VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMRC/TRPMRCHandlers.cpp@ 61144

Last change on this file since 61144 was 61144, checked in by vboxsync, 9 years ago

CPUM,HM,GVMM,TRPM,VMM: Next part of the FPU state handling for IEM. This is a little bit risky change as we now leave CR0.TS+EM cleared after saving the host state, they only get restored when we restore the host state. On Windows, Darwin, and later on Linux (needs testing) we will rely on #NM handling of the host OS and not our own CR.TS/EM handy work. This means we won't be saving the host state but rather the ring-3 state of our own thread. This change also introduces a CPUM force flag that we're using for restoring CR0.TS/EM in raw-mode (it may be extended with other uses later if we need to).

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 56.3 KB
Line 
1/* $Id: TRPMRCHandlers.cpp 61144 2016-05-23 22:16:26Z vboxsync $ */
2/** @file
3 * TRPM - Raw-mode Context Trap Handlers, CPP part
4 */
5
6/*
7 * Copyright (C) 2006-2015 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#define LOG_GROUP LOG_GROUP_TRPM
23#include <VBox/vmm/selm.h>
24#include <VBox/vmm/iom.h>
25#include <VBox/vmm/pgm.h>
26#include <VBox/vmm/pdmapi.h>
27#include <VBox/vmm/dbgf.h>
28#include <VBox/vmm/em.h>
29#include <VBox/vmm/gim.h>
30#ifdef VBOX_WITH_NEW_APIC
31# include <VBox/vmm/apic.h>
32#endif
33#include <VBox/vmm/csam.h>
34#include <VBox/vmm/patm.h>
35#include <VBox/vmm/mm.h>
36#include <VBox/vmm/cpum.h>
37#include "TRPMInternal.h"
38#include <VBox/vmm/vm.h>
39#include <VBox/vmm/vmm.h>
40#include <VBox/param.h>
41
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/log.h>
46#include <VBox/vmm/tm.h>
47#include <iprt/asm.h>
48#include <iprt/asm-amd64-x86.h>
49#include <iprt/assert.h>
50#include <iprt/x86.h>
51
52
53/*********************************************************************************************************************************
54* Defined Constants And Macros *
55*********************************************************************************************************************************/
56/* still here. MODR/M byte parsing */
57#define X86_OPCODE_MODRM_MOD_MASK 0xc0
58#define X86_OPCODE_MODRM_REG_MASK 0x38
59#define X86_OPCODE_MODRM_RM_MASK 0x07
60
61/** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
62#define DTRACE_EXPERIMENT
63
64#if 1
65# define TRPM_ENTER_DBG_HOOK(a_iVector) do {} while (0)
66# define TRPM_EXIT_DBG_HOOK(a_iVector) do {} while (0)
67# define TRPM_ENTER_DBG_HOOK_HYPER(a_iVector) do {} while (0)
68# define TRPM_EXIT_DBG_HOOK_HYPER(a_iVector) do {} while (0)
69#else
70# define TRPM_ENTER_DBG_HOOK(a_iVector) \
71 uint32_t const fDbgEFlags1 = CPUMRawGetEFlags(pVCpu); \
72 if (!(fDbgEFlags1 & X86_EFL_IF)) Log(("%s: IF=0 ##\n", __FUNCTION__)); \
73 else do {} while (0)
74# define TRPM_EXIT_DBG_HOOK(a_iVector) \
75 do { \
76 uint32_t const fDbgEFlags2 = CPUMRawGetEFlags(pVCpu); \
77 if ((fDbgEFlags1 ^ fDbgEFlags2) & (X86_EFL_IF | X86_EFL_IOPL)) \
78 Log(("%s: IF=%d->%d IOPL=%d->%d !#\n", __FUNCTION__, \
79 !!(fDbgEFlags1 & X86_EFL_IF), !!(fDbgEFlags2 & X86_EFL_IF), \
80 X86_EFL_GET_IOPL(fDbgEFlags1), X86_EFL_GET_IOPL(fDbgEFlags2) )); \
81 else if (!(fDbgEFlags2 & X86_EFL_IF)) Log(("%s: IF=0 [ret] ##\n", __FUNCTION__)); \
82 } while (0)
83# define TRPM_ENTER_DBG_HOOK_HYPER(a_iVector) do {} while (0)
84# define TRPM_EXIT_DBG_HOOK_HYPER(a_iVector) do {} while (0)
85#endif
86
87
88/*********************************************************************************************************************************
89* Structures and Typedefs *
90*********************************************************************************************************************************/
91/** Pointer to a readonly hypervisor trap record. */
92typedef const struct TRPMGCHYPER *PCTRPMGCHYPER;
93
94/**
95 * A hypervisor trap record.
96 * This contains information about a handler for a instruction range.
97 *
98 * @remark This must match what TRPM_HANDLER outputs.
99 */
100typedef struct TRPMGCHYPER
101{
102 /** The start address. */
103 uintptr_t uStartEIP;
104 /** The end address. (exclusive)
105 * If NULL the it's only for the instruction at pvStartEIP. */
106 uintptr_t uEndEIP;
107 /**
108 * The handler.
109 *
110 * @returns VBox status code
111 * VINF_SUCCESS means we've handled the trap.
112 * Any other error code means returning to the host context.
113 * @param pVM The cross context VM structure.
114 * @param pRegFrame The register frame.
115 * @param uUser The user argument.
116 */
117 DECLRCCALLBACKMEMBER(int, pfnHandler, (PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser));
118 /** Whatever the handler desires to put here. */
119 uintptr_t uUser;
120} TRPMGCHYPER;
121
122
123/*********************************************************************************************************************************
124* Global Variables *
125*********************************************************************************************************************************/
126RT_C_DECLS_BEGIN
127/** Defined in VMMRC0.asm or VMMRC99.asm.
128 * @{ */
129extern const TRPMGCHYPER g_aTrap0bHandlers[1];
130extern const TRPMGCHYPER g_aTrap0bHandlersEnd[1];
131extern const TRPMGCHYPER g_aTrap0dHandlers[1];
132extern const TRPMGCHYPER g_aTrap0dHandlersEnd[1];
133extern const TRPMGCHYPER g_aTrap0eHandlers[1];
134extern const TRPMGCHYPER g_aTrap0eHandlersEnd[1];
135/** @} */
136RT_C_DECLS_END
137
138
139/*********************************************************************************************************************************
140* Internal Functions *
141*********************************************************************************************************************************/
142RT_C_DECLS_BEGIN /* addressed from asm (not called so no DECLASM). */
143DECLCALLBACK(int) trpmRCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser);
144RT_C_DECLS_END
145
146
147
148/**
149 * Exits the trap, called when exiting a trap handler.
150 *
151 * Will reset the trap if it's not a guest trap or the trap
152 * is already handled. Will process resume guest FFs.
153 *
154 * @returns rc, can be adjusted if its VINF_SUCCESS or something really bad
155 * happened.
156 * @param pVM The cross context VM structure.
157 * @param pVCpu The cross context virtual CPU structure.
158 * @param rc The VBox status code to return.
159 * @param pRegFrame Pointer to the register frame for the trap.
160 *
161 * @remarks This must not be used for hypervisor traps, only guest traps.
162 */
163static int trpmGCExitTrap(PVM pVM, PVMCPU pVCpu, int rc, PCPUMCTXCORE pRegFrame)
164{
165 uint32_t uOldActiveVector = pVCpu->trpm.s.uActiveVector;
166 NOREF(uOldActiveVector);
167
168 /* Reset trap? */
169 if ( rc != VINF_EM_RAW_GUEST_TRAP
170 && rc != VINF_EM_RAW_RING_SWITCH_INT)
171 pVCpu->trpm.s.uActiveVector = UINT32_MAX;
172
173#ifdef VBOX_HIGH_RES_TIMERS_HACK
174 /*
175 * We should poll the timers occasionally.
176 * We must *NOT* do this too frequently as it adds a significant overhead
177 * and it'll kill us if the trap load is high. (See @bugref{1354}.)
178 * (The heuristic is not very intelligent, we should really check trap
179 * frequency etc. here, but alas, we lack any such information atm.)
180 */
181 static unsigned s_iTimerPoll = 0;
182 if (rc == VINF_SUCCESS)
183 {
184 if (!(++s_iTimerPoll & 0xf))
185 {
186 TMTimerPollVoid(pVM, pVCpu);
187 Log2(("TMTimerPoll at %08RX32 - VM_FF_TM_VIRTUAL_SYNC=%d VM_FF_TM_VIRTUAL_SYNC=%d\n", pRegFrame->eip,
188 VM_FF_IS_PENDING(pVM, VM_FF_TM_VIRTUAL_SYNC), VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_TIMER)));
189 }
190 }
191 else
192 s_iTimerPoll = 0;
193#endif
194
195 /* Clear pending inhibit interrupt state if required. (necessary for dispatching interrupts later on) */
196 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
197 {
198 Log2(("VM_FF_INHIBIT_INTERRUPTS at %08RX32 successor %RGv\n", pRegFrame->eip, EMGetInhibitInterruptsPC(pVCpu)));
199 if (pRegFrame->eip != EMGetInhibitInterruptsPC(pVCpu))
200 {
201 /** @note we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here if the eip is the same as the inhibited instr address.
202 * Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
203 * force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
204 * break the guest. Sounds very unlikely, but such timing sensitive problem are not as rare as you might think.
205 */
206 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
207 }
208 }
209
210 /*
211 * Pending resume-guest-FF?
212 * Or pending (A)PIC interrupt? Windows XP will crash if we delay APIC interrupts.
213 */
214 if ( rc == VINF_SUCCESS
215 && ( VM_FF_IS_PENDING(pVM, VM_FF_TM_VIRTUAL_SYNC | VM_FF_REQUEST | VM_FF_PGM_NO_MEMORY | VM_FF_PDM_DMA)
216 || VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_TIMER | VMCPU_FF_TO_R3
217 | VMCPU_FF_UPDATE_APIC | VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC
218 | VMCPU_FF_REQUEST | VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
219 | VMCPU_FF_PDM_CRITSECT | VMCPU_FF_IEM | VMCPU_FF_SELM_SYNC_GDT
220 | VMCPU_FF_SELM_SYNC_LDT | VMCPU_FF_SELM_SYNC_TSS | VMCPU_FF_TRPM_SYNC_IDT
221 | VMCPU_FF_IOM | VMCPU_FF_CPUM
222 )
223 )
224 )
225 {
226 /* The out of memory condition naturally outranks the others. */
227 if (RT_UNLIKELY(VM_FF_IS_PENDING(pVM, VM_FF_PGM_NO_MEMORY)))
228 rc = VINF_EM_NO_MEMORY;
229 else
230 {
231#ifdef VBOX_WITH_NEW_APIC
232 /* APIC needs updating. */
233 if (VMCPU_FF_TEST_AND_CLEAR(pVCpu, VMCPU_FF_UPDATE_APIC))
234 APICUpdatePendingInterrupts(pVCpu);
235#endif
236 if (VMCPU_FF_TEST_AND_CLEAR(pVCpu, VMCPU_FF_CPUM))
237 CPUMRCProcessForceFlag(pVCpu);
238
239 /* Pending Ring-3 action. */
240 if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_TO_R3 | VMCPU_FF_PDM_CRITSECT | VMCPU_FF_IEM | VMCPU_FF_IOM))
241 {
242 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
243 rc = VINF_EM_RAW_TO_R3;
244 }
245 /* Pending timer action. */
246 else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_TIMER))
247 rc = VINF_EM_RAW_TIMER_PENDING;
248 /* The Virtual Sync clock has stopped. */
249 else if (VM_FF_IS_PENDING(pVM, VM_FF_TM_VIRTUAL_SYNC))
250 rc = VINF_EM_RAW_TO_R3;
251 /* DMA work pending? */
252 else if (VM_FF_IS_PENDING(pVM, VM_FF_PDM_DMA))
253 rc = VINF_EM_RAW_TO_R3;
254 /* Pending request packets might contain actions that need immediate
255 attention, such as pending hardware interrupts. */
256 else if ( VM_FF_IS_PENDING(pVM, VM_FF_REQUEST)
257 || VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_REQUEST))
258 rc = VINF_EM_PENDING_REQUEST;
259 /* Pending GDT/LDT/TSS sync. */
260 else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT | VMCPU_FF_SELM_SYNC_TSS))
261 rc = VINF_SELM_SYNC_GDT;
262 else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_TRPM_SYNC_IDT))
263 rc = VINF_EM_RAW_TO_R3;
264 /* Possibly pending interrupt: dispatch it. */
265 else if ( VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
266 && !VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
267 && PATMAreInterruptsEnabledByCtx(pVM, CPUMCTX_FROM_CORE(pRegFrame))
268 )
269 {
270 uint8_t u8Interrupt;
271 rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
272 Log(("trpmGCExitTrap: u8Interrupt=%d (%#x) rc=%Rrc\n", u8Interrupt, u8Interrupt, rc));
273 if (RT_SUCCESS(rc))
274 {
275 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)u8Interrupt, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_HARDWARE_INT, uOldActiveVector);
276 /* can't return if successful */
277 Assert(rc != VINF_SUCCESS);
278
279 /* Stop the profile counter that was started in TRPMRCHandlersA.asm */
280 Assert(uOldActiveVector <= 16);
281 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
282
283 /* Assert the trap and go to the recompiler to dispatch it. */
284 TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
285
286 STAM_PROFILE_ADV_START(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
287 rc = VINF_EM_RAW_INTERRUPT_PENDING;
288 }
289 else if ( rc == VERR_APIC_INTR_MASKED_BY_TPR /* Can happen if TPR is too high for the newly arrived interrupt. */
290 || rc == VERR_NO_DATA) /* Can happen if the APIC is disabled. */
291 {
292 STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
293 rc = VINF_SUCCESS;
294 }
295 else
296 AssertFatalMsgRC(rc, ("PDMGetInterrupt failed. rc=%Rrc\n", rc));
297 }
298 /*
299 * Try sync CR3?
300 */
301 else if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
302 {
303#if 1
304 PGMRZDynMapReleaseAutoSet(pVCpu);
305 PGMRZDynMapStartAutoSet(pVCpu);
306 rc = PGMSyncCR3(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR3(pVCpu), CPUMGetGuestCR4(pVCpu), VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
307#else
308 rc = VINF_PGM_SYNC_CR3;
309#endif
310 }
311 }
312 }
313
314 /* Note! TRPMRCHandlersA.asm performs sanity checks in debug builds.*/
315 PGMRZDynMapReleaseAutoSet(pVCpu);
316 return rc;
317}
318
319
320/**
321 * \#DB (Debug event) handler.
322 *
323 * @returns VBox status code.
324 * VINF_SUCCESS means we completely handled this trap,
325 * other codes are passed execution to host context.
326 *
327 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
328 * @param pRegFrame Pointer to the register frame for the trap.
329 * @internal
330 */
331DECLASM(int) TRPMGCTrap01Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
332{
333 RTGCUINTREG uDr6 = ASMGetAndClearDR6();
334 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
335 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
336 LogFlow(("TRPMGC01: cs:eip=%04x:%08x uDr6=%RTreg EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, uDr6, CPUMRawGetEFlags(pVCpu)));
337 TRPM_ENTER_DBG_HOOK(1);
338
339 /*
340 * We currently don't make use of the X86_DR7_GD bit, but
341 * there might come a time when we do.
342 */
343 AssertReleaseMsgReturn((uDr6 & X86_DR6_BD) != X86_DR6_BD,
344 ("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
345 ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6),
346 VERR_NOT_IMPLEMENTED);
347 AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
348
349 /*
350 * Now leave the rest to the DBGF.
351 */
352 PGMRZDynMapStartAutoSet(pVCpu);
353 int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6, false /*fAltStepping*/);
354 if (rc == VINF_EM_RAW_GUEST_TRAP)
355 {
356 CPUMSetGuestDR6(pVCpu, (CPUMGetGuestDR6(pVCpu) & ~X86_DR6_B_MASK) | uDr6);
357 if (CPUMGetGuestDR7(pVCpu) & X86_DR7_GD)
358 CPUMSetGuestDR7(pVCpu, CPUMGetGuestDR7(pVCpu) & ~X86_DR7_GD);
359 }
360 else if (rc == VINF_EM_DBG_STEPPED)
361 pRegFrame->eflags.Bits.u1TF = 0;
362
363 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
364 Log6(("TRPMGC01: %Rrc (%04x:%08x %RTreg EFlag=%#x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, uDr6, CPUMRawGetEFlags(pVCpu)));
365 TRPM_EXIT_DBG_HOOK(1);
366 return rc;
367}
368
369
370/**
371 * \#DB (Debug event) handler for the hypervisor code.
372 *
373 * This is mostly the same as TRPMGCTrap01Handler, but we skip the PGM auto
374 * mapping set as well as the default trap exit path since they are both really
375 * bad ideas in this context.
376 *
377 * @returns VBox status code.
378 * VINF_SUCCESS means we completely handled this trap,
379 * other codes are passed execution to host context.
380 *
381 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
382 * @param pRegFrame Pointer to the register frame for the trap.
383 * @internal
384 */
385DECLASM(int) TRPMGCHyperTrap01Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
386{
387 RTGCUINTREG uDr6 = ASMGetAndClearDR6();
388 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
389 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
390 TRPM_ENTER_DBG_HOOK_HYPER(1);
391 LogFlow(("TRPMGCHyper01: cs:eip=%04x:%08x uDr6=%RTreg\n", pRegFrame->cs.Sel, pRegFrame->eip, uDr6));
392
393 /*
394 * We currently don't make use of the X86_DR7_GD bit, but
395 * there might come a time when we do.
396 */
397 AssertReleaseMsgReturn((uDr6 & X86_DR6_BD) != X86_DR6_BD,
398 ("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
399 ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6),
400 VERR_NOT_IMPLEMENTED);
401 AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
402
403 /*
404 * Now leave the rest to the DBGF.
405 */
406 int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6, false /*fAltStepping*/);
407 AssertStmt(rc != VINF_EM_RAW_GUEST_TRAP, rc = VERR_TRPM_IPE_1);
408 if (rc == VINF_EM_DBG_STEPPED)
409 pRegFrame->eflags.Bits.u1TF = 0;
410
411 Log6(("TRPMGCHyper01: %Rrc (%04x:%08x %RTreg)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, uDr6));
412 TRPM_EXIT_DBG_HOOK_HYPER(1);
413 return rc;
414}
415
416
417/**
418 * NMI handler, for when we are using NMIs to debug things.
419 *
420 * @returns VBox status code.
421 * VINF_SUCCESS means we completely handled this trap,
422 * other codes are passed execution to host context.
423 *
424 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
425 * @param pRegFrame Pointer to the register frame for the trap.
426 * @internal
427 * @remark This is not hooked up unless you're building with VBOX_WITH_NMI defined.
428 */
429DECLASM(int) TRPMGCTrap02Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
430{
431 LogFlow(("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs.Sel, pRegFrame->eip));
432#if 0 /* Enable this iff you have a COM port and really want this debug info. */
433 RTLogComPrintf("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs.Sel, pRegFrame->eip);
434#endif
435 NOREF(pTrpmCpu);
436 return VERR_TRPM_DONT_PANIC;
437}
438
439
440/**
441 * NMI handler, for when we are using NMIs to debug things.
442 *
443 * This is the handler we're most likely to hit when the NMI fires (it is
444 * unlikely that we'll be stuck in guest code).
445 *
446 * @returns VBox status code.
447 * VINF_SUCCESS means we completely handled this trap,
448 * other codes are passed execution to host context.
449 *
450 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
451 * @param pRegFrame Pointer to the register frame for the trap.
452 * @internal
453 * @remark This is not hooked up unless you're building with VBOX_WITH_NMI defined.
454 */
455DECLASM(int) TRPMGCHyperTrap02Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
456{
457 LogFlow(("TRPMGCHyperTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs.Sel, pRegFrame->eip));
458#if 0 /* Enable this iff you have a COM port and really want this debug info. */
459 RTLogComPrintf("TRPMGCHyperTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs.Sel, pRegFrame->eip);
460#endif
461 NOREF(pTrpmCpu);
462 return VERR_TRPM_DONT_PANIC;
463}
464
465
466/**
467 * \#BP (Breakpoint) handler.
468 *
469 * @returns VBox status code.
470 * VINF_SUCCESS means we completely handled this trap,
471 * other codes are passed execution to host context.
472 *
473 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
474 * @param pRegFrame Pointer to the register frame for the trap.
475 * @internal
476 */
477DECLASM(int) TRPMGCTrap03Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
478{
479 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
480 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
481 int rc;
482 LogFlow(("TRPMGC03: %04x:%08x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
483 TRPM_ENTER_DBG_HOOK(3);
484 PGMRZDynMapStartAutoSet(pVCpu);
485
486 /*
487 * PATM is using INT3s, let them have a go first.
488 */
489 if ( ( (pRegFrame->ss.Sel & X86_SEL_RPL) == 1
490 || (EMIsRawRing1Enabled(pVM) && (pRegFrame->ss.Sel & X86_SEL_RPL) == 2) )
491 && !pRegFrame->eflags.Bits.u1VM)
492 {
493 rc = PATMRCHandleInt3PatchTrap(pVM, pRegFrame);
494 if ( rc == VINF_SUCCESS
495 || rc == VINF_EM_RESCHEDULE
496 || rc == VINF_EM_RAW_EMULATE_INSTR
497 || rc == VINF_PATM_PATCH_INT3
498 || rc == VINF_PATM_DUPLICATE_FUNCTION )
499 {
500 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
501 Log6(("TRPMGC03: %Rrc (%04x:%08x EFL=%x) (PATM)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
502 TRPM_EXIT_DBG_HOOK(3);
503 return rc;
504 }
505 }
506 rc = DBGFRZTrap03Handler(pVM, pVCpu, pRegFrame);
507
508 /* anything we should do with this? Schedule it in GC? */
509 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
510 Log6(("TRPMGC03: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
511 TRPM_EXIT_DBG_HOOK(3);
512 return rc;
513}
514
515
516/**
517 * \#BP (Breakpoint) handler.
518 *
519 * This is similar to TRPMGCTrap03Handler but we bits which are potentially
520 * harmful to us (common trap exit and the auto mapping set).
521 *
522 * @returns VBox status code.
523 * VINF_SUCCESS means we completely handled this trap,
524 * other codes are passed execution to host context.
525 *
526 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
527 * @param pRegFrame Pointer to the register frame for the trap.
528 * @internal
529 */
530DECLASM(int) TRPMGCHyperTrap03Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
531{
532 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
533 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
534 LogFlow(("TRPMGCHyper03: %04x:%08x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
535 TRPM_ENTER_DBG_HOOK_HYPER(3);
536
537 /*
538 * Hand it over to DBGF.
539 */
540 int rc = DBGFRZTrap03Handler(pVM, pVCpu, pRegFrame);
541 AssertStmt(rc != VINF_EM_RAW_GUEST_TRAP, rc = VERR_TRPM_IPE_2);
542
543 Log6(("TRPMGCHyper03: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
544 TRPM_EXIT_DBG_HOOK_HYPER(3);
545 return rc;
546}
547
548
549/**
550 * Trap handler for illegal opcode fault (\#UD).
551 *
552 * @returns VBox status code.
553 * VINF_SUCCESS means we completely handled this trap,
554 * other codes are passed execution to host context.
555 *
556 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
557 * @param pRegFrame Pointer to the register frame for the trap.
558 * @internal
559 */
560DECLASM(int) TRPMGCTrap06Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
561{
562 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
563 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
564 int rc;
565 LogFlow(("TRPMGC06: %04x:%08x EFL=%#x/%#x\n", pRegFrame->cs.Sel, pRegFrame->eip, pRegFrame->eflags.u32, CPUMRawGetEFlags(pVCpu)));
566 TRPM_ENTER_DBG_HOOK(6);
567 PGMRZDynMapStartAutoSet(pVCpu);
568
569 if (CPUMGetGuestCPL(pVCpu) <= (EMIsRawRing1Enabled(pVM) ? 1U : 0U))
570 {
571 /*
572 * Decode the instruction.
573 */
574 RTGCPTR PC;
575 rc = SELMValidateAndConvertCSAddr(pVCpu, pRegFrame->eflags, pRegFrame->ss.Sel, pRegFrame->cs.Sel, &pRegFrame->cs,
576 pRegFrame->rip, &PC);
577 if (RT_FAILURE(rc))
578 {
579 Log(("TRPMGCTrap06Handler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n", pRegFrame->cs.Sel, pRegFrame->eip, pRegFrame->ss.Sel & X86_SEL_RPL, rc));
580 rc = trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
581 Log6(("TRPMGC06: %Rrc (%04x:%08x EFL=%x) (SELM)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
582 TRPM_EXIT_DBG_HOOK(6);
583 return rc;
584 }
585
586 DISCPUSTATE Cpu;
587 uint32_t cbOp;
588 rc = EMInterpretDisasOneEx(pVM, pVCpu, (RTGCUINTPTR)PC, pRegFrame, &Cpu, &cbOp);
589 if (RT_FAILURE(rc))
590 {
591 rc = trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
592 Log6(("TRPMGC06: %Rrc (%04x:%08x EFL=%x) (EM)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
593 TRPM_EXIT_DBG_HOOK(6);
594 return rc;
595 }
596
597 /*
598 * UD2 in a patch?
599 * Note! PATMGCHandleIllegalInstrTrap doesn't always return.
600 */
601 if ( Cpu.pCurInstr->uOpcode == OP_ILLUD2
602 && PATMIsPatchGCAddr(pVM, pRegFrame->eip))
603 {
604 LogFlow(("TRPMGCTrap06Handler: -> PATMRCHandleIllegalInstrTrap\n"));
605 rc = PATMRCHandleIllegalInstrTrap(pVM, pRegFrame);
606 /** @todo These tests are completely unnecessary, should just follow the
607 * flow and return at the end of the function. */
608 if ( rc == VINF_SUCCESS
609 || rc == VINF_EM_RAW_EMULATE_INSTR
610 || rc == VINF_PATM_DUPLICATE_FUNCTION
611 || rc == VINF_PATM_PENDING_IRQ_AFTER_IRET
612 || rc == VINF_EM_RESCHEDULE)
613 {
614 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
615 Log6(("TRPMGC06: %Rrc (%04x:%08x EFL=%x) (PATM)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
616 TRPM_EXIT_DBG_HOOK(6);
617 return rc;
618 }
619 }
620 /*
621 * Speed up dtrace and don't entrust invalid lock sequences to the recompiler.
622 */
623 else if (Cpu.fPrefix & DISPREFIX_LOCK)
624 {
625 Log(("TRPMGCTrap06Handler: pc=%08x op=%d\n", pRegFrame->eip, Cpu.pCurInstr->uOpcode));
626#ifdef DTRACE_EXPERIMENT /** @todo fix/remove/permanent-enable this when DIS/PATM handles invalid lock sequences. */
627 Assert(!PATMIsPatchGCAddr(pVM, pRegFrame->eip));
628 rc = TRPMForwardTrap(pVCpu, pRegFrame, X86_XCPT_UD, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, X86_XCPT_UD);
629 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
630#else
631 rc = VINF_EM_RAW_EMULATE_INSTR;
632#endif
633 }
634 /*
635 * Handle MONITOR - it causes an #UD exception instead of #GP when not executed in ring 0.
636 */
637 else if (Cpu.pCurInstr->uOpcode == OP_MONITOR)
638 {
639 LogFlow(("TRPMGCTrap06Handler: -> EMInterpretInstructionCPU\n"));
640 rc = VBOXSTRICTRC_TODO(EMInterpretInstructionDisasState(pVCpu, &Cpu, pRegFrame, PC, EMCODETYPE_SUPERVISOR));
641 }
642 else if (GIMShouldTrapXcptUD(pVCpu))
643 {
644 LogFlow(("TRPMGCTrap06Handler: -> GIMXcptUD\n"));
645 rc = GIMXcptUD(pVCpu, CPUMCTX_FROM_CORE(pRegFrame), &Cpu);
646 if (RT_FAILURE(rc))
647 {
648 LogFlow(("TRPMGCTrap06Handler: -> GIMXcptUD -> VINF_EM_RAW_EMULATE_INSTR\n"));
649 rc = VINF_EM_RAW_EMULATE_INSTR;
650 }
651 }
652 /* Never generate a raw trap here; it might be an instruction, that requires emulation. */
653 else
654 {
655 LogFlow(("TRPMGCTrap06Handler: -> VINF_EM_RAW_EMULATE_INSTR\n"));
656 rc = VINF_EM_RAW_EMULATE_INSTR;
657 }
658 }
659 else
660 {
661 LogFlow(("TRPMGCTrap06Handler: -> TRPMForwardTrap\n"));
662 rc = TRPMForwardTrap(pVCpu, pRegFrame, X86_XCPT_UD, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, X86_XCPT_UD);
663 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
664 }
665
666 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
667 Log6(("TRPMGC06: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
668 TRPM_EXIT_DBG_HOOK(6);
669 return rc;
670}
671
672
673/**
674 * Trap handler for device not present fault (\#NM).
675 *
676 * Device not available, FP or (F)WAIT instruction.
677 *
678 * @returns VBox status code.
679 * VINF_SUCCESS means we completely handled this trap,
680 * other codes are passed execution to host context.
681 *
682 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
683 * @param pRegFrame Pointer to the register frame for the trap.
684 * @internal
685 */
686DECLASM(int) TRPMGCTrap07Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
687{
688 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
689 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
690 LogFlow(("TRPMGC07: %04x:%08x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
691 TRPM_ENTER_DBG_HOOK(7);
692 PGMRZDynMapStartAutoSet(pVCpu);
693
694 int rc = CPUMHandleLazyFPU(pVCpu);
695 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
696 Log6(("TRPMGC07: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
697 TRPM_EXIT_DBG_HOOK(7);
698 return rc;
699}
700
701
702/**
703 * \#NP ((segment) Not Present) handler.
704 *
705 * @returns VBox status code.
706 * VINF_SUCCESS means we completely handled this trap,
707 * other codes are passed execution to host context.
708 *
709 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
710 * @param pRegFrame Pointer to the register frame for the trap.
711 * @internal
712 */
713DECLASM(int) TRPMGCTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
714{
715 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
716 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
717 LogFlow(("TRPMGC0b: %04x:%08x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
718 TRPM_ENTER_DBG_HOOK(0xb);
719 PGMRZDynMapStartAutoSet(pVCpu);
720
721 /*
722 * Try to detect instruction by opcode which caused trap.
723 * XXX note: this code may cause \#PF (trap e) or \#GP (trap d) while
724 * accessing user code. need to handle it somehow in future!
725 */
726 RTGCPTR GCPtr;
727 if ( SELMValidateAndConvertCSAddr(pVCpu, pRegFrame->eflags, pRegFrame->ss.Sel, pRegFrame->cs.Sel, &pRegFrame->cs,
728 (RTGCPTR)pRegFrame->eip, &GCPtr)
729 == VINF_SUCCESS)
730 {
731 uint8_t *pu8Code = (uint8_t *)(uintptr_t)GCPtr;
732
733 /*
734 * First skip possible instruction prefixes, such as:
735 * OS, AS
736 * CS:, DS:, ES:, SS:, FS:, GS:
737 * REPE, REPNE
738 *
739 * note: Currently we supports only up to 4 prefixes per opcode, more
740 * prefixes (normally not used anyway) will cause trap d in guest.
741 * note: Instruction length in IA-32 may be up to 15 bytes, we dont
742 * check this issue, its too hard.
743 */
744 for (unsigned i = 0; i < 4; i++)
745 {
746 if ( pu8Code[0] != 0xf2 /* REPNE/REPNZ */
747 && pu8Code[0] != 0xf3 /* REP/REPE/REPZ */
748 && pu8Code[0] != 0x2e /* CS: */
749 && pu8Code[0] != 0x36 /* SS: */
750 && pu8Code[0] != 0x3e /* DS: */
751 && pu8Code[0] != 0x26 /* ES: */
752 && pu8Code[0] != 0x64 /* FS: */
753 && pu8Code[0] != 0x65 /* GS: */
754 && pu8Code[0] != 0x66 /* OS */
755 && pu8Code[0] != 0x67 /* AS */
756 )
757 break;
758 pu8Code++;
759 }
760
761 /*
762 * Detect right switch using a callgate.
763 *
764 * We recognize the following causes for the trap 0b:
765 * CALL FAR, CALL FAR []
766 * JMP FAR, JMP FAR []
767 * IRET (may cause a task switch)
768 *
769 * Note: we can't detect whether the trap was caused by a call to a
770 * callgate descriptor or it is a real trap 0b due to a bad selector.
771 * In both situations we'll pass execution to our recompiler so we don't
772 * have to worry.
773 * If we wanted to do better detection, we have set GDT entries to callgate
774 * descriptors pointing to our own handlers.
775 */
776 /** @todo not sure about IRET, may generate Trap 0d (\#GP), NEED TO CHECK! */
777 if ( pu8Code[0] == 0x9a /* CALL FAR */
778 || ( pu8Code[0] == 0xff /* CALL FAR [] */
779 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x18)
780 || pu8Code[0] == 0xea /* JMP FAR */
781 || ( pu8Code[0] == 0xff /* JMP FAR [] */
782 && (pu8Code[1] & X86_OPCODE_MODRM_REG_MASK) == 0x28)
783 || pu8Code[0] == 0xcf /* IRET */
784 )
785 {
786 /*
787 * Got potential call to callgate.
788 * We simply return execution to the recompiler to do emulation
789 * starting from the instruction which caused the trap.
790 */
791 pTrpmCpu->uActiveVector = UINT32_MAX;
792 Log6(("TRPMGC0b: %Rrc (%04x:%08x EFL=%x) (CG)\n", VINF_EM_RAW_RING_SWITCH, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
793 TRPM_EXIT_DBG_HOOK(0xb);
794 PGMRZDynMapReleaseAutoSet(pVCpu);
795 return VINF_EM_RAW_RING_SWITCH;
796 }
797 }
798
799 /*
800 * Pass trap 0b as is to the recompiler in all other cases.
801 */
802 Log6(("TRPMGC0b: %Rrc (%04x:%08x EFL=%x)\n", VINF_EM_RAW_GUEST_TRAP, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
803 PGMRZDynMapReleaseAutoSet(pVCpu);
804 TRPM_EXIT_DBG_HOOK(0xb);
805 return VINF_EM_RAW_GUEST_TRAP;
806}
807
808
809/**
810 * \#GP (General Protection Fault) handler for Ring-0 privileged instructions.
811 *
812 * @returns VBox status code.
813 * VINF_SUCCESS means we completely handled this trap,
814 * other codes are passed execution to host context.
815 *
816 * @param pVM The cross context VM structure.
817 * @param pVCpu The cross context virtual CPU structure.
818 * @param pRegFrame Pointer to the register frame for the trap.
819 * @param pCpu The opcode info.
820 * @param PC The program counter corresponding to cs:eip in pRegFrame.
821 */
822static int trpmGCTrap0dHandlerRing0(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
823{
824 int rc;
825 TRPM_ENTER_DBG_HOOK(0xd);
826
827 /*
828 * Try handle it here, if not return to HC and emulate/interpret it there.
829 */
830 switch (pCpu->pCurInstr->uOpcode)
831 {
832 case OP_INT3:
833 /*
834 * Little hack to make the code below not fail
835 */
836 pCpu->Param1.fUse = DISUSE_IMMEDIATE8;
837 pCpu->Param1.uValue = 3;
838 /* fallthru */
839 case OP_INT:
840 {
841 Assert(pCpu->Param1.fUse & DISUSE_IMMEDIATE8);
842 Assert(!(PATMIsPatchGCAddr(pVM, PC)));
843 if (pCpu->Param1.uValue == 3)
844 {
845 /* Int 3 replacement patch? */
846 if (PATMRCHandleInt3PatchTrap(pVM, pRegFrame) == VINF_SUCCESS)
847 {
848 AssertFailed();
849 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
850 }
851 }
852 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->Param1.uValue, pCpu->cbInstr, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
853 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
854 {
855 TRPM_EXIT_DBG_HOOK(0xd);
856 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
857 }
858
859 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
860 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
861 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
862 }
863
864#ifdef PATM_EMULATE_SYSENTER
865 case OP_SYSEXIT:
866 case OP_SYSRET:
867 rc = PATMSysCall(pVM, CPUMCTX_FROM_CORE(pRegFrame), pCpu);
868 TRPM_EXIT_DBG_HOOK(0xd);
869 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
870#endif
871
872 case OP_HLT:
873 /* If it's in patch code, defer to ring-3. */
874 if (PATMIsPatchGCAddr(pVM, PC))
875 break;
876
877 pRegFrame->eip += pCpu->cbInstr;
878 TRPM_EXIT_DBG_HOOK(0xd);
879 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_HALT, pRegFrame);
880
881
882 /*
883 * These instructions are used by PATM and CASM for finding
884 * dangerous non-trapping instructions. Thus, since all
885 * scanning and patching is done in ring-3 we'll have to
886 * return to ring-3 on the first encounter of these instructions.
887 */
888 case OP_MOV_CR:
889 case OP_MOV_DR:
890 /* We can safely emulate control/debug register move instructions in patched code. */
891 if ( !PATMIsPatchGCAddr(pVM, PC)
892 && !CSAMIsKnownDangerousInstr(pVM, PC))
893 break;
894 case OP_INVLPG:
895 case OP_LLDT:
896 case OP_STI:
897 case OP_RDTSC: /* just in case */
898 case OP_RDPMC:
899 case OP_CLTS:
900 case OP_WBINVD: /* nop */
901 case OP_RDMSR:
902 case OP_WRMSR:
903 {
904 rc = VBOXSTRICTRC_TODO(EMInterpretInstructionDisasState(pVCpu, pCpu, pRegFrame, PC, EMCODETYPE_SUPERVISOR));
905 if (rc == VERR_EM_INTERPRETER)
906 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
907 TRPM_EXIT_DBG_HOOK(0xd);
908 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
909 }
910 }
911
912 TRPM_EXIT_DBG_HOOK(0xd);
913 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EXCEPTION_PRIVILEGED, pRegFrame);
914}
915
916
917/**
918 * \#GP (General Protection Fault) handler for Ring-3.
919 *
920 * @returns VBox status code.
921 * VINF_SUCCESS means we completely handled this trap,
922 * other codes are passed execution to host context.
923 *
924 * @param pVM The cross context VM structure.
925 * @param pVCpu The cross context virtual CPU structure.
926 * @param pRegFrame Pointer to the register frame for the trap.
927 * @param pCpu The opcode info.
928 * @param PC The program counter corresponding to cs:eip in pRegFrame.
929 */
930static int trpmGCTrap0dHandlerRing3(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, RTGCPTR PC)
931{
932 int rc;
933 Assert(!pRegFrame->eflags.Bits.u1VM);
934 TRPM_ENTER_DBG_HOOK(0xd);
935
936 switch (pCpu->pCurInstr->uOpcode)
937 {
938 /*
939 * INT3 and INT xx are ring-switching.
940 * (The shadow IDT will have set the entries to DPL=0, that's why we're here.)
941 */
942 case OP_INT3:
943 /*
944 * Little hack to make the code below not fail
945 */
946 pCpu->Param1.fUse = DISUSE_IMMEDIATE8;
947 pCpu->Param1.uValue = 3;
948 /* fall thru */
949 case OP_INT:
950 {
951 Assert(pCpu->Param1.fUse & DISUSE_IMMEDIATE8);
952 rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)pCpu->Param1.uValue, pCpu->cbInstr, TRPM_TRAP_NO_ERRORCODE, TRPM_SOFTWARE_INT, 0xd);
953 if (RT_SUCCESS(rc) && rc != VINF_EM_RAW_GUEST_TRAP)
954 {
955 TRPM_EXIT_DBG_HOOK(0xd);
956 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
957 }
958
959 pVCpu->trpm.s.uActiveVector = (pVCpu->trpm.s.uActiveErrorCode & X86_TRAP_ERR_SEL_MASK) >> X86_TRAP_ERR_SEL_SHIFT;
960 pVCpu->trpm.s.enmActiveType = TRPM_SOFTWARE_INT;
961 TRPM_EXIT_DBG_HOOK(0xd);
962 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH_INT, pRegFrame);
963 }
964
965 /*
966 * SYSCALL, SYSENTER, INTO and BOUND are also ring-switchers.
967 */
968 case OP_SYSCALL:
969 case OP_SYSENTER:
970#ifdef PATM_EMULATE_SYSENTER
971 rc = PATMSysCall(pVM, CPUMCTX_FROM_CORE(pRegFrame), pCpu);
972 if (rc == VINF_SUCCESS)
973 {
974 TRPM_EXIT_DBG_HOOK(0xd);
975 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
976 }
977 /* else no break; */
978#endif
979 case OP_BOUND:
980 case OP_INTO:
981 pVCpu->trpm.s.uActiveVector = UINT32_MAX;
982 TRPM_EXIT_DBG_HOOK(0xd);
983 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_RING_SWITCH, pRegFrame);
984
985 /*
986 * Handle virtualized TSC & PMC reads, just in case.
987 */
988 case OP_RDTSC:
989 case OP_RDPMC:
990 {
991 rc = VBOXSTRICTRC_TODO(EMInterpretInstructionDisasState(pVCpu, pCpu, pRegFrame, PC, EMCODETYPE_SUPERVISOR));
992 if (rc == VERR_EM_INTERPRETER)
993 rc = VINF_EM_RAW_EXCEPTION_PRIVILEGED;
994 TRPM_EXIT_DBG_HOOK(0xd);
995 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
996 }
997
998 /*
999 * STI and CLI are I/O privileged, i.e. if IOPL
1000 */
1001 case OP_STI:
1002 case OP_CLI:
1003 {
1004 uint32_t efl = CPUMRawGetEFlags(pVCpu);
1005 uint32_t cpl = CPUMRCGetGuestCPL(pVCpu, pRegFrame);
1006 if (X86_EFL_GET_IOPL(efl) >= cpl)
1007 {
1008 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> REM\n"));
1009 TRPM_EXIT_DBG_HOOK(0xd);
1010 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RESCHEDULE_REM, pRegFrame);
1011 }
1012 LogFlow(("trpmGCTrap0dHandlerRing3: CLI/STI -> #GP(0) iopl=%x, cpl=%x\n", X86_EFL_GET_IOPL(efl), cpl));
1013 break;
1014 }
1015 }
1016
1017 /*
1018 * A genuine guest fault.
1019 */
1020 TRPM_EXIT_DBG_HOOK(0xd);
1021 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
1022}
1023
1024
1025/**
1026 * Emulates RDTSC for the \#GP handler.
1027 *
1028 * @returns VINF_SUCCESS or VINF_EM_RAW_EMULATE_INSTR.
1029 *
1030 * @param pVM The cross context VM structure.
1031 * @param pVCpu The cross context virtual CPU structure.
1032 * @param pRegFrame Pointer to the register frame for the trap.
1033 * This will be updated on successful return.
1034 */
1035DECLINLINE(int) trpmGCTrap0dHandlerRdTsc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
1036{
1037 STAM_COUNTER_INC(&pVM->trpm.s.StatTrap0dRdTsc);
1038 TRPM_ENTER_DBG_HOOK(0xd);
1039
1040 if (CPUMGetGuestCR4(pVCpu) & X86_CR4_TSD)
1041 {
1042 TRPM_EXIT_DBG_HOOK(0xd);
1043 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame); /* will trap (optimize later). */
1044 }
1045
1046 uint64_t uTicks = TMCpuTickGet(pVCpu);
1047 pRegFrame->eax = uTicks;
1048 pRegFrame->edx = uTicks >> 32;
1049 pRegFrame->eip += 2;
1050 TRPM_EXIT_DBG_HOOK(0xd);
1051 return trpmGCExitTrap(pVM, pVCpu, VINF_SUCCESS, pRegFrame);
1052}
1053
1054
1055/**
1056 * \#GP (General Protection Fault) handler.
1057 *
1058 * @returns VBox status code.
1059 * VINF_SUCCESS means we completely handled this trap,
1060 * other codes are passed execution to host context.
1061 *
1062 * @param pVM The cross context VM structure.
1063 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1064 * @param pRegFrame Pointer to the register frame for the trap.
1065 */
1066static int trpmGCTrap0dHandler(PVM pVM, PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1067{
1068 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
1069 LogFlow(("trpmGCTrap0dHandler: cs:eip=%RTsel:%08RX32 uErr=%RGv EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, pTrpmCpu->uActiveErrorCode, CPUMRawGetEFlags(pVCpu)));
1070 TRPM_ENTER_DBG_HOOK(0xd);
1071
1072 /*
1073 * Convert and validate CS.
1074 */
1075 STAM_PROFILE_START(&pVM->trpm.s.StatTrap0dDisasm, a);
1076 RTGCPTR PC;
1077 int rc = SELMValidateAndConvertCSAddr(pVCpu, pRegFrame->eflags, pRegFrame->ss.Sel, pRegFrame->cs.Sel, &pRegFrame->cs,
1078 pRegFrame->rip, &PC);
1079 if (RT_FAILURE(rc))
1080 {
1081 Log(("trpmGCTrap0dHandler: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Rrc !!\n",
1082 pRegFrame->cs.Sel, pRegFrame->eip, pRegFrame->ss.Sel & X86_SEL_RPL, rc));
1083 TRPM_EXIT_DBG_HOOK(0xd);
1084 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
1085 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
1086 }
1087
1088 /*
1089 * Disassemble the instruction.
1090 */
1091 DISCPUSTATE Cpu;
1092 uint32_t cbOp;
1093 rc = EMInterpretDisasOneEx(pVM, pVCpu, PC, pRegFrame, &Cpu, &cbOp);
1094 if (RT_FAILURE(rc))
1095 {
1096 AssertMsgFailed(("DISCoreOneEx failed to PC=%RGv rc=%Rrc\n", PC, rc));
1097 TRPM_EXIT_DBG_HOOK(0xd);
1098 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
1099 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
1100 }
1101 STAM_PROFILE_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
1102
1103 /*
1104 * Optimize RDTSC traps.
1105 * Some guests (like Solaris) are using RDTSC all over the place and
1106 * will end up trapping a *lot* because of that.
1107 *
1108 * Note: it's no longer safe to access the instruction opcode directly due to possible stale code TLB entries
1109 */
1110 if (Cpu.pCurInstr->uOpcode == OP_RDTSC)
1111 return trpmGCTrap0dHandlerRdTsc(pVM, pVCpu, pRegFrame);
1112
1113 /*
1114 * Deal with I/O port access.
1115 */
1116 if ( pVCpu->trpm.s.uActiveErrorCode == 0
1117 && (Cpu.pCurInstr->fOpType & DISOPTYPE_PORTIO))
1118 {
1119 VBOXSTRICTRC rcStrict = IOMRCIOPortHandler(pVM, pVCpu, pRegFrame, &Cpu);
1120 TRPM_EXIT_DBG_HOOK(0xd);
1121 return trpmGCExitTrap(pVM, pVCpu, VBOXSTRICTRC_TODO(rcStrict), pRegFrame);
1122 }
1123
1124 /*
1125 * Deal with Ring-0 (privileged instructions)
1126 */
1127 if ( (pRegFrame->ss.Sel & X86_SEL_RPL) <= 1
1128 && !pRegFrame->eflags.Bits.u1VM)
1129 return trpmGCTrap0dHandlerRing0(pVM, pVCpu, pRegFrame, &Cpu, PC);
1130
1131 /*
1132 * Deal with Ring-3 GPs.
1133 */
1134 if (!pRegFrame->eflags.Bits.u1VM)
1135 return trpmGCTrap0dHandlerRing3(pVM, pVCpu, pRegFrame, &Cpu, PC);
1136
1137 /*
1138 * Deal with v86 code.
1139 *
1140 * We always set IOPL to zero which makes e.g. pushf fault in V86
1141 * mode. The guest might use IOPL=3 and therefore not expect a #GP.
1142 * Simply fall back to the recompiler to emulate this instruction if
1143 * that's the case. To get the correct we must use CPUMRawGetEFlags.
1144 */
1145 X86EFLAGS eflags;
1146 eflags.u32 = CPUMRawGetEFlags(pVCpu); /* Get the correct value. */
1147 Log3(("TRPM #GP V86: cs:eip=%04x:%08x IOPL=%d efl=%08x\n", pRegFrame->cs.Sel, pRegFrame->eip, eflags.Bits.u2IOPL, eflags.u));
1148 if (eflags.Bits.u2IOPL != 3)
1149 {
1150 Assert(EMIsRawRing1Enabled(pVM) || eflags.Bits.u2IOPL == 0);
1151
1152 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xD, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xd);
1153 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
1154 TRPM_EXIT_DBG_HOOK(0xd);
1155 return trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
1156 }
1157 TRPM_EXIT_DBG_HOOK(0xd);
1158 return trpmGCExitTrap(pVM, pVCpu, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
1159}
1160
1161
1162/**
1163 * \#GP (General Protection Fault) handler.
1164 *
1165 * @returns VBox status code.
1166 * VINF_SUCCESS means we completely handled this trap,
1167 * other codes are passed execution to host context.
1168 *
1169 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1170 * @param pRegFrame Pointer to the register frame for the trap.
1171 * @internal
1172 */
1173DECLASM(int) TRPMGCTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1174{
1175 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
1176 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
1177 LogFlow(("TRPMGC0d: %04x:%08x err=%x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode, CPUMRawGetEFlags(pVCpu)));
1178 TRPM_ENTER_DBG_HOOK(0xd);
1179
1180 PGMRZDynMapStartAutoSet(pVCpu);
1181 int rc = trpmGCTrap0dHandler(pVM, pTrpmCpu, pRegFrame);
1182 switch (rc)
1183 {
1184 case VINF_EM_RAW_GUEST_TRAP:
1185 case VINF_EM_RAW_EXCEPTION_PRIVILEGED:
1186 if (PATMIsPatchGCAddr(pVM, pRegFrame->eip))
1187 rc = VINF_PATM_PATCH_TRAP_GP;
1188 break;
1189
1190 case VINF_EM_RAW_INTERRUPT_PENDING:
1191 Assert(TRPMHasTrap(pVCpu));
1192 /* no break; */
1193 case VINF_PGM_SYNC_CR3:
1194 case VINF_EM_RAW_EMULATE_INSTR:
1195 case VINF_IOM_R3_IOPORT_READ:
1196 case VINF_IOM_R3_IOPORT_WRITE:
1197 case VINF_IOM_R3_IOPORT_COMMIT_WRITE:
1198 case VINF_IOM_R3_MMIO_WRITE:
1199 case VINF_IOM_R3_MMIO_COMMIT_WRITE:
1200 case VINF_IOM_R3_MMIO_READ:
1201 case VINF_IOM_R3_MMIO_READ_WRITE:
1202 case VINF_CPUM_R3_MSR_READ:
1203 case VINF_CPUM_R3_MSR_WRITE:
1204 case VINF_PATM_PATCH_INT3:
1205 case VINF_EM_NO_MEMORY:
1206 case VINF_EM_RAW_TO_R3:
1207 case VINF_EM_RAW_TIMER_PENDING:
1208 case VINF_EM_PENDING_REQUEST:
1209 case VINF_EM_HALT:
1210 case VINF_SELM_SYNC_GDT:
1211 case VINF_SUCCESS:
1212 break;
1213
1214 default:
1215 AssertMsg(PATMIsPatchGCAddr(pVM, pRegFrame->eip) == false, ("return code %d\n", rc));
1216 break;
1217 }
1218 Log6(("TRPMGC0d: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
1219 TRPM_EXIT_DBG_HOOK(0xd);
1220 return rc;
1221}
1222
1223
1224/**
1225 * \#PF (Page Fault) handler.
1226 *
1227 * Calls PGM which does the actual handling.
1228 *
1229 *
1230 * @returns VBox status code.
1231 * VINF_SUCCESS means we completely handled this trap,
1232 * other codes are passed execution to host context.
1233 *
1234 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1235 * @param pRegFrame Pointer to the register frame for the trap.
1236 * @internal
1237 */
1238DECLASM(int) TRPMGCTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1239{
1240 PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
1241 PVMCPU pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
1242 LogFlow(("TRPMGC0e: %04x:%08x err=%x cr2=%08x EFL=%x\n", pRegFrame->cs.Sel, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode, (uint32_t)pVCpu->trpm.s.uActiveCR2, CPUMRawGetEFlags(pVCpu)));
1243 TRPM_ENTER_DBG_HOOK(0xe);
1244
1245 /*
1246 * This is all PGM stuff.
1247 */
1248 PGMRZDynMapStartAutoSet(pVCpu);
1249 int rc = PGMTrap0eHandler(pVCpu, pVCpu->trpm.s.uActiveErrorCode, pRegFrame, (RTGCPTR)pVCpu->trpm.s.uActiveCR2);
1250 switch (rc)
1251 {
1252 case VINF_EM_RAW_EMULATE_INSTR:
1253 case VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT:
1254 case VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT:
1255 case VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT:
1256 case VINF_EM_RAW_EMULATE_INSTR_IDT_FAULT:
1257 if (PATMIsPatchGCAddr(pVM, pRegFrame->eip))
1258 rc = VINF_PATCH_EMULATE_INSTR;
1259 break;
1260
1261 case VINF_EM_RAW_GUEST_TRAP:
1262 if (PATMIsPatchGCAddr(pVM, pRegFrame->eip))
1263 {
1264 PGMRZDynMapReleaseAutoSet(pVCpu);
1265 TRPM_EXIT_DBG_HOOK(0xe);
1266 return VINF_PATM_PATCH_TRAP_PF;
1267 }
1268
1269 rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xE, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xe);
1270 Assert(rc == VINF_EM_RAW_GUEST_TRAP);
1271 break;
1272
1273 case VINF_EM_RAW_INTERRUPT_PENDING:
1274 Assert(TRPMHasTrap(pVCpu));
1275 /* no break; */
1276 case VINF_IOM_R3_MMIO_READ:
1277 case VINF_IOM_R3_MMIO_WRITE:
1278 case VINF_IOM_R3_MMIO_COMMIT_WRITE:
1279 case VINF_IOM_R3_MMIO_READ_WRITE:
1280 case VINF_PATM_HC_MMIO_PATCH_READ:
1281 case VINF_PATM_HC_MMIO_PATCH_WRITE:
1282 case VINF_SUCCESS:
1283 case VINF_EM_RAW_TO_R3:
1284 case VINF_EM_PENDING_REQUEST:
1285 case VINF_EM_RAW_TIMER_PENDING:
1286 case VINF_EM_NO_MEMORY:
1287 case VINF_CSAM_PENDING_ACTION:
1288 case VINF_PGM_SYNC_CR3: /** @todo Check this with Sander. */
1289 break;
1290
1291 default:
1292 AssertMsg(PATMIsPatchGCAddr(pVM, pRegFrame->eip) == false, ("Patch address for return code %d. eip=%08x\n", rc, pRegFrame->eip));
1293 break;
1294 }
1295 rc = trpmGCExitTrap(pVM, pVCpu, rc, pRegFrame);
1296 Log6(("TRPMGC0e: %Rrc (%04x:%08x EFL=%x)\n", rc, pRegFrame->cs.Sel, pRegFrame->eip, CPUMRawGetEFlags(pVCpu)));
1297 TRPM_EXIT_DBG_HOOK(0xe);
1298 return rc;
1299}
1300
1301
1302/**
1303 * Scans for the EIP in the specified array of trap handlers.
1304 *
1305 * If we don't fine the EIP, we'll panic.
1306 *
1307 * @returns VBox status code.
1308 *
1309 * @param pVM The cross context VM structure.
1310 * @param pRegFrame Pointer to the register frame for the trap.
1311 * @param paHandlers The array of trap handler records.
1312 * @param pEndRecord The end record (exclusive).
1313 */
1314static int trpmGCHyperGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, PCTRPMGCHYPER paHandlers, PCTRPMGCHYPER pEndRecord)
1315{
1316 uintptr_t uEip = (uintptr_t)pRegFrame->eip;
1317 Assert(paHandlers <= pEndRecord);
1318
1319 Log(("trpmGCHyperGeneric: uEip=%x %p-%p\n", uEip, paHandlers, pEndRecord));
1320
1321#if 0 /// @todo later
1322 /*
1323 * Start by doing a kind of binary search.
1324 */
1325 unsigned iStart = 0;
1326 unsigned iEnd = pEndRecord - paHandlers;
1327 unsigned i = iEnd / 2;
1328#endif
1329
1330 /*
1331 * Do a linear search now (in case the array wasn't properly sorted).
1332 */
1333 for (PCTRPMGCHYPER pCur = paHandlers; pCur < pEndRecord; pCur++)
1334 {
1335 if ( pCur->uStartEIP <= uEip
1336 && (pCur->uEndEIP ? pCur->uEndEIP > uEip : pCur->uStartEIP == uEip))
1337 return pCur->pfnHandler(pVM, pRegFrame, pCur->uUser);
1338 }
1339
1340 return VERR_TRPM_DONT_PANIC;
1341}
1342
1343
1344/**
1345 * Hypervisor \#NP ((segment) Not Present) handler.
1346 *
1347 * Scans for the EIP in the registered trap handlers.
1348 *
1349 * @returns VBox status code.
1350 * VINF_SUCCESS means we completely handled this trap,
1351 * other codes are passed back to host context.
1352 *
1353 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1354 * @param pRegFrame Pointer to the register frame for the trap.
1355 * @internal
1356 */
1357DECLASM(int) TRPMGCHyperTrap0bHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1358{
1359 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0bHandlers, g_aTrap0bHandlersEnd);
1360}
1361
1362
1363/**
1364 * Hypervisor \#GP (General Protection Fault) handler.
1365 *
1366 * Scans for the EIP in the registered trap handlers.
1367 *
1368 * @returns VBox status code.
1369 * VINF_SUCCESS means we completely handled this trap,
1370 * other codes are passed back to host context.
1371 *
1372 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1373 * @param pRegFrame Pointer to the register frame for the trap.
1374 * @internal
1375 */
1376DECLASM(int) TRPMGCHyperTrap0dHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1377{
1378 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1379}
1380
1381
1382/**
1383 * Hypervisor \#PF (Page Fault) handler.
1384 *
1385 * Scans for the EIP in the registered trap handlers.
1386 *
1387 * @returns VBox status code.
1388 * VINF_SUCCESS means we completely handled this trap,
1389 * other codes are passed back to host context.
1390 *
1391 * @param pTrpmCpu Pointer to TRPMCPU data (within VM).
1392 * @param pRegFrame Pointer to the register frame for the trap.
1393 * @internal
1394 */
1395DECLASM(int) TRPMGCHyperTrap0eHandler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
1396{
1397 return trpmGCHyperGeneric(TRPMCPU_2_VM(pTrpmCpu), pRegFrame, g_aTrap0dHandlers, g_aTrap0dHandlersEnd);
1398}
1399
1400
1401/**
1402 * Deal with hypervisor traps occurring when resuming execution on a trap.
1403 *
1404 * There is a little problem with recursive RC (hypervisor) traps. We deal with
1405 * this by not allowing recursion without it being the subject of a guru
1406 * meditation. (We used to / tried to handle this but there isn't any reason
1407 * for it.)
1408 *
1409 * So, do NOT use this for handling RC traps!
1410 *
1411 * @returns VBox status code. (Anything but VINF_SUCCESS will cause guru.)
1412 * @param pVM The cross context VM structure.
1413 * @param pRegFrame Register frame.
1414 * @param uUser User arg.
1415 */
1416DECLCALLBACK(int) trpmRCTrapInGeneric(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser)
1417{
1418 Log(("********************************************************\n"));
1419 Log(("trpmRCTrapInGeneric: eip=%RX32 uUser=%#x\n", pRegFrame->eip, uUser));
1420 Log(("********************************************************\n"));
1421
1422 /*
1423 * This used to be kind of complicated, but since we stopped storing
1424 * the register frame on the stack and instead storing it directly
1425 * in the CPUMCPU::Guest structure, we just have to figure out which
1426 * status to hand on to the host and let the recompiler/IEM do its
1427 * job.
1428 */
1429 switch (uUser)
1430 {
1431 case TRPM_TRAP_IN_MOV_GS:
1432 case TRPM_TRAP_IN_MOV_FS:
1433 case TRPM_TRAP_IN_MOV_ES:
1434 case TRPM_TRAP_IN_MOV_DS:
1435 TRPMGCHyperReturnToHost(pVM, VINF_EM_RAW_STALE_SELECTOR);
1436 break;
1437
1438 case TRPM_TRAP_IN_IRET:
1439 case TRPM_TRAP_IN_IRET | TRPM_TRAP_IN_V86:
1440 TRPMGCHyperReturnToHost(pVM, VINF_EM_RAW_IRET_TRAP);
1441 break;
1442
1443 default:
1444 AssertMsgFailed(("Invalid uUser=%#x\n", uUser));
1445 return VERR_TRPM_BAD_TRAP_IN_OP;
1446 }
1447
1448 AssertMsgFailed(("Impossible!\n"));
1449 return VERR_TRPM_IPE_3;
1450}
1451
1452
1453/**
1454 * Generic hyper trap handler that sets the EIP to @a uUser.
1455 *
1456 * @returns VBox status code. (Anything but VINF_SUCCESS will cause guru.)
1457 * @param pVM The cross context VM structure.
1458 * @param pRegFrame Pointer to the register frame (within VM)
1459 * @param uUser The user arg, which should be the new EIP address.
1460 */
1461extern "C" DECLCALLBACK(int) TRPMRCTrapHyperHandlerSetEIP(PVM pVM, PCPUMCTXCORE pRegFrame, uintptr_t uUser)
1462{
1463 AssertReturn(MMHyperIsInsideArea(pVM, uUser), VERR_TRPM_IPE_3);
1464 pRegFrame->eip = uUser;
1465 return VINF_SUCCESS;
1466}
1467
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette