VirtualBox

source: vbox/trunk/src/VBox/VMM/include/PATMInternal.h@ 36219

Last change on this file since 36219 was 35348, checked in by vboxsync, 14 years ago

VMM reorg: Moving PATM to where the other VMM sources are.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 28.9 KB
Line 
1/* $Id: PATMInternal.h 35348 2010-12-27 16:35:23Z vboxsync $ */
2/** @file
3 * PATM - Internal header file.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18#ifndef ___PATMInternal_h
19#define ___PATMInternal_h
20
21#include <VBox/cdefs.h>
22#include <VBox/types.h>
23#include <VBox/vmm/patm.h>
24#include <VBox/vmm/stam.h>
25#include <VBox/dis.h>
26#include <VBox/vmm/pgm.h>
27#include <iprt/avl.h>
28#include <iprt/param.h>
29#include <VBox/log.h>
30
31
32
33#define PATM_SSM_VERSION 55
34#define PATM_SSM_VERSION_FIXUP_HACK 54
35#define PATM_SSM_VERSION_FIXUP_HACK 54
36#define PATM_SSM_VERSION_VER16 53
37
38/* Enable for call patching. */
39#define PATM_ENABLE_CALL
40#define PATCH_MEMORY_SIZE (2*1024*1024)
41#define MAX_PATCH_SIZE (1024*4)
42
43/*
44 * Internal patch type flags (starts at RT_BIT(11))
45 */
46
47#define PATMFL_CHECK_SIZE RT_BIT_64(11)
48#define PATMFL_FOUND_PATCHEND RT_BIT_64(12)
49#define PATMFL_SINGLE_INSTRUCTION RT_BIT_64(13)
50#define PATMFL_SYSENTER_XP RT_BIT_64(14)
51#define PATMFL_JUMP_CONFLICT RT_BIT_64(15)
52#define PATMFL_READ_ORIGINAL_BYTES RT_BIT_64(16) /** opcode might have already been patched */
53#define PATMFL_INT3_REPLACEMENT RT_BIT_64(17)
54#define PATMFL_SUPPORT_CALLS RT_BIT_64(18)
55#define PATMFL_SUPPORT_INDIRECT_CALLS RT_BIT_64(19)
56#define PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT RT_BIT_64(20) /** internal flag to avoid duplicate entrypoints */
57#define PATMFL_INHIBIT_IRQS RT_BIT_64(21) /** temporary internal flag */
58#define PATMFL_GENERATE_JUMPTOGUEST RT_BIT_64(22) /** temporary internal flag */
59#define PATMFL_RECOMPILE_NEXT RT_BIT_64(23) /** for recompilation of the next instruction */
60#define PATMFL_CODE_MONITORED RT_BIT_64(24) /** code pages of guest monitored for self-modifying code. */
61#define PATMFL_CALLABLE_AS_FUNCTION RT_BIT_64(25) /** cli and pushf blocks can be used as callable functions. */
62#define PATMFL_GLOBAL_FUNCTIONS RT_BIT_64(26) /** fake patch for global patm functions. */
63#define PATMFL_TRAMPOLINE RT_BIT_64(27) /** trampoline patch that clears PATM_INTERRUPTFLAG and jumps to patch destination */
64#define PATMFL_GENERATE_SETPIF RT_BIT_64(28) /** generate set PIF for the next instruction */
65#define PATMFL_INSTR_HINT RT_BIT_64(29) /** Generate patch, but don't activate it. */
66#define PATMFL_PATCHED_GUEST_CODE RT_BIT_64(30) /** Patched guest code. */
67#define PATMFL_MUST_INSTALL_PATCHJMP RT_BIT_64(31) /** Need to patch guest code in order to activate patch. */
68#define PATMFL_INT3_REPLACEMENT_BLOCK RT_BIT_64(32) /** int 3 replacement block */
69#define PATMFL_EXTERNAL_JUMP_INSIDE RT_BIT_64(33) /** A trampoline patch was created that jumps to an instruction in the patch block */
70#define PATMFL_CODE_REFERENCED RT_BIT_64(34) /** patch block referenced (called, jumped to) by another patch. */
71
72#define SIZEOF_NEARJUMP8 2 //opcode byte + 1 byte relative offset
73#define SIZEOF_NEARJUMP16 3 //opcode byte + 2 byte relative offset
74#define SIZEOF_NEARJUMP32 5 //opcode byte + 4 byte relative offset
75#define SIZEOF_NEAR_COND_JUMP32 6 //0xF + opcode byte + 4 byte relative offset
76
77#define MAX_INSTR_SIZE 16
78
79//Patch states
80#define PATCH_REFUSED 1
81#define PATCH_DISABLED 2
82#define PATCH_ENABLED 4
83#define PATCH_UNUSABLE 8
84#define PATCH_DIRTY 16
85#define PATCH_DISABLE_PENDING 32
86
87
88#define MAX_PATCH_TRAPS 4
89#define PATM_MAX_CALL_DEPTH 32
90/* Maximum nr of writes before a patch is marked dirty. (disabled) */
91#define PATM_MAX_CODE_WRITES 32
92/* Maximum nr of invalid writes before a patch is disabled. */
93#define PATM_MAX_INVALID_WRITES 16384
94
95#define FIXUP_ABSOLUTE 0
96#define FIXUP_REL_JMPTOPATCH 1
97#define FIXUP_REL_JMPTOGUEST 2
98
99#define PATM_ILLEGAL_DESTINATION 0xDEADBEEF
100
101/** Size of the instruction that's used for requests from patch code (currently only call) */
102#define PATM_ILLEGAL_INSTR_SIZE 2
103
104
105/** No statistics counter index allocated just yet */
106#define PATM_STAT_INDEX_NONE (uint32_t)-1
107/** Dummy counter to handle overflows */
108#define PATM_STAT_INDEX_DUMMY 0
109#define PATM_STAT_INDEX_IS_VALID(a) (a != PATM_STAT_INDEX_DUMMY && a != PATM_STAT_INDEX_NONE)
110
111#ifdef VBOX_WITH_STATISTICS
112#define PATM_STAT_RUN_INC(pPatch) \
113 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
114 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32A++;
115#define PATM_STAT_FAULT_INC(pPatch) \
116 if (PATM_STAT_INDEX_IS_VALID((pPatch)->uPatchIdx)) \
117 CTXSUFF(pVM->patm.s.pStats)[(pPatch)->uPatchIdx].u32B++;
118#else
119#define PATM_STAT_RUN_INC(pPatch) do { } while (0)
120#define PATM_STAT_FAULT_INC(pPatch) do { } while (0)
121#endif
122
123/** Maximum number of stat counters. */
124#define PATM_STAT_MAX_COUNTERS 1024
125/** Size of memory allocated for patch statistics. */
126#define PATM_STAT_MEMSIZE (PATM_STAT_MAX_COUNTERS*sizeof(STAMRATIOU32))
127
128/** aCpus[0].fLocalForcedActions fixup (must be uneven to avoid theoretical clashes with valid pointers) */
129#define PATM_FIXUP_CPU_FF_ACTION 0xffffff01
130/** default cpuid pointer fixup */
131#define PATM_FIXUP_CPUID_DEFAULT 0xffffff03
132/** standard cpuid pointer fixup */
133#define PATM_FIXUP_CPUID_STANDARD 0xffffff05
134/** extended cpuid pointer fixup */
135#define PATM_FIXUP_CPUID_EXTENDED 0xffffff07
136/** centaur cpuid pointer fixup */
137#define PATM_FIXUP_CPUID_CENTAUR 0xffffff09
138
139typedef struct
140{
141 /** The key is a HC virtual address. */
142 AVLPVNODECORE Core;
143
144 uint32_t uType;
145 R3PTRTYPE(uint8_t *) pRelocPos;
146 RTRCPTR pSource;
147 RTRCPTR pDest;
148} RELOCREC, *PRELOCREC;
149
150/* forward decl */
151struct _PATCHINFO;
152
153/* Cache record for guest to host pointer conversions. */
154typedef struct
155{
156 R3PTRTYPE(uint8_t *) pPageLocStartHC;
157 RCPTRTYPE(uint8_t *) pGuestLoc;
158 R3PTRTYPE(void *) pPatch;
159 PGMPAGEMAPLOCK Lock;
160} PATMP2GLOOKUPREC, *PPATMP2GLOOKUPREC;
161
162/* Obsolete; do not use. */
163typedef struct
164{
165 R3PTRTYPE(uint8_t *) pPatchLocStartHC;
166 R3PTRTYPE(uint8_t *) pPatchLocEndHC;
167 RCPTRTYPE(uint8_t *) pGuestLoc;
168 uint32_t opsize;
169} PATMP2GLOOKUPREC_OBSOLETE;
170
171typedef struct
172{
173 /** The key is a pointer to a JUMPREC structure. */
174 AVLPVNODECORE Core;
175
176 R3PTRTYPE(uint8_t *) pJumpHC;
177 RCPTRTYPE(uint8_t *) pTargetGC;
178 uint32_t offDispl;
179 uint32_t opcode;
180} JUMPREC, *PJUMPREC;
181
182/**
183 * Patch to guest lookup type (single or both direction)
184 */
185typedef enum
186{
187 PATM_LOOKUP_PATCH2GUEST, /* patch to guest */
188 PATM_LOOKUP_BOTHDIR /* guest to patch + patch to guest */
189} PATM_LOOKUP_TYPE;
190
191/**
192 * Patch to guest address lookup record
193 */
194typedef struct RECPATCHTOGUEST
195{
196 /** The key is an offset inside the patch memory block. */
197 AVLU32NODECORE Core;
198
199 RTRCPTR pOrgInstrGC;
200 PATM_LOOKUP_TYPE enmType;
201 bool fDirty;
202 bool fJumpTarget;
203 uint8_t u8DirtyOpcode; /* original opcode before writing 0xCC there to mark it dirty */
204} RECPATCHTOGUEST, *PRECPATCHTOGUEST;
205
206/**
207 * Guest to patch address lookup record
208 */
209typedef struct RECGUESTTOPATCH
210{
211 /** The key is a GC virtual address. */
212 AVLU32NODECORE Core;
213
214 /** Patch offset (relative to PATM::pPatchMemGC / PATM::pPatchMemHC). */
215 uint32_t PatchOffset;
216} RECGUESTTOPATCH, *PRECGUESTTOPATCH;
217
218/**
219 * Temporary information used in ring 3 only; no need to waste memory in the patch record itself.
220 */
221typedef struct
222{
223 /* Temporary tree for storing the addresses of illegal instructions. */
224 R3PTRTYPE(PAVLPVNODECORE) IllegalInstrTree;
225 uint32_t nrIllegalInstr;
226
227 int32_t nrJumps;
228 uint32_t nrRetInstr;
229
230 /* Temporary tree of encountered jumps. (debug only) */
231 R3PTRTYPE(PAVLPVNODECORE) DisasmJumpTree;
232
233 int32_t nrCalls;
234
235 /** Last original guest instruction pointer; used for disassembly log. */
236 RTRCPTR pLastDisasmInstrGC;
237
238 /** Keeping track of multiple ret instructions. */
239 RTRCPTR pPatchRetInstrGC;
240 uint32_t uPatchRetParam1;
241} PATCHINFOTEMP, *PPATCHINFOTEMP;
242
243typedef struct _PATCHINFO
244{
245 uint32_t uState;
246 uint32_t uOldState;
247 DISCPUMODE uOpMode;
248
249 /* GC pointer of privileged instruction */
250 RCPTRTYPE(uint8_t *) pPrivInstrGC;
251 R3PTRTYPE(uint8_t *) unusedHC; /* todo Can't remove due to structure size dependencies in saved states. */
252 uint8_t aPrivInstr[MAX_INSTR_SIZE];
253 uint32_t cbPrivInstr;
254 uint32_t opcode; //opcode for priv instr (OP_*)
255 uint32_t cbPatchJump; //patch jump size
256
257 /* Only valid for PATMFL_JUMP_CONFLICT patches */
258 RTRCPTR pPatchJumpDestGC;
259
260 RTGCUINTPTR32 pPatchBlockOffset;
261 uint32_t cbPatchBlockSize;
262 uint32_t uCurPatchOffset;
263#if HC_ARCH_BITS == 64
264 uint32_t Alignment0; /**< Align flags correctly. */
265#endif
266
267 uint64_t flags;
268
269 /**
270 * Lowest and highest patched GC instruction address. To optimize searches.
271 */
272 RTRCPTR pInstrGCLowest;
273 RTRCPTR pInstrGCHighest;
274
275 /* Tree of fixup records for the patch. */
276 R3PTRTYPE(PAVLPVNODECORE) FixupTree;
277 uint32_t nrFixups;
278
279 /* Tree of jumps inside the generated patch code. */
280 uint32_t nrJumpRecs;
281 R3PTRTYPE(PAVLPVNODECORE) JumpTree;
282
283 /**
284 * Lookup trees for determining the corresponding guest address of an
285 * instruction in the patch block.
286 */
287 R3PTRTYPE(PAVLU32NODECORE) Patch2GuestAddrTree;
288 R3PTRTYPE(PAVLU32NODECORE) Guest2PatchAddrTree;
289 uint32_t nrPatch2GuestRecs;
290#if HC_ARCH_BITS == 64
291 uint32_t Alignment1;
292#endif
293
294 /* Unused, but can't remove due to structure size dependencies in the saved state. */
295 PATMP2GLOOKUPREC_OBSOLETE unused;
296
297 /* Temporary information during patch creation. Don't waste hypervisor memory for this. */
298 R3PTRTYPE(PPATCHINFOTEMP) pTempInfo;
299
300 /* Count the number of writes to the corresponding guest code. */
301 uint32_t cCodeWrites;
302
303 /* Count the number of invalid writes to pages monitored for the patch. */
304 //some statistics to determine if we should keep this patch activated
305 uint32_t cTraps;
306
307 uint32_t cInvalidWrites;
308
309 // Index into the uPatchRun and uPatchTrap arrays (0..MAX_PATCHES-1)
310 uint32_t uPatchIdx;
311
312 /* First opcode byte, that's overwritten when a patch is marked dirty. */
313 uint8_t bDirtyOpcode;
314 uint8_t Alignment2[7]; /**< Align the structure size on a 8-byte boundary. */
315} PATCHINFO, *PPATCHINFO;
316
317#define PATCHCODE_PTR_GC(pPatch) (RTRCPTR) (pVM->patm.s.pPatchMemGC + (pPatch)->pPatchBlockOffset)
318#define PATCHCODE_PTR_HC(pPatch) (uint8_t *)(pVM->patm.s.pPatchMemHC + (pPatch)->pPatchBlockOffset)
319
320/**
321 * Lookup record for patches
322 */
323typedef struct PATMPATCHREC
324{
325 /** The key is a GC virtual address. */
326 AVLOU32NODECORE Core;
327 /** The key is a patch offset. */
328 AVLOU32NODECORE CoreOffset;
329
330 PATCHINFO patch;
331} PATMPATCHREC, *PPATMPATCHREC;
332
333/** Increment for allocating room for pointer array */
334#define PATMPATCHPAGE_PREALLOC_INCREMENT 16
335
336/**
337 * Lookup record for patch pages
338 */
339typedef struct PATMPATCHPAGE
340{
341 /** The key is a GC virtual address. */
342 AVLOU32NODECORE Core;
343 /** Region to monitor. */
344 RTRCPTR pLowestAddrGC;
345 RTRCPTR pHighestAddrGC;
346 /** Number of patches for this page. */
347 uint32_t cCount;
348 /** Maximum nr of pointers in the array. */
349 uint32_t cMaxPatches;
350 /** Array of patch pointers for this page. */
351 R3PTRTYPE(PPATCHINFO *) aPatch;
352} PATMPATCHPAGE, *PPATMPATCHPAGE;
353
354#define PATM_PATCHREC_FROM_COREOFFSET(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, CoreOffset))
355#define PATM_PATCHREC_FROM_PATCHINFO(a) (PPATMPATCHREC)((uintptr_t)a - RT_OFFSETOF(PATMPATCHREC, patch))
356
357typedef struct PATMTREES
358{
359 /**
360 * AVL tree with all patches (active or disabled) sorted by guest instruction address
361 */
362 AVLOU32TREE PatchTree;
363
364 /**
365 * AVL tree with all patches sorted by patch address (offset actually)
366 */
367 AVLOU32TREE PatchTreeByPatchAddr;
368
369 /**
370 * AVL tree with all pages which were (partly) patched
371 */
372 AVLOU32TREE PatchTreeByPage;
373
374 uint32_t align[1];
375} PATMTREES, *PPATMTREES;
376
377/**
378 * PATM VM Instance data.
379 * Changes to this must checked against the padding of the patm union in VM!
380 */
381typedef struct PATM
382{
383 /** Offset to the VM structure.
384 * See PATM2VM(). */
385 RTINT offVM;
386
387 RCPTRTYPE(uint8_t *) pPatchMemGC;
388 R3PTRTYPE(uint8_t *) pPatchMemHC;
389 uint32_t cbPatchMem;
390 uint32_t offPatchMem;
391 bool fOutOfMemory;
392
393 int32_t deltaReloc;
394
395 /* GC PATM state pointers */
396 R3PTRTYPE(PPATMGCSTATE) pGCStateHC;
397 RCPTRTYPE(PPATMGCSTATE) pGCStateGC;
398
399 /** PATM stack page for call instruction execution. (2 parts: one for our private stack and one to store the original return address */
400 RCPTRTYPE(RTRCPTR *) pGCStackGC;
401 R3PTRTYPE(RTRCPTR *) pGCStackHC;
402
403 /** GC pointer to CPUMCTX structure. */
404 RCPTRTYPE(PCPUMCTX) pCPUMCtxGC;
405
406 /* GC statistics pointers */
407 RCPTRTYPE(PSTAMRATIOU32) pStatsGC;
408 R3PTRTYPE(PSTAMRATIOU32) pStatsHC;
409
410 /* Current free index value (uPatchRun/uPatchTrap arrays). */
411 uint32_t uCurrentPatchIdx;
412
413 /* Temporary counter for patch installation call depth. (in order not to go on forever) */
414 uint32_t ulCallDepth;
415
416 /** Number of page lookup records. */
417 uint32_t cPageRecords;
418
419 /**
420 * Lowest and highest patched GC instruction addresses. To optimize searches.
421 */
422 RTRCPTR pPatchedInstrGCLowest;
423 RTRCPTR pPatchedInstrGCHighest;
424
425 /** Pointer to the patch tree for instructions replaced by 'int 3'. */
426 RCPTRTYPE(PPATMTREES) PatchLookupTreeGC;
427 R3PTRTYPE(PPATMTREES) PatchLookupTreeHC;
428
429 /** Global PATM lookup and call function (used by call patches). */
430 RTRCPTR pfnHelperCallGC;
431 /** Global PATM return function (used by ret patches). */
432 RTRCPTR pfnHelperRetGC;
433 /** Global PATM jump function (used by indirect jmp patches). */
434 RTRCPTR pfnHelperJumpGC;
435 /** Global PATM return function (used by iret patches). */
436 RTRCPTR pfnHelperIretGC;
437
438 /** Fake patch record for global functions. */
439 R3PTRTYPE(PPATMPATCHREC) pGlobalPatchRec;
440
441 /** Pointer to original sysenter handler */
442 RTRCPTR pfnSysEnterGC;
443 /** Pointer to sysenter handler trampoline */
444 RTRCPTR pfnSysEnterPatchGC;
445 /** Sysenter patch index (for stats only) */
446 uint32_t uSysEnterPatchIdx;
447
448 // GC address of fault in monitored page (set by PATMGCMonitorPage, used by PATMR3HandleMonitoredPage)
449 RTRCPTR pvFaultMonitor;
450
451 /* Temporary information for pending MMIO patch. Set in GC or R0 context. */
452 struct
453 {
454 RTGCPHYS GCPhys;
455 RTRCPTR pCachedData;
456 RTRCPTR Alignment0; /**< Align the structure size on a 8-byte boundary. */
457 } mmio;
458
459 /* Temporary storage during load/save state */
460 struct
461 {
462 R3PTRTYPE(PSSMHANDLE) pSSM;
463 uint32_t cPatches;
464#if HC_ARCH_BITS == 64
465 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundary. */
466#endif
467 } savedstate;
468
469 STAMCOUNTER StatNrOpcodeRead;
470 STAMCOUNTER StatDisabled;
471 STAMCOUNTER StatUnusable;
472 STAMCOUNTER StatEnabled;
473 STAMCOUNTER StatInstalled;
474 STAMCOUNTER StatInstalledFunctionPatches;
475 STAMCOUNTER StatInstalledTrampoline;
476 STAMCOUNTER StatInstalledJump;
477 STAMCOUNTER StatInt3Callable;
478 STAMCOUNTER StatInt3BlockRun;
479 STAMCOUNTER StatOverwritten;
480 STAMCOUNTER StatFixedConflicts;
481 STAMCOUNTER StatFlushed;
482 STAMCOUNTER StatPageBoundaryCrossed;
483 STAMCOUNTER StatMonitored;
484 STAMPROFILEADV StatHandleTrap;
485 STAMCOUNTER StatSwitchBack;
486 STAMCOUNTER StatSwitchBackFail;
487 STAMCOUNTER StatPATMMemoryUsed;
488 STAMCOUNTER StatDuplicateREQSuccess;
489 STAMCOUNTER StatDuplicateREQFailed;
490 STAMCOUNTER StatDuplicateUseExisting;
491 STAMCOUNTER StatFunctionFound;
492 STAMCOUNTER StatFunctionNotFound;
493 STAMPROFILEADV StatPatchWrite;
494 STAMPROFILEADV StatPatchWriteDetect;
495 STAMCOUNTER StatDirty;
496 STAMCOUNTER StatPushTrap;
497 STAMCOUNTER StatPatchWriteInterpreted;
498 STAMCOUNTER StatPatchWriteInterpretedFailed;
499
500 STAMCOUNTER StatSysEnter;
501 STAMCOUNTER StatSysExit;
502 STAMCOUNTER StatEmulIret;
503 STAMCOUNTER StatEmulIretFailed;
504
505 STAMCOUNTER StatInstrDirty;
506 STAMCOUNTER StatInstrDirtyGood;
507 STAMCOUNTER StatInstrDirtyBad;
508
509 STAMCOUNTER StatPatchPageInserted;
510 STAMCOUNTER StatPatchPageRemoved;
511
512 STAMCOUNTER StatPatchRefreshSuccess;
513 STAMCOUNTER StatPatchRefreshFailed;
514
515 STAMCOUNTER StatGenRet;
516 STAMCOUNTER StatGenRetReused;
517 STAMCOUNTER StatGenJump;
518 STAMCOUNTER StatGenCall;
519 STAMCOUNTER StatGenPopf;
520
521 STAMCOUNTER StatCheckPendingIRQ;
522
523 STAMCOUNTER StatFunctionLookupReplace;
524 STAMCOUNTER StatFunctionLookupInsert;
525 uint32_t StatU32FunctionMaxSlotsUsed;
526 uint32_t Alignment0; /**< Align the structure size on a 8-byte boundary. */
527} PATM, *PPATM;
528
529
530
531DECLCALLBACK(int) patmVirtPageHandler(PVM pVM, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser);
532
533DECLCALLBACK(int) patmR3Save(PVM pVM, PSSMHANDLE pSSM);
534DECLCALLBACK(int) patmR3Load(PVM pVM, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass);
535
536#ifdef IN_RING3
537RTRCPTR patmPatchGCPtr2GuestGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t *) pPatchGC);
538RTRCPTR patmGuestGCPtrToPatchGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t*) pInstrGC);
539RTRCPTR patmGuestGCPtrToClosestPatchGCPtr(PVM pVM, PPATCHINFO pPatch, RCPTRTYPE(uint8_t*) pInstrGC);
540#endif
541
542/* Add a patch to guest lookup record
543 *
544 * @param pVM The VM to operate on.
545 * @param pPatch Patch structure ptr
546 * @param pPatchInstrHC Guest context pointer to patch block
547 * @param pInstrGC Guest context pointer to privileged instruction
548 * @param enmType Lookup type
549 * @param fDirty Dirty flag
550 *
551 */
552void patmr3AddP2GLookupRecord(PVM pVM, PPATCHINFO pPatch, uint8_t *pPatchInstrHC, RTRCPTR pInstrGC, PATM_LOOKUP_TYPE enmType, bool fDirty=false);
553
554/**
555 * Insert page records for all guest pages that contain instructions that were recompiled for this patch
556 *
557 * @returns VBox status code.
558 * @param pVM The VM to operate on.
559 * @param pPatch Patch record
560 */
561int patmInsertPatchPages(PVM pVM, PPATCHINFO pPatch);
562
563/**
564 * Remove page records for all guest pages that contain instructions that were recompiled for this patch
565 *
566 * @returns VBox status code.
567 * @param pVM The VM to operate on.
568 * @param pPatch Patch record
569 */
570int patmRemovePatchPages(PVM pVM, PPATCHINFO pPatch);
571
572/**
573 * Returns the GC address of the corresponding patch statistics counter
574 *
575 * @returns Stat address
576 * @param pVM The VM to operate on.
577 * @param pPatch Patch structure
578 */
579RTRCPTR patmPatchQueryStatAddress(PVM pVM, PPATCHINFO pPatch);
580
581/**
582 * Remove patch for privileged instruction at specified location
583 *
584 * @returns VBox status code.
585 * @param pVM The VM to operate on.
586 * @param pPatchRec Patch record
587 * @param fForceRemove Remove *all* patches
588 */
589int PATMRemovePatch(PVM pVM, PPATMPATCHREC pPatchRec, bool fForceRemove);
590
591/**
592 * Call for analysing the instructions following the privileged instr. for compliance with our heuristics
593 *
594 * @returns VBox status code.
595 * @param pVM The VM to operate on.
596 * @param pCpu CPU disassembly state
597 * @param pInstrHC Guest context pointer to privileged instruction
598 * @param pCurInstrHC Guest context pointer to current instruction
599 * @param pCacheRec Cache record ptr
600 *
601 */
602typedef int (VBOXCALL *PFN_PATMR3ANALYSE)(PVM pVM, DISCPUSTATE *pCpu, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, PPATMP2GLOOKUPREC pCacheRec);
603
604/**
605 * Install guest OS specific patch
606 *
607 * @returns VBox status code.
608 * @param pVM The VM to operate on
609 * @param pCpu Disassembly state of instruction.
610 * @param pInstrGC GC Instruction pointer for instruction
611 * @param pInstrHC GC Instruction pointer for instruction
612 * @param pPatchRec Patch structure
613 *
614 */
615int PATMInstallGuestSpecificPatch(PVM pVM, PDISCPUSTATE pCpu, RTRCPTR pInstrGC, uint8_t *pInstrHC, PPATMPATCHREC pPatchRec);
616
617
618/**
619 * Check if the instruction is patched as a duplicated function
620 *
621 * @returns patch record
622 * @param pVM The VM to operate on.
623 * @param pInstrGC Guest context point to the instruction
624 *
625 */
626VMMDECL(PPATMPATCHREC) PATMQueryFunctionPatch(PVM pVM, RTRCPTR pInstrGC);
627
628
629/**
630 * Empty the specified tree (PV tree, MMR3 heap)
631 *
632 * @param pVM The VM to operate on.
633 * @param ppTree Tree to empty
634 */
635void patmEmptyTree(PVM pVM, PPAVLPVNODECORE ppTree);
636
637
638/**
639 * Empty the specified tree (U32 tree, MMR3 heap)
640 *
641 * @param pVM The VM to operate on.
642 * @param ppTree Tree to empty
643 */
644void patmEmptyTreeU32(PVM pVM, PPAVLU32NODECORE ppTree);
645
646
647/**
648 * Return the name of the patched instruction
649 *
650 * @returns instruction name
651 *
652 * @param opcode DIS instruction opcode
653 * @param fPatchFlags Patch flags
654 */
655VMMDECL(const char *) patmGetInstructionString(uint32_t opcode, uint32_t fPatchFlags);
656
657
658/**
659 * Read callback for disassembly function; supports reading bytes that cross a page boundary
660 *
661 * @returns VBox status code.
662 * @param pSrc GC source pointer
663 * @param pDest HC destination pointer
664 * @param size Number of bytes to read
665 * @param pvUserdata Callback specific user data (pCpu)
666 *
667 */
668int patmReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata);
669
670
671#ifndef IN_RC
672
673#define PATMREAD_RAWCODE 1 /* read code as-is */
674#define PATMREAD_ORGCODE 2 /* read original guest opcode bytes; not the patched bytes */
675#define PATMREAD_NOCHECK 4 /* don't check for patch conflicts */
676
677/*
678 * Private structure used during disassembly
679 */
680typedef struct
681{
682 PVM pVM;
683 PPATCHINFO pPatchInfo;
684 R3PTRTYPE(uint8_t *) pInstrHC;
685 RTRCPTR pInstrGC;
686 uint32_t fReadFlags;
687} PATMDISASM, *PPATMDISASM;
688
689inline bool PATMR3DISInstr(PVM pVM, PPATCHINFO pPatch, DISCPUSTATE *pCpu, RTRCPTR InstrGC,
690 uint8_t *InstrHC, uint32_t *pOpsize, char *pszOutput,
691 uint32_t fReadFlags = PATMREAD_ORGCODE)
692{
693 PATMDISASM disinfo;
694 disinfo.pVM = pVM;
695 disinfo.pPatchInfo = pPatch;
696 disinfo.pInstrHC = InstrHC;
697 disinfo.pInstrGC = InstrGC;
698 disinfo.fReadFlags = fReadFlags;
699 (pCpu)->pfnReadBytes = patmReadBytes;
700 (pCpu)->apvUserData[0] = &disinfo;
701 return RT_SUCCESS(DISInstr(pCpu, InstrGC, 0, pOpsize, pszOutput));
702}
703#endif /* !IN_RC */
704
705RT_C_DECLS_BEGIN
706/**
707 * #PF Virtual Handler callback for Guest access a page monitored by PATM
708 *
709 * @returns VBox status code (appropriate for trap handling and GC return).
710 * @param pVM VM Handle.
711 * @param uErrorCode CPU Error code.
712 * @param pRegFrame Trap register frame.
713 * @param pvFault The fault address (cr2).
714 * @param pvRange The base address of the handled virtual range.
715 * @param offRange The offset of the access into this range.
716 * (If it's a EIP range this is the EIP, if not it's pvFault.)
717 */
718VMMRCDECL(int) PATMGCMonitorPage(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange);
719
720/**
721 * Find patch for privileged instruction at specified location
722 *
723 * @returns Patch structure pointer if found; else NULL
724 * @param pVM The VM to operate on.
725 * @param pInstr Guest context point to instruction that might lie within 5 bytes of an existing patch jump
726 * @param fIncludeHints Include hinted patches or not
727 *
728 */
729PPATCHINFO PATMFindActivePatchByEntrypoint(PVM pVM, RTRCPTR pInstrGC, bool fIncludeHints=false);
730
731/**
732 * Patch cli/sti pushf/popf instruction block at specified location
733 *
734 * @returns VBox status code.
735 * @param pVM The VM to operate on.
736 * @param pInstrGC Guest context point to privileged instruction
737 * @param pInstrHC Host context point to privileged instruction
738 * @param uOpcode Instruction opcodee
739 * @param uOpSize Size of starting instruction
740 * @param pPatchRec Patch record
741 *
742 * @note returns failure if patching is not allowed or possible
743 *
744 */
745VMMR3DECL(int) PATMR3PatchBlock(PVM pVM, RTRCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC,
746 uint32_t uOpcode, uint32_t uOpSize, PPATMPATCHREC pPatchRec);
747
748
749/**
750 * Replace an instruction with a breakpoint (0xCC), that is handled dynamically in the guest context.
751 *
752 * @returns VBox status code.
753 * @param pVM The VM to operate on.
754 * @param pInstrGC Guest context point to privileged instruction
755 * @param pInstrHC Host context point to privileged instruction
756 * @param pCpu Disassembly CPU structure ptr
757 * @param pPatch Patch record
758 *
759 * @note returns failure if patching is not allowed or possible
760 *
761 */
762VMMR3DECL(int) PATMR3PatchInstrInt3(PVM pVM, RTRCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC, DISCPUSTATE *pCpu, PPATCHINFO pPatch);
763
764/**
765 * Mark patch as dirty
766 *
767 * @returns VBox status code.
768 * @param pVM The VM to operate on.
769 * @param pPatch Patch record
770 *
771 * @note returns failure if patching is not allowed or possible
772 *
773 */
774VMMR3DECL(int) PATMR3MarkDirtyPatch(PVM pVM, PPATCHINFO pPatch);
775
776R3PTRTYPE(uint8_t *) PATMGCVirtToHCVirt(PVM pVM, PPATMP2GLOOKUPREC pCacheRec, RCPTRTYPE(uint8_t *) pGCPtr);
777
778/**
779 * Calculate the branch destination
780 *
781 * @returns branch destination or 0 if failed
782 * @param pCpu Disassembly state of instruction.
783 * @param pBranchInstrGC GC pointer of branch instruction
784 */
785inline RTRCPTR PATMResolveBranch(PDISCPUSTATE pCpu, RTRCPTR pBranchInstrGC)
786{
787 uint32_t disp;
788 if (pCpu->param1.flags & USE_IMMEDIATE8_REL)
789 {
790 disp = (int32_t)(char)pCpu->param1.parval;
791 }
792 else
793 if (pCpu->param1.flags & USE_IMMEDIATE16_REL)
794 {
795 disp = (int32_t)(uint16_t)pCpu->param1.parval;
796 }
797 else
798 if (pCpu->param1.flags & USE_IMMEDIATE32_REL)
799 {
800 disp = (int32_t)pCpu->param1.parval;
801 }
802 else
803 {
804 Log(("We don't support far jumps here!! (%08X)\n", pCpu->param1.flags));
805 return 0;
806 }
807#ifdef IN_RC
808 return (RTRCPTR)((uint8_t *)pBranchInstrGC + pCpu->opsize + disp);
809#else
810 return pBranchInstrGC + pCpu->opsize + disp;
811#endif
812}
813
814RT_C_DECLS_END
815
816#ifdef LOG_ENABLED
817int patmr3DisasmCallback(PVM pVM, DISCPUSTATE *pCpu, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, PPATMP2GLOOKUPREC pCacheRec);
818int patmr3DisasmCodeStream(PVM pVM, RCPTRTYPE(uint8_t *) pInstrGC, RCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Analyse, PPATMP2GLOOKUPREC pCacheRec);
819#endif
820
821#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette