->eflags.u32, pRegFrame->ss, pRegFrame->eflags.Bits.u2IOPL));
244 return rc;
245}
246
247
248/**
249 * \#DB (Debug event) handler.
250 *
251 * @returns VBox status code.
252 * VINF_SUCCESS means we completely handled this trap,
253 * other codes are passed execution to host context.
254 *
255 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
256 * @param pRegFrame Pointer to the register frame for the trap.
257 * @internal
258 */
259DECLASM(int) TRPMGCTrap01Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
260{
261 RTGCUINTREG uDr6 = ASMGetAndClearDR6();
262 PVM pVM = TRPMCPU2VM(pTrpmCpu);
263 PVMCPU pVCpu = VMMGetCpu0(pVM);
264
265 LogFlow(("TRPMGC01: cs:eip=%04x:%08x uDr6=%RTreg\n", pRegFrame->cs, pRegFrame->eip, uDr6));
266
267 /*
268 * We currently don't make sure of the X86_DR7_GD bit, but
269 * there might come a time when we do.
270 */
271 if ((uDr6 & X86_DR6_BD) == X86_DR6_BD)
272 {
273 AssertReleaseMsgFailed(("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
274 ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6));
275 return VERR_NOT_IMPLEMENTED;
276 }
277
278 AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
279
280 /*
281 * Now leave the rest to the DBGF.
282 */
283 int rc = DBGFGCTrap01Handler(pVM, pRegFrame, uDr6);
284 if (rc == VINF_EM_RAW_GUEST_TRAP)
285 CPUMSetGuestDR6(pVCpu, uDr6);
286
287 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
288 Log6(("TRPMGC01: %Rrc (%04x:%08x %RTreg)\n", rc, pRegFrame->cs, pRegFrame->eip, uDr6));
289 return rc;
290}
291
292
293/**
294 * NMI handler, for when we are using NMIs to debug things.
295 *
296 * @returns VBox status code.
297 * VINF_SUCCESS means we completely handled this trap,
298 * other codes are passed execution to host context.
299 *
300 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
301 * @param pRegFrame Pointer to the register frame for the trap.
302 * @internal
303 * @remark This is not hooked up unless you're building with VBOX_WITH_NMI defined.
304 */
305DECLASM(int) TRPMGCTrap02Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
306{
307 LogFlow(("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
308 RTLogComPrintf("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip);
309 return VERR_TRPM_DONT_PANIC;
310}
311
312
313/**
314 * \#BP (Breakpoint) handler.
315 *
316 * @returns VBox status code.
317 * VINF_SUCCESS means we completely handled this trap,
318 * other codes are passed execution to host context.
319 *
320 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
321 * @param pRegFrame Pointer to the register frame for the trap.
322 * @internal
323 */
324DECLASM(int) TRPMGCTrap03Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
325{
326 LogFlow(("TRPMGC03: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
327 PVM pVM = TRPMCPU2VM(pTrpmCpu);
328 int rc;
329
330 /*
331 * Both PATM are using INT3s, let them have a go first.
332 */
333 if ( (pRegFrame->ss & X86_SEL_RPL) == 1
334 && !pRegFrame->eflags.Bits.u1VM)
335 {
336 rc = PATMHandleInt3PatchTrap(pVM, pRegFrame);
337 if (rc == VINF_SUCCESS || rc == VINF_EM_RAW_EMULATE_INSTR || rc == VINF_PATM_PATCH_INT3 || rc == VINF_PATM_DUPLICATE_FUNCTION)
338 {
339 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
340 Log6(("TRPMGC03: %Rrc (%04x:%08x) (PATM)\n", rc, pRegFrame->cs, pRegFrame->eip));
341 return rc;
342 }
343 }
344 rc = DBGFGCTrap03Handler(pVM, pRegFrame);
345
346 /* anything we should do with this? Schedule it in GC? */
347 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
348 Log6(("TRPMGC03: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
349 return rc;
350}
351
352
353/**
354 * Trap handler for illegal opcode fault (\#UD).
355 *
356 * @returns VBox status code.
357 * VINF_SUCCESS means we completely handled this trap,
358 * other codes are passed execution to host context.
359 *
360 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
361 * @param pRegFrame Pointer to the register frame for the trap.
362 * @internal
363 */
364DECLASM(int) TRPMGCTrap06Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
365{
366 LogFlow(("TRPMGC06: %04x:%08x efl=%x\n", pRegFrame->cs, pRegFrame->eip, pRegFrame->eflags.u32));
367 PVM pVM = TRPMCPU2VM(pTrpmCpu);
368 PVMCPU pVCpu = VMMGetCpu0(pVM);
369 int rc;
370
371 if (CPUMGetGuestCPL(pVCpu, pRegFrame) == 0)
372 {
373 /*
374 * Decode the instruction.
375 */
376 RTGCPTR PC;
377 rc = SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip, &PC);
378 if (RT_FAILURE(rc))
379 {
380 Log(("TRPMGCTrap06Handler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n", pRegFrame->cs, pRegFrame->eip, pRegFrame->ss & X86_SEL_RPL, rc));
381 rc = trpmGCExitTrap(pVM, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
382 Log6(("TRPMGC06: %Rrc (%04x:%08x) (SELM)\n", rc, pRegFrame->cs, pRegFrame->eip));
383 return rc;
384 }
385
386 DISCPUSTATE Cpu;
387 uint32_t cbOp;
388 rc = EMInterpretDisasOneEx(pVM, pVCpu, (RTGCUINTPTR)PC, pRegFrame, &Cpu, &cbOp);
389 if (RT_FAILURE(rc))
390 {
391 rc = trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
392 Log6(("TRPMGC06: %Rrc (%04x:%08x) (EM)\n", rc, pRegFrame->cs, pRegFrame->eip));
393 return rc;
394 }
395
396 /*
397 * UD2 in a patch?
398 */
399 if ( Cpu.pCurInstr->opcode == OP_ILLUD2
400 && PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
401 {
402 rc = PATMGCHandleIllegalInstrTrap(pVM, pRegFrame);
403 /** @todo These tests are completely unnecessary, should just follow the
404 * flow and return at the end of the function. */
405 if ( rc == VINF_SUCCESS
406 || rc == VINF_EM_RAW_EMULATE_INSTR
407 || rc == VINF_PATM_DUPLICATE_FUNCTION
408 || rc == VINF_PATM_PENDING_IRQ_AFTER_IRET
409 || rc == VINF_EM_RESCHEDULE)
410 {
411 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
412 Log6(("TRPMGC06: %Rrc (%04x:%08x) (PATM)\n", rc, pRegFrame->cs, pRegFrame->eip));
413 return rc;
414 }
415 }
416 /*
417 * Speed up dtrace and don't entrust invalid lock sequences to the recompiler.
418 */
419 else if (Cpu.prefix & PREFIX_LOCK)
420 {
421 Log(("TRPMGCTrap06Handler: pc=%08x op=%d\n", pRegFrame->eip, Cpu.pCurInstr->opcode));
422#ifdef DTRACE_EXPERIMENT /** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
423 Assert(!PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip));
424 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0x6, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, 0x6);
425 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
426#else
427 rc = VINF_EM_RAW_EMULATE_INSTR;
428#endif
429 }
430 /*
431 * Handle MONITOR - it causes an #UD exception instead of #GP when not executed in ring 0.
432 */
433 else if (Cpu.pCurInstr->opcode == OP_MONITOR)
434 {
435 uint32_t cbIgnored;
436 rc = EMInterpretInstructionCPU(pVM, pVCpu, &Cpu, pRegFrame, PC, &cbIgnored);
437 if (RT_LIKELY(RT_SUCCESS(rc)))
438 pRegFrame->eip += Cpu.opsize;
439 }
440 /* Never generate a raw trap here; it might be an instruction, that requires emulation. */
441 else
442 rc = VINF_EM_RAW_EMULATE_INSTR;
443 }
444 else
445 {
446 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0x6, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, 0x6);
447 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
448 }
449
450 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
451 Log6(("TRPMGC06: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
452 return rc;
453}
454
455
456/**
457 * Trap handler for device not present fault (\#NM).
458 *
459 * Device not available, FP or (F)WAIT instruction.
460 *
461 * @returns VBox status code.
462 * VINF_SUCCESS means we completely handled this trap,
463 * other codes are passed execution to host context.
464 *
465 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
466 * @param pRegFrame Pointer to the register frame for the trap.
467 * @internal
468 */
469DECLASM(int) TRPMGCTrap07Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
470{
471 LogFlow(("TRPMGC07: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
472 PVM pVM = TRPMCPU2VM(pTrpmCpu);
473 PVMCPU pVCpu = VMMGetCpu0(pVM);
474
475 int rc = CPUMHandleLazyFPU(pVCpu);
476 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
477 Log6(("TRPMGC07: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
478 return rc;
479}
480
481
482/**
483 * \#NP ((segment) Not Present) handler.
484 *
485 * @returns VBox status code.
486 * VINF_SUCCESS means we completely handled this trap,
487 * other codes are passed execution to host context.
488 *
489 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
490 * @param pRegFrame Pointer to the register frame for the trap.
491 * @internal
492 */
493DECLASM(int) TRPMGCTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
494{
495 LogFlow(("TRPMGC0b: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
496 PVM pVM = TRPMCPU2VM(pTrpmCpu);
497
498 /*
499 * Try to detect instruction by opcode which caused trap.
500 * XXX note: this code may cause \#PF (trap e) or \#GP (trap d) while
501 * accessing user code. need to handle it somehow in future!
502 */
503 RTGCPTR GCPtr;
504 if (SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip, &GCPtr) == VINF_SUCCESS)
505 {
506 uint8_t *pu8Code = (uint8_t *)(uintptr_t)GCPtr;
507
508 /*
509 * First skip possible instruction prefixes, such as:
510 * OS, AS
511 * CS:, DS:, ES:, SS:, FS:, GS:
512 * REPE, REPNE
513 *
514 * note: Currently we supports only up to 4 prefixes per opcode, more
515 * prefixes (normally not used anyway) will cause trap d in guest.
516 * note: Instruction length in IA-32 may be up to 15 bytes, we dont
517 * check this issue, its too hard.
518 */
519 for (unsigned i = 0; i < 4; i++)
520 {
521 if ( pu8Code[0] != 0xf2 /* REPNE/REPNZ */
522 && pu8Code[0] != 0xf3 /* REP/REPE/REPZ */
523 && pu8Code[0] != 0x2e /* CS: */
524 && pu8Code[0] != 0x36 /* SS: */
525 && pu8Code[0] != 0x3e /* DS: */
526 && pu8Code[0] != 0x26 /* ES: */
527 && pu8Code[0] != 0x64 /* FS: */
528 && pu8Code[0] != 0x65 /* GS: */
529 && pu8Code[0] != 0x66 /* OS */
530 && pu8Code[0] != 0x67 /* AS */
531 )
532 break;
533 pu8Code++;
534 }
535
536 /*
537 * Detect right switch using a callgate.
538 *
539 * We recognize the following causes for the trap 0b:
540 * CALL FAR, CALL FAR []
541 * JMP FAR, JMP FAR []
542 * IRET (may cause a task switch)
543 *
544 * Note: we can't detect whether the trap was caused by a call to a
545 * callgate descriptor or it is a real trap 0b due to a bad selector.
546 * In both situations we'll pass execution to our recompiler so we don't
547 * have to worry.
548 * If we wanted to do better detection, we have set GDT entries to callgate
549 * descriptors pointing to our own handlers.
550 */
551 /** @todo not sure about IRET, may generate Trap 0d (\#GP), NEED TO CHECK! */
552 if ( pu8Code[0] == 0x9a /* CALL FAR */
553 || ( pu8Code[0] == 0xff /* CALL FAR [] */
554 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x18)
555 || pu8Code[0] == 0xea /* JMP FAR */
556 || ( pu8Code[0] == 0xff /* JMP FAR [] */
557 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x28)
558 || pu8Code[0] == 0xcf /* IRET */
559 )
560 {
561 /*
562 * Got potential call to callgate.
563 * We simply return execution to the recompiler to do emulation
564 * starting from the instruction which caused the trap.
565 */
566 pTrpmCpu->uActiveVector = ~0;
567 Log6(("TRPMGC0b: %Rrc (%04x:%08x) (CG)\n", VINF_EM_RAW_RING_SWITCH, pRegFrame->cs, pRegFrame->eip));
568 return VINF_EM_RAW_RING_SWITCH;
569 }
570 }
571
572 /*
573 * Pass trap 0b as is to the recompiler in all other cases.
574 */
575 Log6(("TRPMGC0b: %Rrc (%04x:%08x)\n", VINF_EM_RAW_GUEST_TRAP, pRegFrame->cs, pRegFrame->eip));
576 return VINF_EM_RAW_GUEST_TRAP;
577}
578
579
580/**
581 * \#GP (General Protection Fault) handler for Ring-0 privileged instructions.
582 *
583 * @returns VBox status code.
584 * VINF_SUCCESS means we completely handled this trap,
585 * other codes are passed execution to host context.
586 *
587 * @param pVM The VM handle.
588 * @param pRegFrame Pointer to the register frame for the trap.
589 * @param pCpu The opcode info.
590 * @param PC The program counter corresponding to cs:eip in pRegFrame.
591 */
592static int trpmGCTrap0dHandlerRing0(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
593{
594 int rc;
595 PVMCPU pVCpu = VMMGetCpu0(pVM);
596
597 /*
598 * Try handle it here, if not return to HC and emulate/interpret it there.
599 */
600 switch (pCpu->pCurInstr->opcode)
601 {
602 case OP_INT3:
603 /*
604 * Little hack to make the code below not fail
605 */
606 pCpu->param1.flags = USE_IMMEDIATE8;
607 pCpu->param1.parval = 3;
608 /* fallthru */
609 case OP_INT:
610 {
611 Assert(pCpu->param1.flags & USE_IMMEDIATE8);
612 Assert(!(PATMIsPatchGCAddr(pVM, (RTRCPTR)PC)));
613 if (pCpu->param1.parval == 3)
614 {
615 /* Int 3 replacement patch? */
616 if (PATMHandleInt3PatchTrap(pVM, pRegFrame) == VINF_SUCCESS)
617 {
618 AssertFailed();
619 return trpmGCExitTrap(pVM, VINF_SUCCESS, pRegFrame);
620 }
621 }
622 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->param1.parval, pCpu->opsize, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
623 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
624 return trpmGCExitTrap(pVM, VINF_SUCCESS, pRegFrame);
625
626 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
627 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
628 return trpmGCExitTrap(pVM, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
629 }
630
631#ifdef PATM_EMULATE_SYSENTER
632 case OP_SYSEXIT:
633 case OP_SYSRET:
634 rc = PATMSysCall(pVM, pRegFrame, pCpu);
635 return trpmGCExitTrap(pVM, rc, pRegFrame);
636#endif
637
638 case OP_HLT:
639 /* If it's in patch code, defer to ring-3. */
640 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)PC))
641 break;
642
643 pRegFrame->eip += pCpu->opsize;
644 return trpmGCExitTrap(pVM, VINF_EM_HALT, pRegFrame);
645
646
647 /*
648 * These instructions are used by PATM and CASM for finding
649 * dangerous non-trapping instructions. Thus, since all
650 * scanning and patching is done in ring-3 we'll have to
651 * return to ring-3 on the first encounter of these instructions.
652 */
653 case OP_MOV_CR:
654 case OP_MOV_DR:
655 /* We can safely emulate control/debug register move instructions in patched code. */
656 if ( !PATMIsPatchGCAddr(pVM, (RTRCPTR)PC)
657 && !CSAMIsKnownDangerousInstr(pVM, (RTRCPTR)PC))
658 break;
659 case OP_INVLPG:
660 case OP_LLDT:
661 case OP_STI:
662 case OP_RDTSC: /* just in case */
663 case OP_RDPMC:
664 case OP_CLTS:
665 case OP_WBINVD: /* nop */
666 case OP_RDMSR:
667 case OP_WRMSR:
668 {
669 uint32_t cbIgnored;
670 rc = EMInterpretInstructionCPU(pVM, pVCpu, pCpu, pRegFrame, PC, &cbIgnored);
671 if (RT_SUCCESS(rc))
672 pRegFrame->eip += pCpu->opsize;
673 else if (rc == VERR_EM_INTERPRETER)
674 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
675 return trpmGCExitTrap(pVM, rc, pRegFrame);
676 }
677 }
678
679 return trpmGCExitTrap(pVM, VINF_EM_RAW_EXCEPTION_PRIVILEGED, pRegFrame);
680}
681
682
683/**
684 * \#GP (General Protection Fault) handler for Ring-3.
685 *
686 * @returns VBox status code.
687 * VINF_SUCCESS means we completely handled this trap,
688 * other codes are passed execution to host context.
689 *
690 * @param pVM The VM handle.
691 * @param pRegFrame Pointer to the register frame for the trap.
692 * @param pCpu The opcode info.
693 * @param PC The program counter corresponding to cs:eip in pRegFrame.
694 */
695static int trpmGCTrap0dHandlerRing3(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
696{
697 int rc;
698 PVMCPU pVCpu = VMMGetCpu0(pVM);
699
700 Assert(!pRegFrame->eflags.Bits.u1VM);
701
702 switch (pCpu->pCurInstr->opcode)
703 {
704 /*
705 * INT3 and INT xx are ring-switching.
706 * (The shadow IDT will have set the entries to DPL=0, that's why we're here.)
707 */
708 case OP_INT3:
709 /*
710 * Little hack to make the code below not fail
711 */
712 pCpu->param1.flags = USE_IMMEDIATE8;
713 pCpu->param1.parval = 3;
714 /* fall thru */
715 case OP_INT:
716 {
717 Assert(pCpu->param1.flags & USE_IMMEDIATE8);
718 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->param1.parval, pCpu->opsize, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
719 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
720 return trpmGCExitTrap(pVM, VINF_SUCCESS, pRegFrame);
721
722 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
723 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
724 return trpmGCExitTrap(pVM, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
725 }
726
727 /*
728 * SYSCALL, SYSENTER, INTO and BOUND are also ring-switchers.
729 */
730 case OP_SYSCALL:
731 case OP_SYSENTER:
732#ifdef PATM_EMULATE_SYSENTER
733 rc = PATMSysCall(pVM, pRegFrame, pCpu);
734 if (rc == VINF_SUCCESS)
735 return trpmGCExitTrap(pVM, VINF_SUCCESS, pRegFrame);
736 /* else no break; */
737#endif
738 case OP_BOUND:
739 case OP_INTO:
740 pVCpu->trpm.s.uActiveVector = ~0;
741 return trpmGCExitTrap(pVM, VINF_EM_RAW_RING_SWITCH, pRegFrame);
742
743 /*
744 * Handle virtualized TSC & PMC reads, just in case.
745 */
746 case OP_RDTSC:
747 case OP_RDPMC:
748 {
749 uint32_t cbIgnored;
750 rc = EMInterpretInstructionCPU(pVM, pVCpu, pCpu, pRegFrame, PC, &cbIgnored);
751 if (RT_SUCCESS(rc))
752 pRegFrame->eip += pCpu->opsize;
753 else if (rc == VERR_EM_INTERPRETER)
754 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
755 return trpmGCExitTrap(pVM, rc, pRegFrame);
756 }
757
758 /*
759 * STI and CLI are I/O privileged, i.e. if IOPL
760 */
761 case OP_STI:
762 case OP_CLI:
763 {
764 uint32_t efl = CPUMRawGetEFlags(pVCpu, pRegFrame);
765 if (X86_EFL_GET_IOPL(efl) >= (unsigned)(pRegFrame->ss & X86_SEL_RPL))
766 {
767 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> REM\n"));
768 return trpmGCExitTrap(pVM, VINF_EM_RESCHEDULE_REM, pRegFrame);
769 }
770 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> #GP(0)\n"));
771 break;
772 }
773 }
774
775 /*
776 * A genuine guest fault.
777 */
778 return trpmGCExitTrap(pVM, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
779}
780
781
782/**
783 * Emulates RDTSC for the \#GP handler.
784 *
785 * @returns VINF_SUCCESS or VINF_EM_RAW_EMULATE_INSTR.
786 *
787 * @param pVM Pointer to the shared VM structure.
788 * @param pRegFrame Pointer to the registre frame for the trap.
789 * This will be updated on successful return.
790 */
791DECLINLINE(int) trpmGCTrap0dHandlerRdTsc(PVM pVM, PCPUMCTXCORE pRegFrame)
792{
793 PVMCPU pVCpu = VMMGetCpu0(pVM);
794
795 STAM_COUNTER_INC(&pVM->trpm.s.StatTrap0dRdTsc);
796
797 if (CPUMGetGuestCR4(pVCpu) & X86_CR4_TSD)
798 return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame); /* will trap (optimize later). */
799
800 uint64_t uTicks = TMCpuTickGet(pVCpu);
801 pRegFrame->eax = uTicks;
802 pRegFrame->edx = uTicks >> 32;
803 pRegFrame->eip += 2;
804 return trpmGCExitTrap(pVM, VINF_SUCCESS, pRegFrame);
805}
806
807
808/**
809 * \#GP (General Protection Fault) handler.
810 *
811 * @returns VBox status code.
812 * VINF_SUCCESS means we completely handled this trap,
813 * other codes are passed execution to host context.
814 *
815 * @param pVM The VM handle.
816 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
817 * @param pRegFrame Pointer to the register frame for the trap.
818 */
819static int trpmGCTrap0dHandler(PVM pVM, PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
820{
821 PVMCPU pVCpu = VMMGetCpu0(pVM);
822
823 LogFlow(("trpmGCTrap0dHandler: cs:eip=%RTsel:%08RX32 uErr=%RGv\n", pRegFrame->ss, pRegFrame->eip, pTrpmCpu->uActiveErrorCode));
824
825 /*
826 * Convert and validate CS.
827 */
828 STAM_PROFILE_START(&pVM->trpm.s.StatTrap0dDisasm, a);
829 RTGCPTR PC;
830 uint32_t cBits;
831 int rc = SELMValidateAndConvertCSAddrGCTrap(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs,
832 (RTGCPTR)pRegFrame->eip, &PC, &cBits);
833 if (RT_FAILURE(rc))
834 {
835 Log(("trpmGCTrap0dHandler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n",
836 pRegFrame->cs, pRegFrame->eip, pRegFrame->ss & X86_SEL_RPL, rc));
837 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
838 return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
839 }
840
841 /*
842 * Optimize RDTSC traps.
843 * Some guests (like Solaris) are using RDTSC all over the place and
844 * will end up trapping a *lot* because of that.
845 */
846 if ( !pRegFrame->eflags.Bits.u1VM
847 && ((uint8_t *)PC)[0] == 0x0f
848 && ((uint8_t *)PC)[1] == 0x31)
849 {
850 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
851 return trpmGCTrap0dHandlerRdTsc(pVM, pRegFrame);
852 }
853
854 /*
855 * Disassemble the instruction.
856 */
857 DISCPUSTATE Cpu;
858 uint32_t cbOp;
859 rc = DISCoreOneEx((RTGCUINTPTR)PC, cBits == 32 ? CPUMODE_32BIT : cBits == 16 ? CPUMODE_16BIT : CPUMODE_64BIT,
860 NULL, NULL, &Cpu, &cbOp);
861 if (RT_FAILURE(rc))
862 {
863 AssertMsgFailed(("DISCoreOneEx failed to PC=%RGv rc=%Rrc\n", PC, rc));
864 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
865 return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
866 }
867 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
868
869 /*
870 * Deal with I/O port access.
871 */
872 if ( pVCpu->trpm.s.uActiveErrorCode == 0
873 && (Cpu.pCurInstr->optype & OPTYPE_PORTIO))
874 {
875 rc = EMInterpretPortIO(pVM, pVCpu, pRegFrame, &Cpu, cbOp);
876 return trpmGCExitTrap(pVM, rc, pRegFrame);
877 }
878
879 /*
880 * Deal with Ring-0 (privileged instructions)
881 */
882 if ( (pRegFrame->ss & X86_SEL_RPL) <= 1
883 && !pRegFrame->eflags.Bits.u1VM)
884 return trpmGCTrap0dHandlerRing0(pVM, pRegFrame, &Cpu, PC);
885
886 /*
887 * Deal with Ring-3 GPs.
888 */
889 if (!pRegFrame->eflags.Bits.u1VM)
890 return trpmGCTrap0dHandlerRing3(pVM, pRegFrame, &Cpu, PC);
891
892 /*
893 * Deal with v86 code.
894 *
895 * We always set IOPL to zero which makes e.g. pushf fault in V86
896 * mode. The guest might use IOPL=3 and therefore not expect a #GP.
897 * Simply fall back to the recompiler to emulate this instruction if
898 * that's the case. To get the correct we must use CPUMRawGetEFlags.
899 */
900 X86EFLAGS eflags;
901 eflags.u32 = CPUMRawGetEFlags(pVCpu, pRegFrame); /* Get the correct value. */
902 Log3(("TRPM #GP V86: cs:eip=%04x:%08x IOPL=%d efl=%08x\n", pRegFrame->cs, pRegFrame->eip, eflags.Bits.u2IOPL, eflags.u));
903 if (eflags.Bits.u2IOPL != 3)
904 {
905 Assert(eflags.Bits.u2IOPL == 0);
906
907 int rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xD, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xd);
908 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
909 return trpmGCExitTrap(pVM, rc, pRegFrame);
910 }
911 return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
912}
913
914
915/**
916 * \#GP (General Protection Fault) handler.
917 *
918 * @returns VBox status code.
919 * VINF_SUCCESS means we completely handled this trap,
920 * other codes are passed execution to host context.
921 *
922 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
923 * @param pRegFrame Pointer to the register frame for the trap.
924 * @internal
925 */
926DECLASM(int) TRPMGCTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
927{
928 PVM pVM = TRPMCPU2VM(pTrpmCpu);
929 PVMCPU pVCpu = VMMGetCpu0(pVM);
930
931 LogFlow(("TRPMGC0d: %04x:%08x err=%x\n", pRegFrame->cs, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode));
932
933 int rc = trpmGCTrap0dHandler(pVM, pTrpmCpu, pRegFrame);
934 switch (rc)
935 {
936 case VINF_EM_RAW_GUEST_TRAP:
937 case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
938 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
939 rc = VINF_PATM_PATCH_TRAP_GP;
940 break;
941
942 case VINF_EM_RAW_INTERRUPT_PENDING:
943 Assert(TRPMHasTrap(pVCpu));
944 /* no break; */
945 case VINF_PGM_SYNC_CR3: /** @todo Check this with Sander. */
946 case VINF_EM_RAW_EMULATE_INSTR:
947 case VINF_IOM_HC_IOPORT_READ:
948 case VINF_IOM_HC_IOPORT_WRITE:
949 case VINF_IOM_HC_MMIO_WRITE:
950 case VINF_IOM_HC_MMIO_READ:
951 case VINF_IOM_HC_MMIO_READ_WRITE:
952 case VINF_PATM_PATCH_INT3:
953 case VINF_EM_NO_MEMORY:
954 case VINF_EM_RAW_TO_R3:
955 case VINF_EM_RAW_TIMER_PENDING:
956 case VINF_EM_PENDING_REQUEST:
957 case VINF_EM_HALT:
958 case VINF_SUCCESS:
959 break;
960
961 default:
962 AssertMsg(PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip) == false, ("return code %d\n", rc));
963 break;
964 }
965 Log6(("TRPMGC0d: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
966 return rc;
967}
968
969
970/**
971 * \#PF (Page Fault) handler.
972 *
973 * Calls PGM which does the actual handling.
974 *
975 *
976 * @returns VBox status code.
977 * VINF_SUCCESS means we completely handled this trap,
978 * other codes are passed execution to host context.
979 *
980 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
981 * @param pRegFrame Pointer to the register frame for the trap.
982 * @internal
983 */
984DECLASM(int) TRPMGCTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
985{
986 PVM pVM = TRPMCPU2VM(pTrpmCpu);
987 PVMCPU pVCpu = VMMGetCpu0(pVM);
988
989 LogFlow(("TRPMGC0e: %04x:%08x err=%x cr2=%08x\n", pRegFrame->cs, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode, (uint32_t)pVCpu->trpm.s.uActiveCR2));
990
991 /*
992 * This is all PGM stuff.
993 */
994 int rc = PGMTrap0eHandler(pVCpu, pVCpu->trpm.s.uActiveErrorCode, pRegFrame, (RTGCPTR)pVCpu->trpm.s.uActiveCR2);
995 switch (rc)
996 {
997 case VINF_EM_RAW_EMULATE_INSTR:
998 case VINF_EM_RAW_EMULATE_INSTR_PD_FAULT:
999 case VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT:
1000 case VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT:
1001 case VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT:
1002 case VINF_EM_RAW_EMULATE_INSTR_IDT_FAULT:
1003 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
1004 rc = VINF_PATCH_EMULATE_INSTR;
1005 break;
1006
1007 case VINF_EM_RAW_GUEST_TRAP:
1008 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
1009 return VINF_PATM_PATCH_TRAP_PF;
1010
1011 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xE, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xe);
1012 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
1013 break;
1014
1015 case VINF_EM_RAW_INTERRUPT_PENDING:
1016 Assert(TRPMHasTrap(pVCpu));
1017 /* no break; */
1018 case VINF_IOM_HC_MMIO_READ:
1019 case VINF_IOM_HC_MMIO_WRITE:
1020 case VINF_IOM_HC_MMIO_READ_WRITE:
1021 case VINF_PATM_HC_MMIO_PATCH_READ:
1022 case VINF_PATM_HC_MMIO_PATCH_WRITE:
1023 case VINF_SUCCESS:
1024 case VINF_EM_RAW_TO_R3:
1025 case VINF_EM_PENDING_REQUEST:
1026 case VINF_EM_RAW_TIMER_PENDING:
1027 case VINF_EM_NO_MEMORY:
1028 case VINF_CSAM_PENDING_ACTION:
1029 case VINF_PGM_SYNC_CR3: /** @todo Check this with Sander. */
1030 break;
1031
1032 default:
1033 AssertMsg(PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip) == false, ("Patch address for return code %d. eip=%08x\n", rc, pRegFrame->eip));
1034 break;
1035 }
1036 rc = trpmGCExitTrap(pVM, rc, pRegFrame);
1037 Log6(("TRPMGC0e: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
1038 return rc;
1039}
1040
1041
1042/**
1043 * Scans for the EIP in the specified array of trap handlers.
1044 *
1045 * If we don't fine the EIP, we'll panic.
1046 *
1047 * @returns VBox status code.
1048 *
1049 * @param pVM The VM handle.
1050 * @param pRegFrame Pointer to the register frame for the trap.
1051 * @param paHandlers The array of trap handler records.
1052 * @param pEndRecord The end record (exclusive).
1053 */
1054static int trpmGCHyperGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, PCTRPMGCHYPER paHandlers, PCTRPMGCHYPER pEndRecord)
1055{
1056 uintptr_t uEip = (uintptr_t)pRegFrame->eip;
1057 Assert(paHandlers <= pEndRecord);
1058
1059 Log(("trpmGCHyperGeneric: uEip=%x %p-%p\n", uEip, paHandlers, pEndRecord));
1060
1061#if 0 /// @todo later
1062 /*
1063 * Start by doing a kind of binary search.
1064 */
1065 unsigned iStart = 0;
1066 unsigned iEnd = pEndRecord - paHandlers;
1067 unsigned i = iEnd / 2;
1068#endif
1069
1070 /*
1071 * Do a linear search now (in case the array wasn't properly sorted).
1072 */
1073 for (PCTRPMGCHYPER pCur = paHandlers; pCur < pEndRecord; pCur++)
1074 {
1075 if ( pCur->uStartEIP <= uEip
1076 && (pCur->uEndEIP ? pCur->uEndEIP > uEip : pCur->uStartEIP == uEip))
1077 return pCur->pfnHandler(pVM, pRegFrame, pCur->uUser);
1078 }
1079
1080 return VERR_TRPM_DONT_PANIC;
1081}
1082
1083
1084/**
1085 * Hypervisor \#NP ((segment) Not Present) handler.
1086 *
1087 * Scans for the EIP in the registered trap handlers.
1088 *
1089 * @returns VBox status code.
1090 * VINF_SUCCESS means we completely handled this trap,
1091 * other codes are passed back to host context.
1092 *
1093 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1094 * @param pRegFrame Pointer to the register frame for the trap.
1095 * @internal
1096 */
1097DECLASM(int) TRPMGCHyperTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1098{
1099 return trpmGCHyperGeneric(TRPMCPU2VM(pTrpmCpu), pRegFrame, g_aTrap0bHandlers, g_aTrap0bHandlersEnd);
1100}
1101
1102
1103/**
1104 * Hypervisor \#GP (General Protection Fault) handler.
1105 *
1106 * Scans for the EIP in the registered trap handlers.
1107 *
1108 * @returns VBox status code.
1109 * VINF_SUCCESS means we completely handled this trap,
1110 * other codes are passed back to host context.
1111 *
1112 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1113 * @param pRegFrame Pointer to the register frame for the trap.
1114 * @internal
1115 */
1116DECLASM(int) TRPMGCHyperTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1117{
1118 return trpmGCHyperGeneric(TRPMCPU2VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1119}
1120
1121
1122/**
1123 * Hypervisor \#PF (Page Fault) handler.
1124 *
1125 * Scans for the EIP in the registered trap handlers.
1126 *
1127 * @returns VBox status code.
1128 * VINF_SUCCESS means we completely handled this trap,
1129 * other codes are passed back to host context.
1130 *
1131 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1132 * @param pRegFrame Pointer to the register frame for the trap.
1133 * @internal
1134 */
1135DECLASM(int) TRPMGCHyperTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1136{
1137 return trpmGCHyperGeneric(TRPMCPU2VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1138}
1139
1140
1141/**
1142 * Deal with hypervisor traps occuring when resuming execution on a trap.
1143 *
1144 * @returns VBox status code.
1145 * @param pVM The VM handle.
1146 * @param pRegFrame Register frame.
1147 * @param uUser User arg.
1148 */
1149DECLCALLBACK(int) trpmGCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser)
1150{
1151 Log(("********************************************************\n"));
1152 Log(("trpmGCTrapInGeneric: eip=%RX32 uUser=%#x\n", pRegFrame->eip, uUser));
1153 Log(("********************************************************\n"));
1154
1155 if (uUser & TRPM_TRAP_IN_HYPER)
1156 {
1157 /*
1158 * Check that there is still some stack left, if not we'll flag
1159 * a guru meditation (the alternative is a triple fault).
1160 */
1161 RTRCUINTPTR cbStackUsed = (RTRCUINTPTR)VMMGetStackRC(pVM) - pRegFrame->esp;
1162 if (cbStackUsed > VMM_STACK_SIZE - _1K)
1163 {
1164 LogRel(("trpmGCTrapInGeneric: ran out of stack: esp=#x cbStackUsed=%#x\n", pRegFrame->esp, cbStackUsed));
1165 return VERR_TRPM_DONT_PANIC;
1166 }
1167
1168 /*
1169 * Just zero the register containing the selector in question.
1170 * We'll deal with the actual stale or troublesome selector value in
1171 * the outermost trap frame.
1172 */
1173 switch (uUser & TRPM_TRAP_IN_OP_MASK)
1174 {
1175 case TRPM_TRAP_IN_MOV_GS:
1176 pRegFrame->eax = 0;
1177 pRegFrame->gs = 0; /* prevent recursive trouble. */
1178 break;
1179 case TRPM_TRAP_IN_MOV_FS:
1180 pRegFrame->eax = 0;
1181 pRegFrame->fs = 0; /* prevent recursive trouble. */
1182 return VINF_SUCCESS;
1183
1184 default:
1185 AssertMsgFailed(("Invalid uUser=%#x\n", uUser));
1186 return VERR_INTERNAL_ERROR;
1187 }
1188 }
1189 else
1190 {
1191 /*
1192 * Reconstruct the guest context and switch to the recompiler.
1193 * We ASSUME we're only at
1194 */
1195 CPUMCTXCORE CtxCore = *pRegFrame;
1196 uint32_t *pEsp = (uint32_t *)pRegFrame->esp;
1197 int rc;
1198
1199 switch (uUser)
1200 {
1201 /*
1202 * This will only occur when resuming guest code in a trap handler!
1203 */
1204 /* @note ASSUMES esp points to the temporary guest CPUMCTXCORE!!! */
1205 case TRPM_TRAP_IN_MOV_GS:
1206 case TRPM_TRAP_IN_MOV_FS:
1207 case TRPM_TRAP_IN_MOV_ES:
1208 case TRPM_TRAP_IN_MOV_DS:
1209 {
1210 PCPUMCTXCORE pTempGuestCtx = (PCPUMCTXCORE)pEsp;
1211
1212 /* Just copy the whole thing; several selector registers, eip (etc) and eax are not yet in pRegFrame. */
1213 CtxCore = *pTempGuestCtx;
1214 rc = VINF_EM_RAW_STALE_SELECTOR;
1215 break;
1216 }
1217
1218 /*
1219 * This will only occur when resuming guest code!
1220 */
1221 case TRPM_TRAP_IN_IRET:
1222 CtxCore.eip = *pEsp++;
1223 CtxCore.cs = (RTSEL)*pEsp++;
1224 CtxCore.eflags.u32 = *pEsp++;
1225 CtxCore.esp = *pEsp++;
1226 CtxCore.ss = (RTSEL)*pEsp++;
1227 rc = VINF_EM_RAW_IRET_TRAP;
1228 break;
1229
1230 /*
1231 * This will only occur when resuming V86 guest code!
1232 */
1233 case TRPM_TRAP_IN_IRET | TRPM_TRAP_IN_V86:
1234 CtxCore.eip = *pEsp++;
1235 CtxCore.cs = (RTSEL)*pEsp++;
1236 CtxCore.eflags.u32 = *pEsp++;
1237 CtxCore.esp = *pEsp++;
1238 CtxCore.ss = (RTSEL)*pEsp++;
1239 CtxCore.es = (RTSEL)*pEsp++;
1240 CtxCore.ds = (RTSEL)*pEsp++;
1241 CtxCore.fs = (RTSEL)*pEsp++;
1242 CtxCore.gs = (RTSEL)*pEsp++;
1243 rc = VINF_EM_RAW_IRET_TRAP;
1244 break;
1245
1246 default:
1247 AssertMsgFailed(("Invalid uUser=%#x\n", uUser));
1248 return VERR_INTERNAL_ERROR;
1249 }
1250
1251
1252 CPUMSetGuestCtxCore(VMMGetCpu0(pVM), &CtxCore);
1253 TRPMGCHyperReturnToHost(pVM, rc);
1254 }
1255
1256 AssertMsgFailed(("Impossible!\n"));
1257 return VERR_INTERNAL_ERROR;
1258}
1259
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette