PATM.cpp revision 389b9f89a42b9efcb0d843a6a45c54418dd02e11
77b1a2d8b5dbe2c0b5200794914239fee3c8ee5dvboxsync/* $Id$ */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync/** @file
77b1a2d8b5dbe2c0b5200794914239fee3c8ee5dvboxsync * PATM - Dynamic Guest OS Patching Manager
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync *
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * NOTE: Never ever reuse patch memory!!
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync */
e64031e20c39650a7bc902a3e1aba613b9415deevboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync/*
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * Copyright (C) 2006-2007 innotek GmbH
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync *
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * available from http://www.virtualbox.org. This file is free software;
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * you can redistribute it and/or modify it under the terms of the GNU
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * General Public License as published by the Free Software Foundation,
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * distribution. VirtualBox OSE is distributed in the hope that it will
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * be useful, but WITHOUT ANY WARRANTY of any kind.
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync/*******************************************************************************
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync* Header Files *
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync*******************************************************************************/
cd6f71bc352f550074f1ba2c830a2cf2f0b3dd46vboxsync#define LOG_GROUP LOG_GROUP_PATM
43747b1f0bc8302a238fb35e55857a5e9aa1933dvboxsync#include <VBox/patm.h>
43747b1f0bc8302a238fb35e55857a5e9aa1933dvboxsync#include <VBox/stam.h>
43747b1f0bc8302a238fb35e55857a5e9aa1933dvboxsync#include <VBox/pgm.h>
16a9adc14900ca18e6909679a579f6833425e030vboxsync#include <VBox/cpum.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/cpumdis.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/iom.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/sup.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/mm.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/ssm.h>
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include <VBox/pdm.h>
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync#include <VBox/trpm.h>
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync#include <VBox/cfgm.h>
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync#include <VBox/param.h>
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync#include <VBox/selm.h>
b0b15690f00527424b2d5fb88456d747252322f7vboxsync#include <iprt/avl.h>
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include "PATMInternal.h"
efff36b306e370346025647a158689021df2e1d1vboxsync#include "PATMPatch.h"
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include <VBox/vm.h>
590bfe12ce22cd3716448fbb9f4dc51664bfe5e2vboxsync#include <VBox/csam.h>
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include <VBox/dbg.h>
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include <VBox/err.h>
590bfe12ce22cd3716448fbb9f4dc51664bfe5e2vboxsync#include <VBox/log.h>
efff36b306e370346025647a158689021df2e1d1vboxsync#include <iprt/assert.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <iprt/asm.h>
f5e53763b0a581b0299e98028c6c52192eb06785vboxsync#include <VBox/dis.h>
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#include <VBox/disopcode.h>
efff36b306e370346025647a158689021df2e1d1vboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include <iprt/string.h>
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#include "PATMA.h"
efff36b306e370346025647a158689021df2e1d1vboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync//#define PATM_REMOVE_PATCH_ON_TOO_MANY_TRAPS
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync//#define PATM_DISABLE_ALL
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync/*******************************************************************************
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync* Internal Functions *
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync*******************************************************************************/
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic int patmDisableUnusablePatch(PVM pVM, RTGCPTR pInstrGC, RTGCPTR pConflictAddr, PPATCHINFO pPatch);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic int patmActivateInt3Patch(PVM pVM, PPATCHINFO pPatch);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic int patmDeactivateInt3Patch(PVM pVM, PPATCHINFO pPatch);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#ifdef LOG_ENABLED // keep gcc quiet
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic bool patmIsCommonIDTHandlerPatch(PVM pVM, RTGCPTR pInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#endif
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#ifdef VBOX_WITH_STATISTICS
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic const char *PATMPatchType(PVM pVM, PPATCHINFO pPatch);
0abd77741a608f6c41c8dfcd4781b8b84adf1044vboxsyncstatic void patmResetStat(PVM pVM, void *pvSample);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsyncstatic void patmPrintStat(PVM pVM, void *pvSample, char *pszBuf, size_t cchBuf);
9496f2d398b49813176939d7a339ae513d5175efvboxsync#endif
9496f2d398b49813176939d7a339ae513d5175efvboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync#define patmPatchHCPtr2PatchGCPtr(pVM, pHC) (pVM->patm.s.pPatchMemGC + (pHC - pVM->patm.s.pPatchMemHC))
9496f2d398b49813176939d7a339ae513d5175efvboxsync#define patmPatchGCPtr2PatchHCPtr(pVM, pGC) (pVM->patm.s.pPatchMemHC + (pGC - pVM->patm.s.pPatchMemGC))
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic int patmReinit(PVM pVM);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic DECLCALLBACK(int) RelocatePatches(PAVLOGCPTRNODECORE pNode, void *pParam);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic DECLCALLBACK(int) patmVirtPageHandler(PVM pVM, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync#ifdef VBOX_WITH_DEBUGGER
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic DECLCALLBACK(int) DisableAllPatches(PAVLOGCPTRNODECORE pNode, void *pVM);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic DECLCALLBACK(int) patmr3CmdOn(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PVM pVM, PCDBGCVAR paArgs, unsigned cArgs, PDBGCVAR pResult);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsyncstatic DECLCALLBACK(int) patmr3CmdOff(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PVM pVM, PCDBGCVAR paArgs, unsigned cArgs, PDBGCVAR pResult);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync/** Command descriptors. */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsyncstatic const DBGCCMD g_aCmds[] =
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync{
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /* pszCmd, cArgsMin, cArgsMax, paArgDesc, cArgDescs, pResultDesc, fFlags, pfnHandler pszSyntax, ....pszDescription */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync { "patmon", 0, 0, NULL, 0, NULL, 0, patmr3CmdOn, "", "Enable patching." },
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync { "patmoff", 0, 0, NULL, 0, NULL, 0, patmr3CmdOff, "", "Disable patching." },
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync};
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync#endif
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync/**
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * Initializes the PATM.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @returns VBox status code.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @param pVM The VM to operate on.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsyncPATMR3DECL(int) PATMR3Init(PVM pVM)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync{
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync int rc;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Log(("PATMR3Init: Patch record size %d\n", sizeof(PATCHINFO)));
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync AssertReleaseMsg(PATMInterruptFlag == (VM_FF_INTERRUPT_APIC | VM_FF_INTERRUPT_PIC | VM_FF_TIMER | VM_FF_REQUEST), ("Interrupt flags out of sync!!\n"));
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Allocate patch memory and GC patch state memory. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.cbPatchMem = PATCH_MEMORY_SIZE;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Add another page in case the generated code is much larger than expected. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /** @todo bad safety precaution */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = MMR3HyperAllocOnceNoRel(pVM, PATCH_MEMORY_SIZE + PAGE_SIZE + PATM_STACK_TOTAL_SIZE + PAGE_SIZE + PATM_STAT_MEMSIZE, PAGE_SIZE, MM_TAG_PATM, (void **)&pVM->patm.s.pPatchMemHC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_FAILURE(rc))
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync {
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync Log(("MMR3HyperAlloc failed with %Vrc\n", rc));
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync return rc;
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync }
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync pVM->patm.s.pPatchMemGC = MMHyperHC2GC(pVM, pVM->patm.s.pPatchMemHC);
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync /* PATM stack page for call instruction execution. (2 parts: one for our private stack and one to store the original return address */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pVM->patm.s.pGCStackHC = (RTGCPTR *)(pVM->patm.s.pPatchMemHC + PATCH_MEMORY_SIZE + PAGE_SIZE);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pVM->patm.s.pGCStackGC = MMHyperHC2GC(pVM, pVM->patm.s.pGCStackHC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /*
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * Hypervisor memory for GC status data (read/write)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync *
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * Note1: This is non-critical data; if trashed by the guest, then it will only cause problems for itself
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync * Note2: This doesn't really belong here, but we need access to it for relocation purposes
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync *
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(sizeof(PATMGCSTATE) < PAGE_SIZE); /** @note hardcoded dependencies on this exist. */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pVM->patm.s.pGCStateHC = (PPATMGCSTATE)((uint8_t *)pVM->patm.s.pGCStackHC + PATM_STACK_TOTAL_SIZE);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync pVM->patm.s.pGCStateGC = MMHyperHC2GC(pVM, pVM->patm.s.pGCStateHC);
21029597fc4b76d0db0c9542daee201447281781vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /* Hypervisor memory for patch statistics */
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync pVM->patm.s.pStatsHC = (PSTAMRATIOU32)((uint8_t *)pVM->patm.s.pGCStateHC + PAGE_SIZE);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync pVM->patm.s.pStatsGC = MMHyperHC2GC(pVM, pVM->patm.s.pStatsHC);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /* Memory for patch lookup trees. */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync rc = MMHyperAlloc(pVM, sizeof(*pVM->patm.s.PatchLookupTreeHC), 0, MM_TAG_PATM, (void **)&pVM->patm.s.PatchLookupTreeHC);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync AssertRCReturn(rc, rc);
c0a370e600bb60153a269fb32b5f709347c35768vboxsync pVM->patm.s.PatchLookupTreeGC = MMHyperHC2GC(pVM, pVM->patm.s.PatchLookupTreeHC);
ad27e1d5e48ca41245120c331cc88b50464813cevboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync#ifdef RT_ARCH_AMD64 /* see patmReinit(). */
9496f2d398b49813176939d7a339ae513d5175efvboxsync /* Check CFGM option. */
9496f2d398b49813176939d7a339ae513d5175efvboxsync rc = CFGMR3QueryBool(CFGMR3GetRoot(pVM), "PATMEnabled", &pVM->fPATMEnabled);
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (VBOX_FAILURE(rc))
9496f2d398b49813176939d7a339ae513d5175efvboxsync# ifdef PATM_DISABLE_ALL
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync pVM->fPATMEnabled = false;
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync# else
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync pVM->fPATMEnabled = true;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync# endif
16a9adc14900ca18e6909679a579f6833425e030vboxsync#endif
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = patmReinit(pVM);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync AssertRC(rc);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (VBOX_FAILURE(rc))
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return rc;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /*
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Register save and load state notificators.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync rc = SSMR3RegisterInternal(pVM, "PATM", 0, PATM_SSM_VERSION, sizeof(pVM->patm.s) + PATCH_MEMORY_SIZE + PAGE_SIZE + PATM_STACK_TOTAL_SIZE + PAGE_SIZE,
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync NULL, patmr3Save, NULL,
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync NULL, patmr3Load, NULL);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (VBOX_FAILURE(rc))
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync AssertRC(rc);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return rc;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync#ifdef VBOX_WITH_DEBUGGER
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /*
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync * Debugger commands.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync static bool fRegisteredCmds = false;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (!fRegisteredCmds)
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync int rc = DBGCRegisterCommands(&g_aCmds[0], ELEMENTS(g_aCmds));
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync if (VBOX_SUCCESS(rc))
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync fRegisteredCmds = true;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync }
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#endif
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#ifdef VBOX_WITH_STATISTICS
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync STAM_REG(pVM, &pVM->patm.s.StatNrOpcodeRead, STAMTYPE_COUNTER, "/PATM/OpcodeBytesRead", STAMUNIT_OCCURENCES, "The number of opcode bytes read by the recompiler.");
009d45aa55691312278d41edb20154dc208d9cd8vboxsync STAM_REG(pVM, &pVM->patm.s.StatPATMMemoryUsed,STAMTYPE_COUNTER, "/PATM/MemoryUsed", STAMUNIT_OCCURENCES, "The amount of hypervisor heap used for patches.");
009d45aa55691312278d41edb20154dc208d9cd8vboxsync STAM_REG(pVM, &pVM->patm.s.StatDisabled, STAMTYPE_COUNTER, "/PATM/Patch/Disabled", STAMUNIT_OCCURENCES, "Number of times patches were disabled.");
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync STAM_REG(pVM, &pVM->patm.s.StatEnabled, STAMTYPE_COUNTER, "/PATM/Patch/Enabled", STAMUNIT_OCCURENCES, "Number of times patches were enabled.");
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync STAM_REG(pVM, &pVM->patm.s.StatDirty, STAMTYPE_COUNTER, "/PATM/Patch/Dirty", STAMUNIT_OCCURENCES, "Number of times patches were marked dirty.");
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync STAM_REG(pVM, &pVM->patm.s.StatUnusable, STAMTYPE_COUNTER, "/PATM/Patch/Unusable", STAMUNIT_OCCURENCES, "Number of unusable patches (conflicts).");
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync STAM_REG(pVM, &pVM->patm.s.StatInstalled, STAMTYPE_COUNTER, "/PATM/Patch/Installed", STAMUNIT_OCCURENCES, "Number of installed patches.");
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync STAM_REG(pVM, &pVM->patm.s.StatInt3Callable, STAMTYPE_COUNTER, "/PATM/Patch/Int3Callable", STAMUNIT_OCCURENCES, "Number of cli patches turned into int3 patches.");
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync STAM_REG(pVM, &pVM->patm.s.StatInt3BlockRun, STAMTYPE_COUNTER, "/PATM/Patch/Run/Int3", STAMUNIT_OCCURENCES, "Number of times an int3 block patch was executed.");
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync STAMR3RegisterF(pVM, &pVM->patm.s.pGCStateHC->uPatchCalls, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Patch/Run/Normal");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatInstalledFunctionPatches, STAMTYPE_COUNTER, "/PATM/Patch/Installed/Function", STAMUNIT_OCCURENCES, "Number of installed function duplication patches.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatInstalledTrampoline, STAMTYPE_COUNTER, "/PATM/Patch/Installed/Trampoline", STAMUNIT_OCCURENCES, "Number of installed trampoline patches.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatInstalledJump, STAMTYPE_COUNTER, "/PATM/Patch/Installed/Jump", STAMUNIT_OCCURENCES, "Number of installed jump patches.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatOverwritten, STAMTYPE_COUNTER, "/PATM/Patch/Overwritten", STAMUNIT_OCCURENCES, "Number of overwritten patches.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFixedConflicts,STAMTYPE_COUNTER, "/PATM/Patch/ConflictFixed", STAMUNIT_OCCURENCES, "Number of fixed conflicts.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFlushed, STAMTYPE_COUNTER, "/PATM/Patch/Flushed", STAMUNIT_OCCURENCES, "Number of flushes of pages with patch jumps.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatMonitored, STAMTYPE_COUNTER, "/PATM/Patch/Monitored", STAMUNIT_OCCURENCES, "Number of patches in monitored patch pages.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPageBoundaryCrossed, STAMTYPE_COUNTER, "/PATM/Patch/BoundaryCross", STAMUNIT_OCCURENCES, "Number of refused patches due to patch jump crossing page boundary.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatHandleTrap, STAMTYPE_PROFILE, "/PATM/HandleTrap", STAMUNIT_TICKS_PER_CALL, "Profiling of PATMR3HandleTrap");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPushTrap, STAMTYPE_COUNTER, "/PATM/HandleTrap/PushWP", STAMUNIT_OCCURENCES, "Number of traps due to monitored stack pages.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatSwitchBack, STAMTYPE_COUNTER, "/PATM/SwitchBack", STAMUNIT_OCCURENCES, "Switch back to original guest code when IF=1 & executing PATM instructions");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatSwitchBackFail,STAMTYPE_COUNTER, "/PATM/SwitchBackFail", STAMUNIT_OCCURENCES, "Failed switch back to original guest code when IF=1 & executing PATM instructions");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatDuplicateREQFailed, STAMTYPE_COUNTER, "/PATM/Function/DupREQ/Failed", STAMUNIT_OCCURENCES, "Nr of failed PATMR3DuplicateFunctionRequest calls");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatDuplicateREQSuccess, STAMTYPE_COUNTER, "/PATM/Function/DupREQ/Success", STAMUNIT_OCCURENCES, "Nr of successful PATMR3DuplicateFunctionRequest calls");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatDuplicateUseExisting,STAMTYPE_COUNTER, "/PATM/Function/DupREQ/UseExist", STAMUNIT_OCCURENCES, "Nr of successful PATMR3DuplicateFunctionRequest calls when using an existing patch");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFunctionLookupInsert, STAMTYPE_COUNTER, "/PATM/Function/Lookup/Insert", STAMUNIT_OCCURENCES, "Nr of successful function address insertions");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFunctionLookupReplace, STAMTYPE_COUNTER, "/PATM/Function/Lookup/Replace", STAMUNIT_OCCURENCES, "Nr of successful function address replacements");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatU32FunctionMaxSlotsUsed, STAMTYPE_U32_RESET,"/PATM/Function/Lookup/MaxSlots", STAMUNIT_OCCURENCES, "Maximum nr of lookup slots used in all call patches");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFunctionFound, STAMTYPE_COUNTER, "/PATM/Function/Found", STAMUNIT_OCCURENCES, "Nr of successful function patch lookups in GC");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatFunctionNotFound, STAMTYPE_COUNTER, "/PATM/Function/NotFound", STAMUNIT_OCCURENCES, "Nr of failed function patch lookups in GC");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchWrite, STAMTYPE_PROFILE, "/PATM/Write/Handle", STAMUNIT_TICKS_PER_CALL, "Profiling of PATMR3PatchWrite");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchWriteDetect, STAMTYPE_PROFILE, "/PATM/Write/Detect", STAMUNIT_TICKS_PER_CALL, "Profiling of PATMIsWriteToPatchPage");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchWriteInterpreted, STAMTYPE_COUNTER, "/PATM/Write/Interpreted/Success", STAMUNIT_OCCURENCES, "Nr of interpreted patch writes.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchWriteInterpretedFailed, STAMTYPE_COUNTER, "/PATM/Write/Interpreted/Failed", STAMUNIT_OCCURENCES, "Nr of failed interpreted patch writes.");
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchRefreshSuccess, STAMTYPE_COUNTER, "/PATM/Refresh/Success", STAMUNIT_OCCURENCES, "Successful patch refreshes");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchRefreshFailed, STAMTYPE_COUNTER, "/PATM/Refresh/Failure", STAMUNIT_OCCURENCES, "Failed patch refreshes");
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchPageInserted, STAMTYPE_COUNTER, "/PATM/Page/Inserted", STAMUNIT_OCCURENCES, "Nr of inserted guest pages that were patched");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatPatchPageRemoved, STAMTYPE_COUNTER, "/PATM/Page/Removed", STAMUNIT_OCCURENCES, "Nr of removed guest pages that were patched");
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatInstrDirty, STAMTYPE_COUNTER, "/PATM/Instr/Dirty/Detected", STAMUNIT_OCCURENCES, "Number of times instructions were marked dirty.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatInstrDirtyGood, STAMTYPE_COUNTER, "/PATM/Instr/Dirty/Corrected", STAMUNIT_OCCURENCES, "Number of times instructions were marked dirty and corrected later on.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatInstrDirtyBad, STAMTYPE_COUNTER, "/PATM/Instr/Dirty/Failed", STAMUNIT_OCCURENCES, "Number of times instructions were marked dirty and we were not able to correct them.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatSysEnter, STAMTYPE_COUNTER, "/PATM/Emul/SysEnter", STAMUNIT_OCCURENCES, "Number of times sysenter was emulated.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatSysExit, STAMTYPE_COUNTER, "/PATM/Emul/SysExit" , STAMUNIT_OCCURENCES, "Number of times sysexit was emulated.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatEmulIret, STAMTYPE_COUNTER, "/PATM/Emul/Iret/Success", STAMUNIT_OCCURENCES, "Number of times iret was emulated.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatEmulIretFailed, STAMTYPE_COUNTER, "/PATM/Emul/Iret/Failed", STAMUNIT_OCCURENCES, "Number of times iret was emulated.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatGenRet, STAMTYPE_COUNTER, "/PATM/Gen/Ret" , STAMUNIT_OCCURENCES, "Number of generated ret instructions.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatGenRetReused, STAMTYPE_COUNTER, "/PATM/Gen/RetReused" , STAMUNIT_OCCURENCES, "Number of reused ret instructions.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatGenCall, STAMTYPE_COUNTER, "/PATM/Gen/Call", STAMUNIT_OCCURENCES, "Number of generated call instructions.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatGenJump, STAMTYPE_COUNTER, "/PATM/Gen/Jmp" , STAMUNIT_OCCURENCES, "Number of generated indirect jump instructions.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatGenPopf, STAMTYPE_COUNTER, "/PATM/Gen/Popf" , STAMUNIT_OCCURENCES, "Number of generated popf instructions.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync STAM_REG(pVM, &pVM->patm.s.StatCheckPendingIRQ, STAMTYPE_COUNTER, "/PATM/GC/CheckIRQ" , STAMUNIT_OCCURENCES, "Number of traps that ask to check for pending irqs.");
16a9adc14900ca18e6909679a579f6833425e030vboxsync#endif /* VBOX_WITH_STATISTICS */
16a9adc14900ca18e6909679a579f6833425e030vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMCallRecord.size %d\n", PATMCallRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMCallIndirectRecord.size %d\n", PATMCallIndirectRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMRetRecord.size %d\n", PATMRetRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMJumpIndirectRecord.size %d\n", PATMJumpIndirectRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMPopf32Record.size %d\n", PATMPopf32Record.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMIretRecord.size %d\n", PATMIretRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMStiRecord.size %d\n", PATMStiRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMCheckIFRecord.size %d\n", PATMCheckIFRecord.size));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync return rc;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync}
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync/**
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * Finalizes HMA page attributes.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync *
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @returns VBox status code.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @param pVM The VM handle.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsyncPATMR3DECL(int) PATMR3InitFinalize(PVM pVM)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync{
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /* The GC state, stack and statistics must be read/write for the guest (supervisor only of course). */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync int rc = PGMMapSetPage(pVM, pVM->patm.s.pGCStateGC, PAGE_SIZE, X86_PTE_P | X86_PTE_A | X86_PTE_D | X86_PTE_RW);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_FAILURE(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMR3InitFinalize: PGMMapSetPage failed with %Vrc!!\n", rc));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = PGMMapSetPage(pVM, pVM->patm.s.pGCStackGC, PATM_STACK_TOTAL_SIZE, X86_PTE_P | X86_PTE_A | X86_PTE_D | X86_PTE_RW);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_FAILURE(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMR3InitFinalize: PGMMapSetPage failed with %Vrc!!\n", rc));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = PGMMapSetPage(pVM, pVM->patm.s.pStatsGC, PATM_STAT_MEMSIZE, X86_PTE_P | X86_PTE_A | X86_PTE_D | X86_PTE_RW);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_FAILURE(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("PATMR3InitFinalize: PGMMapSetPage failed with %Vrc!!\n", rc));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync return rc;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync}
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync/**
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * (Re)initializes PATM
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync *
a9d49c8f2b28a72e6a4db86eee91e4569290157bvboxsync * @param pVM The VM.
a9d49c8f2b28a72e6a4db86eee91e4569290157bvboxsync */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsyncstatic int patmReinit(PVM pVM)
a9d49c8f2b28a72e6a4db86eee91e4569290157bvboxsync{
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync int rc;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync /*
9496f2d398b49813176939d7a339ae513d5175efvboxsync * Assert alignment and sizes.
9496f2d398b49813176939d7a339ae513d5175efvboxsync */
9496f2d398b49813176939d7a339ae513d5175efvboxsync AssertRelease(!(RT_OFFSETOF(VM, patm.s) & 31));
59d7f5939d42ad9d344fbad8401e00a900db92c5vboxsync AssertRelease(sizeof(pVM->patm.s) <= sizeof(pVM->patm.padding));
59d7f5939d42ad9d344fbad8401e00a900db92c5vboxsync
22ec733a5e041fcdfe02fce2eafc9faf8b0077ddvboxsync /*
9496f2d398b49813176939d7a339ae513d5175efvboxsync * Setup any fixed pointers and offsets.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.offVM = RT_OFFSETOF(VM, patm);
9496f2d398b49813176939d7a339ae513d5175efvboxsync
aa834e89e076db44fa8fe82d177748f0a45d14c2vboxsync#ifndef RT_ARCH_AMD64 /* would be nice if this was changed everywhere. was driving me crazy on AMD64. */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync#ifndef PATM_DISABLE_ALL
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pVM->fPATMEnabled = true;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync#endif
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync#endif
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync Assert(pVM->patm.s.pGCStateHC);
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync memset(pVM->patm.s.pGCStateHC, 0, PAGE_SIZE);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync AssertReleaseMsg(pVM->patm.s.pGCStateGC, ("Impossible! MMHyperHC2GC(%p) failed!\n", pVM->patm.s.pGCStateGC));
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Log(("Patch memory allocated at %p - %VGv\n", pVM->patm.s.pPatchMemHC, pVM->patm.s.pPatchMemGC));
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.pGCStateHC->uVMFlags = X86_EFL_IF;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
d5ea45cc92d7f1d3ade8189944531f665bfe8ed5vboxsync Assert(pVM->patm.s.pGCStackHC);
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync memset(pVM->patm.s.pGCStackHC, 0, PAGE_SIZE);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync AssertReleaseMsg(pVM->patm.s.pGCStackGC, ("Impossible! MMHyperHC2GC(%p) failed!\n", pVM->patm.s.pGCStackGC));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pVM->patm.s.pGCStateHC->Psp = PATM_STACK_SIZE;
d5ea45cc92d7f1d3ade8189944531f665bfe8ed5vboxsync pVM->patm.s.pGCStateHC->fPIF = 1; /* PATM Interrupt Flag */
f687f34bd232be13744edbc0cc5155fa5d4540edvboxsync
d5ea45cc92d7f1d3ade8189944531f665bfe8ed5vboxsync Assert(pVM->patm.s.pStatsHC);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync memset(pVM->patm.s.pStatsHC, 0, PATM_STAT_MEMSIZE);
9496f2d398b49813176939d7a339ae513d5175efvboxsync AssertReleaseMsg(pVM->patm.s.pStatsGC, ("Impossible! MMHyperHC2GC(%p) failed!\n", pVM->patm.s.pStatsGC));
9496f2d398b49813176939d7a339ae513d5175efvboxsync
bbede9c189def47a9880f0ffb03c0c230c774185vboxsync Assert(pVM->patm.s.pPatchMemHC);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync Assert(pVM->patm.s.pPatchMemGC = MMHyperHC2GC(pVM, pVM->patm.s.pPatchMemHC));
468c2bcb36eb9a032f5dd0fcb34db10bd58e9996vboxsync memset(pVM->patm.s.pPatchMemHC, 0, PATCH_MEMORY_SIZE);
bbede9c189def47a9880f0ffb03c0c230c774185vboxsync AssertReleaseMsg(pVM->patm.s.pPatchMemGC, ("Impossible! MMHyperHC2GC(%p) failed!\n", pVM->patm.s.pPatchMemHC));
9496f2d398b49813176939d7a339ae513d5175efvboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* Needed for future patching of sldt/sgdt/sidt/str etc. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync rc = CPUMR3QueryGuestCtxGCPtr(pVM, &pVM->patm.s.pCPUMCtxGC);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync AssertRCReturn(rc, rc);
9496f2d398b49813176939d7a339ae513d5175efvboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Assert(pVM->patm.s.PatchLookupTreeHC);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Assert(pVM->patm.s.PatchLookupTreeGC == MMHyperHC2GC(pVM, pVM->patm.s.PatchLookupTreeHC));
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync /*
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * (Re)Initialize PATM structure
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync */
ffbe6daf773e38167f3cabaf1f063d84ecd063e9vboxsync Assert(!pVM->patm.s.PatchLookupTreeHC->PatchTree);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Assert(!pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Assert(!pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage);
fbf08fabb4c4b383d6aa2830c2bd5b943a26f10cvboxsync pVM->patm.s.offPatchMem = 16; /* don't start with zero here */
fbf08fabb4c4b383d6aa2830c2bd5b943a26f10cvboxsync pVM->patm.s.uCurrentPatchIdx = 1; /* Index zero is a dummy */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.pvFaultMonitor = 0;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.deltaReloc = 0;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
adefd5e9babba486cba0cfae52f5a0f6c8c4ef24vboxsync /* Lowest and highest patched instruction */
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync pVM->patm.s.pPatchedInstrGCLowest = ~0;
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync pVM->patm.s.pPatchedInstrGCHighest = 0;
ba74637cb4d2e749337d51ccbfb1038bdd3e2092vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pVM->patm.s.PatchLookupTreeHC->PatchTree = 0;
ba74637cb4d2e749337d51ccbfb1038bdd3e2092vboxsync pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr = 0;
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage = 0;
ba74637cb4d2e749337d51ccbfb1038bdd3e2092vboxsync
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync pVM->patm.s.pfnSysEnterPatchGC = 0;
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync pVM->patm.s.pfnSysEnterGC = 0;
adefd5e9babba486cba0cfae52f5a0f6c8c4ef24vboxsync
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync pVM->patm.s.fOutOfMemory = false;
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.pfnHelperCallGC = 0;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Generate all global functions to be used by future patches. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* We generate a fake patch in order to use the existing code for relocation. */
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync rc = MMHyperAlloc(pVM, sizeof(PATMPATCHREC), 0, MM_TAG_PATM_PATCH, (void **)&pVM->patm.s.pGlobalPatchRec);
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync if (VBOX_FAILURE(rc))
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync {
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync Log(("Out of memory!!!!\n"));
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync return VERR_NO_MEMORY;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync }
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync pVM->patm.s.pGlobalPatchRec->patch.flags = PATMFL_GLOBAL_FUNCTIONS;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync pVM->patm.s.pGlobalPatchRec->patch.uState = PATCH_ENABLED;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync pVM->patm.s.pGlobalPatchRec->patch.pPatchBlockOffset = pVM->patm.s.offPatchMem;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync rc = patmPatchGenGlobalFunctions(pVM, &pVM->patm.s.pGlobalPatchRec->patch);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync AssertRC(rc);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Update free pointer in patch memory. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.offPatchMem += pVM->patm.s.pGlobalPatchRec->patch.uCurPatchOffset;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Round to next 8 byte boundary. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync return rc;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync}
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync/**
9496f2d398b49813176939d7a339ae513d5175efvboxsync * Applies relocations to data and code managed by this
9496f2d398b49813176939d7a339ae513d5175efvboxsync * component. This function will be called at init and
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * whenever the VMM need to relocate it self inside the GC.
9496f2d398b49813176939d7a339ae513d5175efvboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * The PATM will update the addresses used by the switcher.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
9496f2d398b49813176939d7a339ae513d5175efvboxsync * @param pVM The VM.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsyncPATMR3DECL(void) PATMR3Relocate(PVM pVM)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync{
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync RTGCPTR GCPtrNew = MMHyperHC2GC(pVM, pVM->patm.s.pGCStateHC);
9496f2d398b49813176939d7a339ae513d5175efvboxsync RTGCINTPTR delta = GCPtrNew - pVM->patm.s.pGCStateGC;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync Log(("PATMR3Relocate from %VGv to %VGv - delta %08X\n", pVM->patm.s.pGCStateGC, GCPtrNew, delta));
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (delta)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync PCPUMCTX pCtx;
9496f2d398b49813176939d7a339ae513d5175efvboxsync int rc;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Update CPUMCTX guest context pointer. */
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync pVM->patm.s.pCPUMCtxGC += delta;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync pVM->patm.s.deltaReloc = delta;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync RTAvloGCPtrDoWithAll(&pVM->patm.s.PatchLookupTreeHC->PatchTree, true, RelocatePatches, (void *)pVM);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
9496f2d398b49813176939d7a339ae513d5175efvboxsync AssertRC(rc);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* If we are running patch code right now, then also adjust EIP. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync if (PATMIsPatchGCAddr(pVM, pCtx->eip))
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pCtx->eip += delta;
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.pGCStateGC = GCPtrNew;
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.pPatchMemGC = MMHyperHC2GC(pVM, pVM->patm.s.pPatchMemHC);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.pGCStackGC = MMHyperHC2GC(pVM, pVM->patm.s.pGCStackHC);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.pStatsGC = MMHyperHC2GC(pVM, pVM->patm.s.pStatsHC);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.PatchLookupTreeGC = MMHyperHC2GC(pVM, pVM->patm.s.PatchLookupTreeHC);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync if (pVM->patm.s.pfnSysEnterPatchGC)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.pfnSysEnterPatchGC += delta;
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync /* Deal with the global patch functions. */
9496f2d398b49813176939d7a339ae513d5175efvboxsync pVM->patm.s.pfnHelperCallGC += delta;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pVM->patm.s.pfnHelperRetGC += delta;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pVM->patm.s.pfnHelperIretGC += delta;
9496f2d398b49813176939d7a339ae513d5175efvboxsync pVM->patm.s.pfnHelperJumpGC += delta;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync RelocatePatches(&pVM->patm.s.pGlobalPatchRec->Core, (void *)pVM);
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync }
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync}
9496f2d398b49813176939d7a339ae513d5175efvboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync/**
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * Terminates the PATM.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
9496f2d398b49813176939d7a339ae513d5175efvboxsync * Termination means cleaning up and freeing all resources,
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * the VM it self is at this point powered off or suspended.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @returns VBox status code.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @param pVM The VM to operate on.
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync */
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsyncPATMR3DECL(int) PATMR3Term(PVM pVM)
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync{
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync /* Memory was all allocated from the two MM heaps and requires no freeing. */
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync return VINF_SUCCESS;
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync}
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync/**
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * PATM reset callback.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @returns VBox status code.
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync * @param pVM The VM which is reset.
9496f2d398b49813176939d7a339ae513d5175efvboxsync */
9496f2d398b49813176939d7a339ae513d5175efvboxsyncPATMR3DECL(int) PATMR3Reset(PVM pVM)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync{
9496f2d398b49813176939d7a339ae513d5175efvboxsync Log(("PATMR3Reset\n"));
16a9adc14900ca18e6909679a579f6833425e030vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /* Free all patches. */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync while (true)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PPATMPATCHREC pPatchRec = (PPATMPATCHREC)RTAvloGCPtrRemoveBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, 0, true);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pPatchRec)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync {
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync PATMRemovePatch(pVM, pPatchRec, true);
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync }
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync else
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync break;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync }
9496f2d398b49813176939d7a339ae513d5175efvboxsync Assert(!pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync Assert(!pVM->patm.s.PatchLookupTreeHC->PatchTree);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr = 0;
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage = 0;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync int rc = patmReinit(pVM);
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync if (VBOX_SUCCESS(rc))
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync rc = PATMR3InitFinalize(pVM); /* paranoia */
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync
ce03ea57fdcf3d48523b1de5b894feb75e1b34davboxsync return rc;
9496f2d398b49813176939d7a339ae513d5175efvboxsync}
7766bf675357fd940d8c49e69a5d72dc6eaa6be4vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync/**
9496f2d398b49813176939d7a339ae513d5175efvboxsync * Read callback for disassembly function; supports reading bytes that cross a page boundary
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync * @returns VBox status code.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @param pSrc GC source pointer
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * @param pDest HC destination pointer
9496f2d398b49813176939d7a339ae513d5175efvboxsync * @param size Number of bytes to read
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pvUserdata Callback specific user data (pCpu)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync *
9496f2d398b49813176939d7a339ae513d5175efvboxsync */
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsyncint patmReadBytes(RTHCUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata)
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync{
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync DISCPUSTATE *pCpu = (DISCPUSTATE *)pvUserdata;
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync PATMDISASM *pDisInfo = (PATMDISASM *)pCpu->apvUserData[0];
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync int orgsize = size;
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync Assert(size);
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (size == 0)
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync return VERR_INVALID_PARAMETER;
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /*
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * Trap/interrupt handler typically call common code on entry. Which might already have patches inserted.
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync * As we currently don't support calling patch code from patch code, we'll let it read the original opcode bytes instead.
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync /** @todo could change in the future! */
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (pDisInfo->fReadFlags & PATMREAD_ORGCODE)
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync {
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync for (int i=0;i<orgsize;i++)
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync {
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync int rc = PATMR3QueryOpcode(pDisInfo->pVM, (RTGCPTR)pSrc, pDest);
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync if (VBOX_SUCCESS(rc))
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync {
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync pSrc++;
9496f2d398b49813176939d7a339ae513d5175efvboxsync pDest++;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync size--;
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync }
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync else break;
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync if (size == 0)
9496f2d398b49813176939d7a339ae513d5175efvboxsync return VINF_SUCCESS;
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync#ifdef VBOX_STRICT
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync if ( !(pDisInfo->pPatchInfo->flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER))
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync && !(pDisInfo->fReadFlags & PATMREAD_NOCHECK))
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync {
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync Assert(PATMR3IsInsidePatchJump(pDisInfo->pVM, pSrc, NULL) == false);
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync Assert(PATMR3IsInsidePatchJump(pDisInfo->pVM, pSrc+size-1, NULL) == false);
9496f2d398b49813176939d7a339ae513d5175efvboxsync }
9496f2d398b49813176939d7a339ae513d5175efvboxsync#endif
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync }
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync if (PAGE_ADDRESS(pDisInfo->pInstrGC) != PAGE_ADDRESS(pSrc + size - 1) && !PATMIsPatchGCAddr(pDisInfo->pVM, pSrc))
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync {
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync return PGMPhysReadGCPtr(pDisInfo->pVM, pDest, pSrc, size);
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync }
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync else
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync {
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync uint8_t *pInstrHC = pDisInfo->pInstrHC;
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync Assert(pInstrHC);
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync /* pInstrHC is the base address; adjust according to the GC pointer. */
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync pInstrHC = pInstrHC + (pSrc - pDisInfo->pInstrGC);
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync memcpy(pDest, (void *)pInstrHC, size);
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync }
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync
369a8817da53dbd5ea6ac360ca0376dba003cde4vboxsync return VINF_SUCCESS;
59d7f5939d42ad9d344fbad8401e00a900db92c5vboxsync}
59d7f5939d42ad9d344fbad8401e00a900db92c5vboxsync
5341459ca931b65de60b5af2a4cba6836b6b45cavboxsync/**
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Callback function for RTAvloGCPtrDoWithAll
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Updates all fixups in the patches
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @returns VBox status code.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pNode Current node
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pParam The VM to operate on.
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
16a9adc14900ca18e6909679a579f6833425e030vboxsyncstatic DECLCALLBACK(int) RelocatePatches(PAVLOGCPTRNODECORE pNode, void *pParam)
16a9adc14900ca18e6909679a579f6833425e030vboxsync{
16a9adc14900ca18e6909679a579f6833425e030vboxsync PPATMPATCHREC pPatch = (PPATMPATCHREC)pNode;
16a9adc14900ca18e6909679a579f6833425e030vboxsync PVM pVM = (PVM)pParam;
16a9adc14900ca18e6909679a579f6833425e030vboxsync RTGCINTPTR delta;
16a9adc14900ca18e6909679a579f6833425e030vboxsync#ifdef LOG_ENABLED
16a9adc14900ca18e6909679a579f6833425e030vboxsync DISCPUSTATE cpu;
16a9adc14900ca18e6909679a579f6833425e030vboxsync char szOutput[256];
16a9adc14900ca18e6909679a579f6833425e030vboxsync uint32_t opsize;
16a9adc14900ca18e6909679a579f6833425e030vboxsync bool disret;
16a9adc14900ca18e6909679a579f6833425e030vboxsync#endif
16a9adc14900ca18e6909679a579f6833425e030vboxsync int rc;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* Nothing to do if the patch is not active. */
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (pPatch->patch.uState == PATCH_REFUSED)
16a9adc14900ca18e6909679a579f6833425e030vboxsync return 0;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync#ifdef LOG_ENABLED
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (pPatch->patch.flags & PATMFL_PATCHED_GUEST_CODE)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync /** @note pPrivInstrHC is probably not valid anymore */
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = PGMPhysGCPtr2HCPtr(pVM, pPatch->patch.pPrivInstrGC, (PRTHCPTR)&pPatch->patch.pPrivInstrHC);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (rc == VINF_SUCCESS)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync cpu.mode = (pPatch->patch.flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync disret = PATMR3DISInstr(pVM, &pPatch->patch, &cpu, pPatch->patch.pPrivInstrGC, pPatch->patch.pPrivInstrHC, &opsize, szOutput, PATMREAD_RAWCODE);
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync Log(("Org patch jump: %s", szOutput));
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync }
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync }
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync#endif
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync Log(("Nr of fixups %d\n", pPatch->patch.nrFixups));
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync delta = (RTGCINTPTR)pVM->patm.s.deltaReloc;
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync /*
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync * Apply fixups
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync */
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync PRELOCREC pRec = 0;
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync AVLPVKEY key = 0;
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync while (true)
975ad9d9bc9c4dc96b41d9f67a65228b1b338e2avboxsync {
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync /* Get the record that's closest from above */
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync pRec = (PRELOCREC)RTAvlPVGetBestFit(&pPatch->patch.FixupTree, key, true);
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync if (pRec == 0)
efff36b306e370346025647a158689021df2e1d1vboxsync break;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync key = (AVLPVKEY)(pRec->pRelocPos + 1); /* search for the next record during the next round. */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync switch (pRec->uType)
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync {
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync case FIXUP_ABSOLUTE:
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync Log(("Absolute fixup at %VGv %VHv -> %VHv at %VGv\n", pRec->pSource, *(RTGCUINTPTR*)pRec->pRelocPos, *(RTGCINTPTR*)pRec->pRelocPos + delta, pRec->pRelocPos));
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync if (!pRec->pSource || PATMIsPatchGCAddr(pVM, pRec->pSource))
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync {
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync *(RTGCUINTPTR *)pRec->pRelocPos += delta;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint8_t curInstr[15];
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint8_t oldInstr[15];
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pRec->pSource && pPatch->patch.cbPrivInstr <= 15);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(!(pPatch->patch.flags & PATMFL_GLOBAL_FUNCTIONS));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync memcpy(oldInstr, pPatch->patch.aPrivInstr, pPatch->patch.cbPrivInstr);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *(RTGCPTR *)&oldInstr[pPatch->patch.cbPrivInstr - sizeof(RTGCPTR)] = pRec->pDest;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync rc = PGMPhysReadGCPtr(pVM, curInstr, pPatch->patch.pPrivInstrGC, pPatch->patch.cbPrivInstr);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(VBOX_SUCCESS(rc) || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec->pDest = (RTGCPTR)((RTGCUINTPTR)pRec->pDest + delta);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTGCPTR pPage = pPatch->patch.pPrivInstrGC & PAGE_BASE_GC_MASK;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Log(("PATM: Patch page not present -> check later!\n"));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_ALL, pPage, pPage + (PAGE_SIZE - 1) /* inclusive! */, 0, patmVirtPageHandler, "PATMGCMonitorPage", 0, "PATMMonitorPatchJump");
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(VBOX_SUCCESS(rc) || rc == VERR_PGM_HANDLER_VIRTUAL_CONFLICT);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (memcmp(curInstr, oldInstr, pPatch->patch.cbPrivInstr))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Log(("PATM: Patch was overwritten -> disabling patch!!\n"));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /*
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Disable patch; this is not a good solution
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /* @todo hopefully it was completely overwritten (if the read was successful)!!!! */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatch->patch.uState = PATCH_DISABLED;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (VBOX_SUCCESS(rc))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync *(RTGCPTR *)&curInstr[pPatch->patch.cbPrivInstr - sizeof(RTGCPTR)] = pRec->pDest;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync rc = PGMPhysWriteGCPtrDirty(pVM, pRec->pSource, curInstr, pPatch->patch.cbPrivInstr);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync AssertRC(rc);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync break;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync case FIXUP_REL_JMPTOPATCH:
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCPTR pTarget = (RTGCPTR)((RTGCINTPTR)pRec->pDest + delta);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if ( pPatch->patch.uState == PATCH_ENABLED
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync && (pPatch->patch.flags & PATMFL_PATCHED_GUEST_CODE))
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync uint8_t oldJump[SIZEOF_NEAR_COND_JUMP32];
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync uint8_t temp[SIZEOF_NEAR_COND_JUMP32];
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCPTR pJumpOffGC;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCINTPTR displ = (RTGCINTPTR)pTarget - (RTGCINTPTR)pRec->pSource;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCINTPTR displOld= (RTGCINTPTR)pRec->pDest - (RTGCINTPTR)pRec->pSource;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Log(("Relative fixup (g2p) %08X -> %08X at %08X (source=%08x, target=%08x)\n", *(int32_t*)pRec->pRelocPos, displ, pRec->pRelocPos, pRec->pSource, pRec->pDest));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pRec->pSource - pPatch->patch.cbPatchJump == pPatch->patch.pPrivInstrGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync#ifdef PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (pPatch->patch.cbPatchJump == SIZEOF_NEAR_COND_JUMP32)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Assert(pPatch->patch.flags & PATMFL_JUMP_CONFLICT);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync pJumpOffGC = pPatch->patch.pPrivInstrGC + 2; //two byte opcode
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync oldJump[0] = pPatch->patch.aPrivInstr[0];
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync oldJump[1] = pPatch->patch.aPrivInstr[1];
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *(RTGCUINTPTR *)&oldJump[2] = displOld;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#endif
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pPatch->patch.cbPatchJump == SIZEOF_NEARJUMP32)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync pJumpOffGC = pPatch->patch.pPrivInstrGC + 1; //one byte opcode
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync oldJump[0] = 0xE9;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *(RTGCUINTPTR *)&oldJump[1] = displOld;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync AssertMsgFailed(("Invalid patch jump size %d\n", pPatch->patch.cbPatchJump));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync continue; //this should never happen!!
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pPatch->patch.cbPatchJump <= sizeof(temp));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /*
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * Read old patch jump and compare it to the one we previously installed
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync rc = PGMPhysReadGCPtr(pVM, temp, pPatch->patch.pPrivInstrGC, pPatch->patch.cbPatchJump);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(VBOX_SUCCESS(rc) || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTGCPTR pPage = pPatch->patch.pPrivInstrGC & PAGE_BASE_GC_MASK;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_ALL, pPage, pPage + (PAGE_SIZE - 1) /* inclusive! */, 0, patmVirtPageHandler, "PATMGCMonitorPage", 0, "PATMMonitorPatchJump");
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(VBOX_SUCCESS(rc) || rc == VERR_PGM_HANDLER_VIRTUAL_CONFLICT);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (memcmp(temp, oldJump, pPatch->patch.cbPatchJump))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Log(("PATM: Patch jump was overwritten -> disabling patch!!\n"));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync /*
251b3801f86afc901bee955a7e5a8d14b5836e74vboxsync * Disable patch; this is not a good solution
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync /* @todo hopefully it was completely overwritten (if the read was successful)!!!! */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync pPatch->patch.uState = PATCH_DISABLED;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (VBOX_SUCCESS(rc))
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync rc = PGMPhysWriteGCPtrDirty(pVM, pJumpOffGC, &displ, sizeof(displ));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync AssertRC(rc);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync AssertMsgFailed(("Unexpected error %d from MMR3PhysReadGCVirt\n", rc));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync else
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Log(("Skip the guest jump to patch code for this disabled patch %08X - %08X\n", pPatch->patch.pPrivInstrHC, pRec->pRelocPos));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec->pDest = pTarget;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync break;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync case FIXUP_REL_JMPTOGUEST:
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCPTR pSource = (RTGCPTR)((RTGCINTPTR)pRec->pSource + delta);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync RTGCINTPTR displ = (RTGCINTPTR)pRec->pDest - (RTGCINTPTR)pSource;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Assert(!(pPatch->patch.flags & PATMFL_GLOBAL_FUNCTIONS));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Log(("Relative fixup (p2g) %08X -> %08X at %08X (source=%08x, target=%08x)\n", *(int32_t*)pRec->pRelocPos, displ, pRec->pRelocPos, pRec->pSource, pRec->pDest));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *(RTGCUINTPTR *)pRec->pRelocPos = displ;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync pRec->pSource = pSource;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync break;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync default:
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync AssertMsg(0, ("Invalid fixup type!!\n"));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync return VERR_INVALID_PARAMETER;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync#ifdef LOG_ENABLED
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (pPatch->patch.flags & PATMFL_PATCHED_GUEST_CODE)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync /** @note pPrivInstrHC is probably not valid anymore */
59a2c1c0a4a0762b46bc5ff056f5705ec9c0a660vboxsync rc = PGMPhysGCPtr2HCPtr(pVM, pPatch->patch.pPrivInstrGC, (PRTHCPTR)&pPatch->patch.pPrivInstrHC);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (rc == VINF_SUCCESS)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync cpu.mode = (pPatch->patch.flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync disret = PATMR3DISInstr(pVM, &pPatch->patch, &cpu, pPatch->patch.pPrivInstrGC, pPatch->patch.pPrivInstrHC, &opsize, szOutput, PATMREAD_RAWCODE);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Log(("Rel patch jump: %s", szOutput));
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync }
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#endif
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync return 0;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync}
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync/**
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * #PF Handler callback for virtual access handler ranges.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * Important to realize that a physical page in a range can have aliases, and
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * for ALL and WRITE handlers these will also trigger.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @returns VINF_SUCCESS if the handler have carried out the operation.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @param pVM VM Handle.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @param GCPtr The virtual address the guest is writing to. (not correct if it's an alias!)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pvPtr The HC mapping of that address.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @param pvBuf What the guest is reading/writing.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param cbBuf How much it's reading/writing.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param enmAccessType The access type.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @param pvUser User argument.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsyncstatic DECLCALLBACK(int) patmVirtPageHandler(PVM pVM, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync{
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync Assert(enmAccessType == PGMACCESSTYPE_WRITE);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync /** @todo could be the wrong virtual address (alias) */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pVM->patm.s.pvFaultMonitor = GCPtr;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync PATMR3HandleMonitoredPage(pVM);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync return VINF_PGM_HANDLER_DO_DEFAULT;
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync}
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync#ifdef VBOX_WITH_DEBUGGER
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync/**
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * Callback function for RTAvloGCPtrDoWithAll
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * Enables the patch that's being enumerated
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @returns 0 (continue enumeration).
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * @param pNode Current node
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync */
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsyncstatic DECLCALLBACK(int) EnableAllPatches(PAVLOGCPTRNODECORE pNode, void *pVM)
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync{
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync PPATMPATCHREC pPatch = (PPATMPATCHREC)pNode;
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
4bd3e7685494afe7c303fc131c66e685023b6b4avboxsync PATMR3EnablePatch((PVM)pVM, (RTGCPTR)pPatch->Core.Key);
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync return 0;
4bd3e7685494afe7c303fc131c66e685023b6b4avboxsync}
4bd3e7685494afe7c303fc131c66e685023b6b4avboxsync#endif /* VBOX_WITH_DEBUGGER */
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync#ifdef VBOX_WITH_DEBUGGER
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync/**
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * Callback function for RTAvloGCPtrDoWithAll
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync *
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * Disables the patch that's being enumerated
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync *
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * @returns 0 (continue enumeration).
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync * @param pNode Current node
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic DECLCALLBACK(int) DisableAllPatches(PAVLOGCPTRNODECORE pNode, void *pVM)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync PPATMPATCHREC pPatch = (PPATMPATCHREC)pNode;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync PATMR3DisablePatch((PVM)pVM, (RTGCPTR)pPatch->Core.Key);
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync return 0;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync#endif
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync/**
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * Returns the host context pointer and size of the patch memory block
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pcb Size of the patch memory block
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsyncPATMR3DECL(void *) PATMR3QueryPatchMemHC(PVM pVM, uint32_t *pcb)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync if (pcb)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync *pcb = pVM->patm.s.cbPatchMem;
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync }
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync return pVM->patm.s.pPatchMemHC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync/**
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync * Returns the guest context pointer and size of the patch memory block
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pVM The VM to operate on.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pcb Size of the patch memory block
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync */
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsyncPATMR3DECL(RTGCPTR) PATMR3QueryPatchMemGC(PVM pVM, uint32_t *pcb)
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync{
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync if (pcb)
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync {
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync *pcb = pVM->patm.s.cbPatchMem;
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync }
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync return pVM->patm.s.pPatchMemGC;
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync}
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync/**
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * Returns the host context pointer of the GC context structure
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync *
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @returns VBox status code.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pVM The VM to operate on.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync */
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsyncPATMR3DECL(PPATMGCSTATE) PATMR3QueryGCStateHC(PVM pVM)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync return pVM->patm.s.pGCStateHC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
8dbf70ba2345e69b0b6d45c38cf1add0ef10591cvboxsync
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Checks whether the HC address is part of our patch region
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync *
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @returns VBox status code.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pVM The VM to operate on.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pAddrGC Guest context address
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync */
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsyncPATMR3DECL(bool) PATMR3IsPatchHCAddr(PVM pVM, R3PTRTYPE(uint8_t *) pAddrHC)
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync{
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync return (pAddrHC >= pVM->patm.s.pPatchMemHC && pAddrHC < pVM->patm.s.pPatchMemHC + pVM->patm.s.cbPatchMem) ? true : false;
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync}
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync/**
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * Allows or disallow patching of privileged instructions executed by the guest OS
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync *
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @returns VBox status code.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param pVM The VM to operate on.
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync * @param fAllowPatching Allow/disallow patching
d571b6e3237f0ce89ea27f6fa4635d41c5ee3d88vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncPATMR3DECL(int) PATMR3AllowPatching(PVM pVM, uint32_t fAllowPatching)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pVM->fPATMEnabled = (fAllowPatching) ? true : false;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return VINF_SUCCESS;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Convert a GC patch block pointer to a HC patch pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns HC pointer or NULL if it's not a GC patch pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pAddrGC GC pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncPATMR3DECL(R3PTRTYPE(void *)) PATMR3GCPtrToHCPtr(PVM pVM, RTGCPTR pAddrGC)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
efff36b306e370346025647a158689021df2e1d1vboxsync if (pVM->patm.s.pPatchMemGC <= pAddrGC && pVM->patm.s.pPatchMemGC + pVM->patm.s.cbPatchMem > pAddrGC)
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync {
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync return pVM->patm.s.pPatchMemHC + (pAddrGC - pVM->patm.s.pPatchMemGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return NULL;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Query PATM state (enabled/disabled)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns 0 - disabled, 1 - enabled
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncPATMR3DECL(int) PATMR3IsEnabled(PVM pVM)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return pVM->fPATMEnabled;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Convert guest context address to host context pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * @param pPatch Patch block structure pointer
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * @param pGCPtr Guest context pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns Host context pointer or NULL in case of an error
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncR3PTRTYPE(uint8_t *) PATMGCVirtToHCVirt(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t *) pGCPtr)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync int rc;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync R3PTRTYPE(uint8_t *) pHCPtr;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint32_t offset;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (PATMIsPatchGCAddr(pVM, pGCPtr))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return PATCHCODE_PTR_HC(pPatch) + (pGCPtr - PATCHCODE_PTR_GC(pPatch));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync offset = pGCPtr & PAGE_OFFSET_MASK;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pPatch->cacheRec.pGuestLoc == (pGCPtr & PAGE_BASE_GC_MASK))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return pPatch->cacheRec.pPatchLocStartHC + offset;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync rc = PGMPhysGCPtr2HCPtr(pVM, pGCPtr, (void **)&pHCPtr);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (rc != VINF_SUCCESS)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync AssertMsg(rc == VINF_SUCCESS || rc == VERR_PAGE_NOT_PRESENT || rc == VERR_PAGE_TABLE_NOT_PRESENT, ("MMR3PhysGCVirt2HCVirtEx failed for %08X\n", pGCPtr));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return NULL;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync////invalid? Assert(sizeof(R3PTRTYPE(uint8_t*)) == sizeof(uint32_t));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatch->cacheRec.pPatchLocStartHC = (R3PTRTYPE(uint8_t*))((RTHCUINTPTR)pHCPtr & PAGE_BASE_HC_MASK);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatch->cacheRec.pGuestLoc = pGCPtr & PAGE_BASE_GC_MASK;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return pHCPtr;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/* Calculates and fills in all branch targets
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatch Current patch block pointer
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic int patmr3SetBranchTargets(PVM pVM, PPATCHINFO pPatch)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync int32_t displ;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PJUMPREC pRec = 0;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync int nrJumpRecs = 0;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /*
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Set all branch targets inside the patch block.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * We remove all jump records as they are no longer needed afterwards.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync while (true)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync GCPTRTYPE(uint8_t *) pInstrGC;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync GCPTRTYPE(uint8_t *) pBranchTargetGC = 0;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec = (PJUMPREC)RTAvlPVRemoveBestFit(&pPatch->JumpTree, 0, true);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pRec == 0)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync break;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync nrJumpRecs++;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /* HC in patch block to GC in patch block. */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pInstrGC = patmPatchHCPtr2PatchGCPtr(pVM, pRec->pJumpHC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pRec->opcode == OP_CALL)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /* Special case: call function replacement patch from this patch block.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (PATMQueryFunctionPatch(pVM, pRec->pTargetGC) == 0)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync int rc;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (PATMR3HasBeenPatched(pVM, pRec->pTargetGC) == false)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync rc = PATMR3InstallPatch(pVM, pRec->pTargetGC, PATMFL_CODE32 | PATMFL_DUPLICATE_FUNCTION);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync rc = VERR_PATCHING_REFUSED; /* exists as a normal patch; can't use it */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (VBOX_FAILURE(rc))
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint8_t *pPatchHC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTGCPTR pPatchGC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTGCPTR pOrgInstrGC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pOrgInstrGC = PATMR3PatchToGCPtr(pVM, pInstrGC, 0);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pOrgInstrGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
a2f96875f61628e5a5fd33785f8c0bbb310f981fvboxsync /* Failure for some reason -> mark exit point with int 3. */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Log(("Failed to install function replacement patch (at %x) for reason %Vrc\n", pOrgInstrGC, rc));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatchGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pOrgInstrGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pPatchGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatchHC = pVM->patm.s.pPatchMemHC + (pPatchGC - pVM->patm.s.pPatchMemGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /* Set a breakpoint at the very beginning of the recompiled instruction */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *pPatchHC = 0xCC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync continue;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pBranchTargetGC = PATMR3QueryPatchGCPtr(pVM, pRec->pTargetGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync else
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pBranchTargetGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pRec->pTargetGC);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync }
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pBranchTargetGC == 0)
51a01524909c95ee04b636218b6a89b29fb81825vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync AssertMsgFailed(("patmr3SetBranchTargets: patmGuestGCPtrToPatchGCPtr failed for %08X\n", pRec->pTargetGC));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return VERR_PATCHING_REFUSED;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* Our jumps *always* have a dword displacement (to make things easier). */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Assert(sizeof(uint32_t) == sizeof(RTGCPTR));
a2f96875f61628e5a5fd33785f8c0bbb310f981fvboxsync displ = pBranchTargetGC - (pInstrGC + pRec->offDispl + sizeof(RTGCPTR));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *(RTGCPTR *)(pRec->pJumpHC + pRec->offDispl) = displ;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Log(("Set branch target %d to %08X : %08x - (%08x + %d + %d)\n", nrJumpRecs, displ, pBranchTargetGC, pInstrGC, pRec->offDispl, sizeof(RTGCPTR)));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(nrJumpRecs == pPatch->nrJumpRecs);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pPatch->JumpTree == 0);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return VINF_SUCCESS;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/* Add an illegal instruction record
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatch Patch structure ptr
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pInstrGC Guest context pointer to privileged instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic void patmAddIllegalInstrRecord(PVM pVM, PPATCHINFO pPatch, RTGCPTR pInstrGC)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
a2f96875f61628e5a5fd33785f8c0bbb310f981fvboxsync PAVLPVNODECORE pRec;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec = (PAVLPVNODECORE)MMR3HeapAllocZ(pVM, MM_TAG_PATM_PATCH, sizeof(*pRec));
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pRec);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec->Key = (AVLPVKEY)pInstrGC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync bool ret = RTAvlPVInsert(&pPatch->pTempInfo->IllegalInstrTree, pRec);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(ret); NOREF(ret);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatch->pTempInfo->nrIllegalInstr++;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic bool patmIsIllegalInstr(PPATCHINFO pPatch, RTGCPTR pInstrGC)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PAVLPVNODECORE pRec;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pRec = RTAvlPVGet(&pPatch->pTempInfo->IllegalInstrTree, (AVLPVKEY)pInstrGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pRec)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return true;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return false;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Add a patch to guest lookup record
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatch Patch structure ptr
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatchInstrHC Guest context pointer to patch block
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pInstrGC Guest context pointer to privileged instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param enmType Lookup type
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param fDirty Dirty flag
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync /** @note Be extremely careful with this function. Make absolutely sure the guest address is correct! (to avoid executing instructions twice!) */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncvoid patmr3AddP2GLookupRecord(PVM pVM, PPATCHINFO pPatch, uint8_t *pPatchInstrHC, RTGCPTR pInstrGC, PATM_LOOKUP_TYPE enmType, bool fDirty)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync bool ret;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PRECPATCHTOGUEST pPatchToGuestRec;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PRECGUESTTOPATCH pGuestToPatchRec;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint32_t PatchOffset = pPatchInstrHC - pVM->patm.s.pPatchMemHC; /* Offset in memory reserved for PATM. */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (enmType == PATM_LOOKUP_PATCH2GUEST)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32Get(&pPatch->Patch2GuestAddrTree, PatchOffset);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pPatchToGuestRec && pPatchToGuestRec->Core.Key == PatchOffset)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return; /* already there */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync Assert(!pPatchToGuestRec);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync }
51a01524909c95ee04b636218b6a89b29fb81825vboxsync#ifdef VBOX_STRICT
51a01524909c95ee04b636218b6a89b29fb81825vboxsync else
51a01524909c95ee04b636218b6a89b29fb81825vboxsync {
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32Get(&pPatch->Patch2GuestAddrTree, PatchOffset);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync Assert(!pPatchToGuestRec);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync }
51a01524909c95ee04b636218b6a89b29fb81825vboxsync#endif
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec = (PRECPATCHTOGUEST)MMR3HeapAllocZ(pVM, MM_TAG_PATM_PATCH, sizeof(RECPATCHTOGUEST) + sizeof(RECGUESTTOPATCH));
51a01524909c95ee04b636218b6a89b29fb81825vboxsync Assert(pPatchToGuestRec);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec->Core.Key = PatchOffset;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec->pOrgInstrGC = pInstrGC;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec->enmType = enmType;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatchToGuestRec->fDirty = fDirty;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync ret = RTAvlU32Insert(&pPatch->Patch2GuestAddrTree, &pPatchToGuestRec->Core);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync Assert(ret);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync /* GC to patch address */
51a01524909c95ee04b636218b6a89b29fb81825vboxsync if (enmType == PATM_LOOKUP_BOTHDIR)
51a01524909c95ee04b636218b6a89b29fb81825vboxsync {
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGet(&pPatch->Guest2PatchAddrTree, pInstrGC);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (!pGuestToPatchRec)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pGuestToPatchRec = (PRECGUESTTOPATCH)(pPatchToGuestRec+1);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pGuestToPatchRec->Core.Key = pInstrGC;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pGuestToPatchRec->PatchOffset = PatchOffset;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync ret = RTAvlGCPtrInsert(&pPatch->Guest2PatchAddrTree, &pGuestToPatchRec->Core);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(ret);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatch->nrPatch2GuestRecs++;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Removes a patch to guest lookup record
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatch Patch structure ptr
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pPatchInstrGC Guest context pointer to patch block
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncvoid patmr3RemoveP2GLookupRecord(PVM pVM, PPATCHINFO pPatch, RTGCPTR pPatchInstrGC)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PAVLU32NODECORE pNode;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PAVLGCPTRNODECORE pNode2;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PRECPATCHTOGUEST pPatchToGuestRec;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync uint32_t PatchOffset = pPatchInstrGC - pVM->patm.s.pPatchMemGC; /* Offset in memory reserved for PATM. */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32Get(&pPatch->Patch2GuestAddrTree, PatchOffset);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pPatchToGuestRec);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync if (pPatchToGuestRec)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatchToGuestRec->enmType == PATM_LOOKUP_BOTHDIR)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync {
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PRECGUESTTOPATCH pGuestToPatchRec = (PRECGUESTTOPATCH)(pPatchToGuestRec+1);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync Assert(pGuestToPatchRec->Core.Key);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pNode2 = RTAvlGCPtrRemove(&pPatch->Guest2PatchAddrTree, pGuestToPatchRec->Core.Key);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync Assert(pNode2);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync pNode = RTAvlU32Remove(&pPatch->Patch2GuestAddrTree, pPatchToGuestRec->Core.Key);
217fa436516d137a409bb493cb7d350898f64666vboxsync Assert(pNode);
217fa436516d137a409bb493cb7d350898f64666vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync MMR3HeapFree(pPatchToGuestRec);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync pPatch->nrPatch2GuestRecs--;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync }
51a01524909c95ee04b636218b6a89b29fb81825vboxsync}
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync/**
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * RTAvlPVDestroy callback.
51a01524909c95ee04b636218b6a89b29fb81825vboxsync */
51a01524909c95ee04b636218b6a89b29fb81825vboxsyncstatic DECLCALLBACK(int) patmEmptyTreePVCallback(PAVLPVNODECORE pNode, void *)
51a01524909c95ee04b636218b6a89b29fb81825vboxsync{
51a01524909c95ee04b636218b6a89b29fb81825vboxsync MMR3HeapFree(pNode);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync return 0;
51a01524909c95ee04b636218b6a89b29fb81825vboxsync}
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
51a01524909c95ee04b636218b6a89b29fb81825vboxsync/**
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * Empty the specified tree (PV tree, MMR3 heap)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param ppTree Tree to empty
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncvoid patmEmptyTree(PVM pVM, PAVLPVNODECORE *ppTree)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTAvlPVDestroy(ppTree, patmEmptyTreePVCallback, NULL);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * RTAvlU32Destroy callback.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic DECLCALLBACK(int) patmEmptyTreeU32Callback(PAVLU32NODECORE pNode, void *)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync MMR3HeapFree(pNode);
51a01524909c95ee04b636218b6a89b29fb81825vboxsync return 0;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
51a01524909c95ee04b636218b6a89b29fb81825vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * Empty the specified tree (U32 tree, MMR3 heap)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
51a01524909c95ee04b636218b6a89b29fb81825vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param ppTree Tree to empty
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncvoid patmEmptyTreeU32(PVM pVM, PPAVLU32NODECORE ppTree)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync RTAvlU32Destroy(ppTree, patmEmptyTreeU32Callback, NULL);
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
217fa436516d137a409bb493cb7d350898f64666vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Analyses the instructions following the cli for compliance with our heuristics for cli & pushf
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pCpu CPU disassembly state
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pInstrGC Guest context pointer to privileged instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pUserData User pointer (callback specific)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic int patmAnalyseBlockCallback(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync bool fIllegalInstr = false;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //Preliminary heuristics:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //- no call instructions without a fixed displacement between cli and sti/popf
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //- no jumps in the instructions following cli (4+ bytes; enough for the replacement jump (5 bytes))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //- no nested pushf/cli
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //- sti/popf should be the (eventual) target of all branches
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //- no near or far returns; no int xx, no into
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //
b0b15690f00527424b2d5fb88456d747252322f7vboxsync // Note: Later on we can impose less stricter guidelines if the need arises
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* Bail out if the patch gets too big. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatch->cbPatchBlockSize >= MAX_PATCH_SIZE)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("Code block too big (%x) for patch at %VGv!!\n", pPatch->cbPatchBlockSize, pCurInstrGC));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync fIllegalInstr = true;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync else
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* No unconditinal jumps or calls without fixed displacements. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if ( (pCpu->pCurInstr->optype & OPTYPE_CONTROLFLOW)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync && (pCpu->pCurInstr->opcode == OP_JMP || pCpu->pCurInstr->opcode == OP_CALL)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync )
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Assert(pCpu->param1.size <= 4 || pCpu->param1.size == 8);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if ( pCpu->param1.size == 8 /* far call/jmp */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync || (pCpu->pCurInstr->opcode == OP_CALL && !(pPatch->flags & PATMFL_SUPPORT_CALLS))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync || (OP_PARM_VTYPE(pCpu->pCurInstr->param1) != OP_PARM_J && !(pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync )
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync fIllegalInstr = true;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* An unconditional (short) jump right after a cli is a potential problem; we will overwrite whichever function comes afterwards */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatch->opcode == OP_CLI && pCpu->pCurInstr->opcode == OP_JMP)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCurInstrGC > pPatch->pPrivInstrGC && pCurInstrGC + pCpu->opsize < pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32) /* hardcoded patch jump size; cbPatchJump is still zero */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("Dangerous unconditional jump ends in our generated patch jump!! (%x vs %x)\n", pCurInstrGC, pPatch->pPrivInstrGC));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* We turn this one into a int 3 callable patch. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync pPatch->flags |= PATMFL_INT3_REPLACEMENT_BLOCK;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync else
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* no nested pushfs just yet; nested cli is allowed for cli patches though. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatch->opcode == OP_PUSHF)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCurInstrGC != pInstrGC && pCpu->pCurInstr->opcode == OP_PUSHF)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync fIllegalInstr = true;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync // no far returns
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCpu->pCurInstr->opcode == OP_RETF)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync pPatch->pTempInfo->nrRetInstr++;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync fIllegalInstr = true;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync else
b0b15690f00527424b2d5fb88456d747252322f7vboxsync // no int xx or into either
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCpu->pCurInstr->opcode == OP_INT3 || pCpu->pCurInstr->opcode == OP_INT || pCpu->pCurInstr->opcode == OP_INTO)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync fIllegalInstr = true;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync pPatch->cbPatchBlockSize += pCpu->opsize;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* Illegal instruction -> end of analysis phase for this code block */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (fIllegalInstr || patmIsIllegalInstr(pPatch, pCurInstrGC))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* Check for exit points. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync switch (pCpu->pCurInstr->opcode)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_SYSEXIT:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS; /* duplicate it; will fault or emulated in GC. */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_SYSENTER:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_ILLUD2:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //This appears to be some kind of kernel panic in Linux 2.4; no point to analyse more
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("Illegal opcode (0xf 0xb) -> return here\n"));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_STI:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_POPF:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Assert(!(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION)));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* If out exit point lies within the generated patch jump, then we have to refuse!! */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCurInstrGC > pPatch->pPrivInstrGC && pCurInstrGC < pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32) /* hardcoded patch jump size; cbPatchJump is still zero */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("Exit point within patch jump itself!! (%x vs %x)\n", pCurInstrGC, pPatch->pPrivInstrGC));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VERR_PATCHING_REFUSED;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatch->opcode == OP_PUSHF)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCpu->pCurInstr->opcode == OP_POPF)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pPatch->cbPatchBlockSize >= SIZEOF_NEARJUMP32)
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync /* Or else we need to duplicate more instructions, because we can't jump back yet! */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("WARNING: End of block reached, but we need to duplicate some extra instruction to avoid a conflict with the patch jump\n"));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync pPatch->flags |= PATMFL_CHECK_SIZE;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync break; //sti doesn't mark the end of a pushf block; only popf does
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync //else no break
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_RETN: /* exit point for function replacement */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_IRET:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS; /* exitpoint */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_CPUID:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_CALL:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync case OP_JMP:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync break;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync default:
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if (pCpu->pCurInstr->optype & (OPTYPE_PRIVILEGED_NOTRAP))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS; /* exit point */
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync break;
b0b15690f00527424b2d5fb88456d747252322f7vboxsync }
b0b15690f00527424b2d5fb88456d747252322f7vboxsync
b0b15690f00527424b2d5fb88456d747252322f7vboxsync // If single instruction patch, we've copied enough instructions *and* the current instruction is not a relative jump
b0b15690f00527424b2d5fb88456d747252322f7vboxsync if ((pPatch->flags & PATMFL_CHECK_SIZE) && pPatch->cbPatchBlockSize > SIZEOF_NEARJUMP32 && !(pCpu->pCurInstr->optype & OPTYPE_RELATIVE_CONTROLFLOW))
b0b15690f00527424b2d5fb88456d747252322f7vboxsync {
b0b15690f00527424b2d5fb88456d747252322f7vboxsync // The end marker for this kind of patch is any instruction at a location outside our patch jump
b0b15690f00527424b2d5fb88456d747252322f7vboxsync Log(("End of block at %VGv size %d\n", pCurInstrGC, pCpu->opsize));
b0b15690f00527424b2d5fb88456d747252322f7vboxsync return VINF_SUCCESS;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync }
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync return VWRN_CONTINUE_ANALYSIS;
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync}
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync/**
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * Analyses the instructions inside a function for compliance
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @returns VBox status code.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pVM The VM to operate on.
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pCpu CPU disassembly state
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pInstrGC Guest context pointer to privileged instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync * @param pUserData User pointer (callback specific)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync *
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync */
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsyncstatic int patmAnalyseFunctionCallback(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData)
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync{
cc15c3fa4bb2d3fb91e4d0cd15a73133963f86b0vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync bool fIllegalInstr = false;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync //Preliminary heuristics:
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync //- no call instructions
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync //- ret ends a block
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync Assert(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync // bail out if the patch gets too big
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (pPatch->cbPatchBlockSize >= MAX_PATCH_SIZE)
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync Log(("Code block too big (%x) for function patch at %VGv!!\n", pPatch->cbPatchBlockSize, pCurInstrGC));
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync fIllegalInstr = true;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync else
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync // no unconditinal jumps or calls without fixed displacements
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if ( (pCpu->pCurInstr->optype & OPTYPE_CONTROLFLOW)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync && (pCpu->pCurInstr->opcode == OP_JMP || pCpu->pCurInstr->opcode == OP_CALL)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync )
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync Assert(pCpu->param1.size <= 4 || pCpu->param1.size == 8);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if ( pCpu->param1.size == 8 /* far call/jmp */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync || (pCpu->pCurInstr->opcode == OP_CALL && !(pPatch->flags & PATMFL_SUPPORT_CALLS))
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync || (OP_PARM_VTYPE(pCpu->pCurInstr->param1) != OP_PARM_J && !(pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS))
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync )
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync fIllegalInstr = true;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync else /* no far returns */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (pCpu->pCurInstr->opcode == OP_RETF)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync fIllegalInstr = true;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync else /* no int xx or into either */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (pCpu->pCurInstr->opcode == OP_INT3 || pCpu->pCurInstr->opcode == OP_INT || pCpu->pCurInstr->opcode == OP_INTO)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync fIllegalInstr = true;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync #if 0
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync ///@todo we can handle certain in/out and privileged instructions in the guest context
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync if (pCpu->pCurInstr->optype & OPTYPE_PRIVILEGED && pCpu->pCurInstr->opcode != OP_STI)
ff88d4153cd65650577e8c2d1a5a3fdfa0404a80vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("Illegal instructions for function patch!!\n"));
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync return VERR_PATCHING_REFUSED;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync #endif
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync pPatch->cbPatchBlockSize += pCpu->opsize;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync /* Illegal instruction -> end of analysis phase for this code block */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (fIllegalInstr || patmIsIllegalInstr(pPatch, pCurInstrGC))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync return VINF_SUCCESS;
ff88d4153cd65650577e8c2d1a5a3fdfa0404a80vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync // Check for exit points
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync switch (pCpu->pCurInstr->opcode)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync case OP_ILLUD2:
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync //This appears to be some kind of kernel panic in Linux 2.4; no point to analyse more
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync Log(("Illegal opcode (0xf 0xb) -> return here\n"));
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync return VINF_SUCCESS;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync case OP_IRET:
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync case OP_SYSEXIT: /* will fault or emulated in GC */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync case OP_RETN:
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return VINF_SUCCESS;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync case OP_POPF:
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync case OP_STI:
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return VWRN_CONTINUE_ANALYSIS;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync default:
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync if (pCpu->pCurInstr->optype & (OPTYPE_PRIVILEGED_NOTRAP))
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync patmAddIllegalInstrRecord(pVM, pPatch, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return VINF_SUCCESS; /* exit point */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return VWRN_CONTINUE_ANALYSIS;
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync return VWRN_CONTINUE_ANALYSIS;
16a9adc14900ca18e6909679a579f6833425e030vboxsync}
16a9adc14900ca18e6909679a579f6833425e030vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync/**
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Recompiles the instructions in a code block
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @returns VBox status code.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pVM The VM to operate on.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pCpu CPU disassembly state
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pInstrGC Guest context pointer to privileged instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pUserData User pointer (callback specific)
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
16a9adc14900ca18e6909679a579f6833425e030vboxsyncstatic int patmRecompileCallback(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData)
16a9adc14900ca18e6909679a579f6833425e030vboxsync{
16a9adc14900ca18e6909679a579f6833425e030vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
16a9adc14900ca18e6909679a579f6833425e030vboxsync int rc = VINF_SUCCESS;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync bool fInhibitIRQInstr = false; /* did the instruction cause PATMFL_INHIBITIRQS to be set? */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync LogFlow(("patmRecompileCallback %VGv %VGv\n", pInstrGC, pCurInstrGC));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync if ( patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pCurInstrGC) != 0
16a9adc14900ca18e6909679a579f6833425e030vboxsync && !(pPatch->flags & PATMFL_RECOMPILE_NEXT)) /* do not do this when the next instruction *must* be executed! */
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync /*
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Been there, done that; so insert a jump (we don't want to duplicate code)
16a9adc14900ca18e6909679a579f6833425e030vboxsync * no need to record this instruction as it's glue code that never crashes (it had better not!)
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync Log(("patmRecompileCallback: jump to code we've recompiled before %VGv!\n", pCurInstrGC));
16a9adc14900ca18e6909679a579f6833425e030vboxsync return patmPatchGenRelJump(pVM, pPatch, pCurInstrGC, OP_JMP, !!(pCpu->prefix & PREFIX_OPSIZE));
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (pPatch->flags & (PATMFL_DUPLICATE_FUNCTION))
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = patmAnalyseFunctionCallback(pVM, pCpu, pInstrGC, pCurInstrGC, pUserData);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync }
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync else
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync rc = patmAnalyseBlockCallback(pVM, pCpu, pInstrGC, pCurInstrGC, pUserData);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_FAILURE(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return rc;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /** @note Never do a direct return unless a failure is encountered! */
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Clear recompilation of next instruction flag; we are doing that right here. */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (pPatch->flags & PATMFL_RECOMPILE_NEXT)
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync pPatch->flags &= ~PATMFL_RECOMPILE_NEXT;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* Add lookup record for patch to guest address translation */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync patmr3AddP2GLookupRecord(pVM, pPatch, PATCHCODE_PTR_HC(pPatch) + pPatch->uCurPatchOffset, pCurInstrGC, PATM_LOOKUP_BOTHDIR);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Update lowest and highest instruction address for this patch */
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync if (pCurInstrGC < pPatch->pInstrGCLowest)
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync pPatch->pInstrGCLowest = pCurInstrGC;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync else
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (pCurInstrGC > pPatch->pInstrGCHighest)
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pPatch->pInstrGCHighest = pCurInstrGC + pCpu->opsize;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* Illegal instruction -> end of recompile phase for this code block. */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (patmIsIllegalInstr(pPatch, pCurInstrGC))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync Log(("Illegal instruction at %VGv -> mark with int 3\n", pCurInstrGC));
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = patmPatchGenIllegalInstr(pVM, pPatch);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync goto end;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* For our first attempt, we'll handle only simple relative jumps (immediate offset coded in instruction).
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * Indirect calls are handled below.
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if ( (pCpu->pCurInstr->optype & OPTYPE_CONTROLFLOW)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync && (pCpu->pCurInstr->opcode != OP_CALL || (pPatch->flags & PATMFL_SUPPORT_CALLS))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync && (OP_PARM_VTYPE(pCpu->pCurInstr->param1) == OP_PARM_J))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync GCPTRTYPE(uint8_t *) pTargetGC = PATMResolveBranch(pCpu, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (pTargetGC == 0)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync Log(("We don't support far jumps here!! (%08X)\n", pCpu->param1.flags));
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync return VERR_PATCHING_REFUSED;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (pCpu->pCurInstr->opcode == OP_CALL)
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync Assert(!PATMIsPatchGCAddr(pVM, pTargetGC));
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = patmPatchGenCall(pVM, pPatch, pCpu, pCurInstrGC, pTargetGC, false);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (VBOX_FAILURE(rc))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync goto end;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync else
594521f7faf13f7a88f31e6cd76629bd67340229vboxsync rc = patmPatchGenRelJump(pVM, pPatch, pTargetGC, pCpu->pCurInstr->opcode, !!(pCpu->prefix & PREFIX_OPSIZE));
e04eeee1b306d610b0441cee9bf1c750100254d5vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (VBOX_SUCCESS(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VWRN_CONTINUE_RECOMPILE;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto end;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync }
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync switch (pCpu->pCurInstr->opcode)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync case OP_CLI:
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* If a cli is found while duplicating instructions for another patch, then it's of vital importance to continue
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync * until we've found the proper exit point(s).
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if ( pCurInstrGC != pInstrGC
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync && !(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync )
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync Log(("cli instruction found in other instruction patch block; force it to continue & find an exit point\n"));
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pPatch->flags &= ~(PATMFL_CHECK_SIZE | PATMFL_SINGLE_INSTRUCTION);
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* Set by irq inhibition; no longer valid now. */
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync pPatch->flags &= ~PATMFL_GENERATE_JUMPTOGUEST;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = patmPatchGenCli(pVM, pPatch);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if (VBOX_SUCCESS(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VWRN_CONTINUE_RECOMPILE;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync case OP_MOV:
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync if (pCpu->pCurInstr->optype & OPTYPE_POTENTIALLY_DANGEROUS)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* mov ss, src? */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if ( (pCpu->param1.flags & USE_REG_SEG)
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync && (pCpu->param1.base.reg_seg == USE_REG_SS))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync Log(("Force recompilation of next instruction for OP_MOV at %VGv\n", pCurInstrGC));
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pPatch->flags |= PATMFL_RECOMPILE_NEXT;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /** @todo this could cause a fault (ring 0 selector being loaded in ring 1) */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync }
594521f7faf13f7a88f31e6cd76629bd67340229vboxsync#if 0 /* necessary for Haiku */
e04eeee1b306d610b0441cee9bf1c750100254d5vboxsync else
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if ( (pCpu->param2.flags & USE_REG_SEG)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync && (pCpu->param2.base.reg_seg == USE_REG_SS)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync && (pCpu->param1.flags & (USE_REG_GEN32|USE_REG_GEN16))) /** @todo memory operand must in theory be handled too */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* mov GPR, ss */
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync rc = patmPatchGenMovFromSS(pVM, pPatch, pCpu, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_SUCCESS(rc))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = VWRN_CONTINUE_RECOMPILE;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync break;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync#endif
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto duplicate_instr;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync case OP_POP:
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (pCpu->pCurInstr->param1 == OP_PARM_REG_SS)
9496f2d398b49813176939d7a339ae513d5175efvboxsync {
9496f2d398b49813176939d7a339ae513d5175efvboxsync Assert(pCpu->pCurInstr->optype & OPTYPE_INHIBIT_IRQS);
f687f34bd232be13744edbc0cc5155fa5d4540edvboxsync
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync Log(("Force recompilation of next instruction for OP_MOV at %VGv\n", pCurInstrGC));
7a3f491705173bc08122f2c7d26d48a8b4c5ceecvboxsync pPatch->flags |= PATMFL_RECOMPILE_NEXT;
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync goto duplicate_instr;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_STI:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync RTGCPTR pNextInstrGC = 0; /* by default no inhibit irq */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync /** In a sequence of instructions that inhibit irqs, only the first one actually inhibits irqs. */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (!(pPatch->flags & PATMFL_INHIBIT_IRQS))
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync {
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync pPatch->flags |= PATMFL_INHIBIT_IRQS | PATMFL_GENERATE_JUMPTOGUEST;
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync fInhibitIRQInstr = true;
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync pNextInstrGC = pCurInstrGC + pCpu->opsize;
9496f2d398b49813176939d7a339ae513d5175efvboxsync Log(("Inhibit irqs for instruction OP_STI at %VGv\n", pCurInstrGC));
9496f2d398b49813176939d7a339ae513d5175efvboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenSti(pVM, pPatch, pCurInstrGC, pNextInstrGC);
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync DISCPUSTATE cpu = *pCpu;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync unsigned opsize;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync int disret;
19badc2a6bdaeb1208f71b7de06feec1aa7c59c9vboxsync GCPTRTYPE(uint8_t *) pNextInstrGC, pReturnInstrGC;
19badc2a6bdaeb1208f71b7de06feec1aa7c59c9vboxsync R3PTRTYPE(uint8_t *) pNextInstrHC;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync pPatch->flags |= PATMFL_FOUND_PATCHEND;
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync pNextInstrGC = pCurInstrGC + pCpu->opsize;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync pNextInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pNextInstrGC);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (pNextInstrHC == NULL)
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync AssertFailed();
009d45aa55691312278d41edb20154dc208d9cd8vboxsync return VERR_PATCHING_REFUSED;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync // Disassemble the next instruction
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pNextInstrGC, pNextInstrHC, &opsize, NULL);
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (disret == false)
9496f2d398b49813176939d7a339ae513d5175efvboxsync {
9496f2d398b49813176939d7a339ae513d5175efvboxsync AssertMsgFailed(("STI: Disassembly failed (probably page not present) -> return to caller\n"));
9496f2d398b49813176939d7a339ae513d5175efvboxsync return VERR_PATCHING_REFUSED;
a9f41cb889f53e8407561a6155052c441eb0fc5fvboxsync }
9496f2d398b49813176939d7a339ae513d5175efvboxsync pReturnInstrGC = pNextInstrGC + opsize;
9496f2d398b49813176939d7a339ae513d5175efvboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if ( (pPatch->flags & (PATMFL_DUPLICATE_FUNCTION))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync || pReturnInstrGC <= pInstrGC
009d45aa55691312278d41edb20154dc208d9cd8vboxsync || pReturnInstrGC - pInstrGC >= SIZEOF_NEARJUMP32
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync )
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync /* Not an exit point for function duplication patches */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if ( (pPatch->flags & PATMFL_DUPLICATE_FUNCTION)
19badc2a6bdaeb1208f71b7de06feec1aa7c59c9vboxsync && VBOX_SUCCESS(rc))
19badc2a6bdaeb1208f71b7de06feec1aa7c59c9vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync pPatch->flags &= ~PATMFL_GENERATE_JUMPTOGUEST; /* Don't generate a jump back */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VWRN_CONTINUE_RECOMPILE;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
c7551981eb6d97331da479f68f14a9c56247e4f7vboxsync else
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VINF_SUCCESS; //exit point
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync else {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync Log(("PATM: sti occurred too soon; refusing patch!\n"));
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VERR_PATCHING_REFUSED; //not allowed!!
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync case OP_POPF:
9496f2d398b49813176939d7a339ae513d5175efvboxsync {
9496f2d398b49813176939d7a339ae513d5175efvboxsync bool fGenerateJmpBack = (pCurInstrGC + pCpu->opsize - pInstrGC >= SIZEOF_NEARJUMP32);
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync /* Not an exit point for IDT handler or function replacement patches */
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync /* Note: keep IOPL in mind when changing any of this!! (see comments in PATMA.asm, PATMPopf32Replacement) */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (pPatch->flags & (PATMFL_IDTHANDLER|PATMFL_DUPLICATE_FUNCTION))
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync fGenerateJmpBack = false;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenPopf(pVM, pPatch, pCurInstrGC + pCpu->opsize, !!(pCpu->prefix & PREFIX_OPSIZE), fGenerateJmpBack);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (fGenerateJmpBack == false)
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
bdaae7f756db4f5cf2d62f495a2a80acaf581a0cvboxsync /* Not an exit point for IDT handler or function replacement patches */
bdaae7f756db4f5cf2d62f495a2a80acaf581a0cvboxsync rc = VWRN_CONTINUE_RECOMPILE;
bdaae7f756db4f5cf2d62f495a2a80acaf581a0cvboxsync }
bdaae7f756db4f5cf2d62f495a2a80acaf581a0cvboxsync else
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync pPatch->flags |= PATMFL_FOUND_PATCHEND;
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync rc = VINF_SUCCESS; /* exit point! */
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync }
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_PUSHF:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenPushf(pVM, pPatch, !!(pCpu->prefix & PREFIX_OPSIZE));
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VWRN_CONTINUE_RECOMPILE;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_PUSH:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (pCpu->pCurInstr->param1 == OP_PARM_REG_CS)
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenPushCS(pVM, pPatch);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VWRN_CONTINUE_RECOMPILE;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync goto duplicate_instr;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_IRET:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync Log(("IRET at %VGv\n", pCurInstrGC));
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenIret(pVM, pPatch, pCurInstrGC, !!(pCpu->prefix & PREFIX_OPSIZE));
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync {
009d45aa55691312278d41edb20154dc208d9cd8vboxsync pPatch->flags |= PATMFL_FOUND_PATCHEND;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VINF_SUCCESS; /* exit point by definition */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_ILLUD2:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync /* This appears to be some kind of kernel panic in Linux 2.4; no point to continue */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenIllegalInstr(pVM, pPatch);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VINF_SUCCESS; /* exit point by definition */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync Log(("Illegal opcode (0xf 0xb)\n"));
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_CPUID:
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = patmPatchGenCpuid(pVM, pPatch, pCurInstrGC);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync if (VBOX_SUCCESS(rc))
009d45aa55691312278d41edb20154dc208d9cd8vboxsync rc = VWRN_CONTINUE_RECOMPILE;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync case OP_STR:
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync case OP_SLDT:
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = patmPatchGenSldtStr(pVM, pPatch, pCpu, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_SUCCESS(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VWRN_CONTINUE_RECOMPILE;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync case OP_SGDT:
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync case OP_SIDT:
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync rc = patmPatchGenSxDT(pVM, pPatch, pCpu, pCurInstrGC);
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync if (VBOX_SUCCESS(rc))
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync rc = VWRN_CONTINUE_RECOMPILE;
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync break;
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync
a39ea3668b7019c23a68936259545f9b71bce1aavboxsync case OP_RETN:
da3503c04ce76e653401396fe2795a9bc2427a1dvboxsync /* retn is an exit point for function patches */
da3503c04ce76e653401396fe2795a9bc2427a1dvboxsync rc = patmPatchGenRet(pVM, pPatch, pCpu, pCurInstrGC);
ee4d840f54fd2dcea8a73b1b86d5ec0db370b05dvboxsync if (VBOX_SUCCESS(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VINF_SUCCESS; /* exit point by definition */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_SYSEXIT:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /* Duplicate it, so it can be emulated in GC (or fault). */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenDuplicate(pVM, pPatch, pCpu, pCurInstrGC);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_SUCCESS(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = VINF_SUCCESS; /* exit point by definition */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync break;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_CALL:
ad27e1d5e48ca41245120c331cc88b50464813cevboxsync Assert(pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /* In interrupt gate handlers it's possible to encounter jumps or calls when IF has been enabled again.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * In that case we'll jump to the original instruction and continue from there. Otherwise an int 3 is executed.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Assert(pCpu->param1.size == 4 || pCpu->param1.size == 8);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS && pCpu->param1.size == 4 /* no far calls! */)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenCall(pVM, pPatch, pCpu, pCurInstrGC, (RTGCPTR)0xDEADBEEF, true);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_SUCCESS(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = VWRN_CONTINUE_RECOMPILE;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync break;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync goto gen_illegal_instr;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_JMP:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Assert(pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /* In interrupt gate handlers it's possible to encounter jumps or calls when IF has been enabled again.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * In that case we'll jump to the original instruction and continue from there. Otherwise an int 3 is executed.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Assert(pCpu->param1.size == 4 || pCpu->param1.size == 8);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (pPatch->flags & PATMFL_SUPPORT_INDIRECT_CALLS && pCpu->param1.size == 4 /* no far jumps! */)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = patmPatchGenJump(pVM, pPatch, pCpu, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_SUCCESS(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VINF_SUCCESS; /* end of branch */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync goto gen_illegal_instr;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_INT3:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_INT:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_INTO:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync goto gen_illegal_instr;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync case OP_MOV_DR:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /** @note: currently we let DRx writes cause a trap d; our trap handler will decide to interpret it or not. */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (pCpu->pCurInstr->param2 == OP_PARM_Dd)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenMovDebug(pVM, pPatch, pCpu);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_SUCCESS(rc))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = VWRN_CONTINUE_RECOMPILE;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync break;
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync goto duplicate_instr;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync case OP_MOV_CR:
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync /** @note: currently we let CRx writes cause a trap d; our trap handler will decide to interpret it or not. */
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync if (pCpu->pCurInstr->param2 == OP_PARM_Cd)
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync {
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync rc = patmPatchGenMovControl(pVM, pPatch, pCpu);
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync if (VBOX_SUCCESS(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = VWRN_CONTINUE_RECOMPILE;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync break;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync goto duplicate_instr;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync default:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (pCpu->pCurInstr->optype & (OPTYPE_CONTROLFLOW | OPTYPE_PRIVILEGED_NOTRAP))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsyncgen_illegal_instr:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenIllegalInstr(pVM, pPatch);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_SUCCESS(rc))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = VINF_SUCCESS; /* exit point by definition */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync else
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsyncduplicate_instr:
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("patmPatchGenDuplicate\n"));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenDuplicate(pVM, pPatch, pCpu, pCurInstrGC);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_SUCCESS(rc))
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync rc = VWRN_CONTINUE_RECOMPILE;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync break;
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync }
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsyncend:
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync if ( !fInhibitIRQInstr
a5e6836247bf89fb87d0fdf08c1ac8c79dd979advboxsync && (pPatch->flags & PATMFL_INHIBIT_IRQS))
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync int rc2;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync RTGCPTR pNextInstrGC = pCurInstrGC + pCpu->opsize;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync pPatch->flags &= ~PATMFL_INHIBIT_IRQS;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("Clear inhibit IRQ flag at %VGv\n", pCurInstrGC));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (pPatch->flags & PATMFL_GENERATE_JUMPTOGUEST)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync Log(("patmRecompileCallback: generate jump back to guest (%VGv) after fused instruction\n", pNextInstrGC));
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc2 = patmPatchGenJumpToGuest(pVM, pPatch, pNextInstrGC, true /* clear inhibit irq flag */);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync pPatch->flags &= ~PATMFL_GENERATE_JUMPTOGUEST;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = VINF_SUCCESS; /* end of the line */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync else
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc2 = patmPatchGenClearInhibitIRQ(pVM, pPatch, pNextInstrGC);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (VBOX_FAILURE(rc2))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = rc2;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (VBOX_SUCCESS(rc))
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync // If single instruction patch, we've copied enough instructions *and* the current instruction is not a relative jump
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync if ( (pPatch->flags & PATMFL_CHECK_SIZE)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync && pCurInstrGC + pCpu->opsize - pInstrGC >= SIZEOF_NEARJUMP32
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync && !(pCpu->pCurInstr->optype & OPTYPE_RELATIVE_CONTROLFLOW)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync && !(pPatch->flags & PATMFL_RECOMPILE_NEXT) /* do not do this when the next instruction *must* be executed! */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync )
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync {
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync RTGCPTR pNextInstrGC = pCurInstrGC + pCpu->opsize;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync // The end marker for this kind of patch is any instruction at a location outside our patch jump
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync Log(("patmRecompileCallback: end found for single instruction patch at %VGv opsize %d\n", pNextInstrGC, pCpu->opsize));
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync rc = patmPatchGenJumpToGuest(pVM, pPatch, pNextInstrGC);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync AssertRC(rc);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync }
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync return rc;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync}
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
e74eef731a813e4e06680c587a6759b9974b29c9vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync#ifdef LOG_ENABLED
c7ff622115966b69b482bd2896662e40d823b22fvboxsync
c7ff622115966b69b482bd2896662e40d823b22fvboxsync/* Add a disasm jump record (temporary for prevent duplicate analysis)
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pVM The VM to operate on.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pPatch Patch structure ptr
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pInstrGC Guest context pointer to privileged instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
16a9adc14900ca18e6909679a579f6833425e030vboxsyncstatic void patmPatchAddDisasmJump(PVM pVM, PPATCHINFO pPatch, RTGCPTR pInstrGC)
16a9adc14900ca18e6909679a579f6833425e030vboxsync{
16a9adc14900ca18e6909679a579f6833425e030vboxsync PAVLPVNODECORE pRec;
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync pRec = (PAVLPVNODECORE)MMR3HeapAllocZ(pVM, MM_TAG_PATM_PATCH, sizeof(*pRec));
16a9adc14900ca18e6909679a579f6833425e030vboxsync Assert(pRec);
16a9adc14900ca18e6909679a579f6833425e030vboxsync pRec->Key = (AVLPVKEY)pInstrGC;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync int ret = RTAvlPVInsert(&pPatch->pTempInfo->DisasmJumpTree, pRec);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync Assert(ret);
009d45aa55691312278d41edb20154dc208d9cd8vboxsync}
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync/**
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * Checks if jump target has been analysed before.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync *
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @returns VBox status code.
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @param pPatch Patch struct
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @param pInstrGC Jump target
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync *
76364cddabfeb143dad91862d41a5638d8860b25vboxsync */
76364cddabfeb143dad91862d41a5638d8860b25vboxsyncstatic bool patmIsKnownDisasmJump(PPATCHINFO pPatch, RTGCPTR pInstrGC)
76364cddabfeb143dad91862d41a5638d8860b25vboxsync{
76364cddabfeb143dad91862d41a5638d8860b25vboxsync PAVLPVNODECORE pRec;
76364cddabfeb143dad91862d41a5638d8860b25vboxsync
76364cddabfeb143dad91862d41a5638d8860b25vboxsync pRec = RTAvlPVGet(&pPatch->pTempInfo->DisasmJumpTree, (AVLPVKEY)pInstrGC);
76364cddabfeb143dad91862d41a5638d8860b25vboxsync if (pRec)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync return true;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync return false;
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync}
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync/**
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync * For proper disassembly of the final patch block
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync *
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync * @returns VBox status code.
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * @param pVM The VM to operate on.
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * @param pCpu CPU disassembly state
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * @param pInstrGC Guest context pointer to privileged instruction
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
cba6719bd64ec749967bbe931230452664109857vboxsync * @param pUserData User pointer (callback specific)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync *
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync */
c28fa006ba669ad8f26ae31d00a338379c04ea1bvboxsyncint patmr3DisasmCallback(PVM pVM, DISCPUSTATE *pCpu, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, void *pUserData)
cba6719bd64ec749967bbe931230452664109857vboxsync{
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync if (pCpu->pCurInstr->opcode == OP_INT3)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync /* Could be an int3 inserted in a call patch. Check to be sure */
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync DISCPUSTATE cpu;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync uint8_t *pOrgJumpHC;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync RTGCPTR pOrgJumpGC;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync uint32_t dummy;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
e74eef731a813e4e06680c587a6759b9974b29c9vboxsync pOrgJumpGC = patmPatchGCPtr2GuestGCPtr(pVM, pPatch, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pOrgJumpHC = PATMGCVirtToHCVirt(pVM, pPatch, pOrgJumpGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync bool disret = PATMR3DISInstr(pVM, pPatch, &cpu, pOrgJumpGC, pOrgJumpHC, &dummy, NULL);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (!disret || cpu.pCurInstr->opcode != OP_CALL || cpu.param1.size != 4 /* only near calls */)
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync return VINF_SUCCESS;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync return VWRN_CONTINUE_ANALYSIS;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync }
090d729e786b999dc285f8ea267f9effd1319544vboxsync
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync if ( pCpu->pCurInstr->opcode == OP_ILLUD2
16a9adc14900ca18e6909679a579f6833425e030vboxsync && PATMIsPatchGCAddr(pVM, pCurInstrGC))
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* the indirect call patch contains an 0xF/0xB illegal instr to call for assistance; check for this and continue */
16a9adc14900ca18e6909679a579f6833425e030vboxsync return VWRN_CONTINUE_ANALYSIS;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync if ( (pCpu->pCurInstr->opcode == OP_CALL && !(pPatch->flags & PATMFL_SUPPORT_CALLS))
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync || pCpu->pCurInstr->opcode == OP_INT
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync || pCpu->pCurInstr->opcode == OP_IRET
16a9adc14900ca18e6909679a579f6833425e030vboxsync || pCpu->pCurInstr->opcode == OP_RETN
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync || pCpu->pCurInstr->opcode == OP_RETF
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync )
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync {
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync return VINF_SUCCESS;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync }
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync if (pCpu->pCurInstr->opcode == OP_ILLUD2)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return VINF_SUCCESS;
9496f2d398b49813176939d7a339ae513d5175efvboxsync
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync return VWRN_CONTINUE_ANALYSIS;
548ca31b6b47c36bacce49bed3339cb8075b9681vboxsync}
fc78e01f665145ab3641c5f8095e9ae984ddcb84vboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync/**
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync * Disassembles the code stream until the callback function detects a failure or decides everything is acceptable
68a4ee3a31a0807abd03eae881c1bbaf4d42ee6dvboxsync *
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @returns VBox status code.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pVM The VM to operate on.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pInstrGC Guest context pointer to the initial privileged instruction
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
9496f2d398b49813176939d7a339ae513d5175efvboxsync * @param pfnPATMR3Disasm Callback for testing the disassembled instruction
9496f2d398b49813176939d7a339ae513d5175efvboxsync * @param pUserData User pointer (callback specific)
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync *
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync */
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsyncint patmr3DisasmCode(PVM pVM, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Disasm, void *pUserData)
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync{
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync DISCPUSTATE cpu;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync int rc = VWRN_CONTINUE_ANALYSIS;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync uint32_t opsize, delta;
9496f2d398b49813176939d7a339ae513d5175efvboxsync R3PTRTYPE(uint8_t *) pCurInstrHC = 0;
da3503c04ce76e653401396fe2795a9bc2427a1dvboxsync bool disret;
9496f2d398b49813176939d7a339ae513d5175efvboxsync char szOutput[256];
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Assert(pCurInstrHC != PATCHCODE_PTR_HC(pPatch) || pPatch->pTempInfo->DisasmJumpTree == 0);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* We need this to determine branch targets (and for disassembling). */
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync delta = pVM->patm.s.pPatchMemGC - (uintptr_t)pVM->patm.s.pPatchMemHC;
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync while(rc == VWRN_CONTINUE_ANALYSIS)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
c28fa006ba669ad8f26ae31d00a338379c04ea1bvboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync
090d729e786b999dc285f8ea267f9effd1319544vboxsync pCurInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pCurInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (pCurInstrHC == NULL)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VERR_PATCHING_REFUSED;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto end;
c28fa006ba669ad8f26ae31d00a338379c04ea1bvboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pCurInstrGC, pCurInstrHC, &opsize, szOutput, PATMREAD_RAWCODE);
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if (PATMIsPatchGCAddr(pVM, pCurInstrGC))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync RTGCPTR pOrgInstrGC = patmPatchGCPtr2GuestGCPtr(pVM, pPatch, pCurInstrGC);
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync if (pOrgInstrGC != pPatch->pTempInfo->pLastDisasmInstrGC)
009d45aa55691312278d41edb20154dc208d9cd8vboxsync Log(("DIS %VGv<-%s", pOrgInstrGC, szOutput));
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync else
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("DIS %s", szOutput));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pPatch->pTempInfo->pLastDisasmInstrGC = pOrgInstrGC;
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if (patmIsIllegalInstr(pPatch, pOrgInstrGC))
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = VINF_SUCCESS;
16a9adc14900ca18e6909679a579f6833425e030vboxsync goto end;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync else
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("DIS: %s", szOutput));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (disret == false)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("Disassembly failed (probably page not present) -> return to caller\n"));
c28fa006ba669ad8f26ae31d00a338379c04ea1bvboxsync rc = VINF_SUCCESS;
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync goto end;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync }
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync rc = pfnPATMR3Disasm(pVM, &cpu, pInstrGC, pCurInstrGC, pUserData);
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync if (rc != VWRN_CONTINUE_ANALYSIS) {
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync break; //done!
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync }
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync /* For our first attempt, we'll handle only simple relative jumps and calls (immediate offset coded in instruction) */
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync if ( (cpu.pCurInstr->optype & OPTYPE_CONTROLFLOW)
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync && (OP_PARM_VTYPE(cpu.pCurInstr->param1) == OP_PARM_J)
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync && cpu.pCurInstr->opcode != OP_CALL /* complete functions are replaced; don't bother here. */
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync )
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync {
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync RTGCPTR pTargetGC = PATMResolveBranch(&cpu, pCurInstrGC);
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync RTGCPTR pOrgTargetGC;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync if (pTargetGC == 0)
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync {
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync Log(("We don't support far jumps here!! (%08X)\n", cpu.param1.flags));
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync rc = VERR_PATCHING_REFUSED;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync break;
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync }
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync if (!PATMIsPatchGCAddr(pVM, pTargetGC))
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync {
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync //jump back to guest code
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync rc = VINF_SUCCESS;
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync goto end;
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync }
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync pOrgTargetGC = PATMR3PatchToGCPtr(pVM, pTargetGC, 0);
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync if (patmIsCommonIDTHandlerPatch(pVM, pOrgTargetGC))
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync {
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync rc = VINF_SUCCESS;
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync goto end;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync }
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync if (patmIsKnownDisasmJump(pPatch, pTargetGC) == false)
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync {
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync /* New jump, let's check it. */
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync patmPatchAddDisasmJump(pVM, pPatch, pTargetGC);
16a9adc14900ca18e6909679a579f6833425e030vboxsync
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync if (cpu.pCurInstr->opcode == OP_CALL) pPatch->pTempInfo->nrCalls++;
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync rc = patmr3DisasmCode(pVM, pInstrGC, pTargetGC, pfnPATMR3Disasm, pUserData);
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync if (cpu.pCurInstr->opcode == OP_CALL) pPatch->pTempInfo->nrCalls--;
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync if (rc != VINF_SUCCESS) {
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync break; //done!
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync }
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync }
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync if (cpu.pCurInstr->opcode == OP_JMP)
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync {
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync /* Unconditional jump; return to caller. */
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync rc = VINF_SUCCESS;
44fc72ff17b23a9b970505fcf8d6da1019ddcec5vboxsync goto end;
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync }
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync rc = VWRN_CONTINUE_ANALYSIS;
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync }
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync pCurInstrGC += opsize;
27b178e99b06a68ef52353b15bc647674d2006bcvboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsyncend:
16a9adc14900ca18e6909679a579f6833425e030vboxsync return rc;
16a9adc14900ca18e6909679a579f6833425e030vboxsync}
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync/**
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Disassembles the code stream until the callback function detects a failure or decides everything is acceptable
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @returns VBox status code.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pVM The VM to operate on.
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pInstrGC Guest context pointer to the initial privileged instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pfnPATMR3Disasm Callback for testing the disassembled instruction
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @param pUserData User pointer (callback specific)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync *
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsyncint patmr3DisasmCodeStream(PVM pVM, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Disasm, void *pUserData)
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync{
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync int rc = patmr3DisasmCode(pVM, pInstrGC, pCurInstrGC, pfnPATMR3Disasm, pUserData);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync /* Free all disasm jump records. */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync patmEmptyTree(pVM, &pPatch->pTempInfo->DisasmJumpTree);
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync return rc;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync}
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync#endif /* LOG_ENABLED */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
009d45aa55691312278d41edb20154dc208d9cd8vboxsync/**
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * Detects it the specified address falls within a 5 byte jump generated for an active patch.
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * If so, this patch is permanently disabled.
009d45aa55691312278d41edb20154dc208d9cd8vboxsync *
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param pVM The VM to operate on.
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param pInstrGC Guest context pointer to instruction
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param pConflictGC Guest context pointer to check
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync *
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync * @note also checks for patch hints to make sure they can never be enabled if a conflict is present.
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync *
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync */
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsyncPATMR3DECL(int) PATMR3DetectConflict(PVM pVM, RTGCPTR pInstrGC, RTGCPTR pConflictGC)
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync{
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync PPATCHINFO pTargetPatch = PATMFindActivePatchByEntrypoint(pVM, pConflictGC, true /* include patch hints */);
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync if (pTargetPatch)
b5ad839a3757b305d4e98d7264da2b53c9cd27f0vboxsync {
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync return patmDisableUnusablePatch(pVM, pInstrGC, pConflictGC, pTargetPatch);
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync }
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync return VERR_PATCH_NO_CONFLICT;
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync}
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync/**
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * Recompile the code stream until the callback function detects a failure or decides everything is acceptable
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync *
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @returns VBox status code.
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @param pVM The VM to operate on.
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @param pInstrGC Guest context pointer to privileged instruction
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @param pCurInstrGC Guest context pointer to the current instruction
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @param pfnPATMR3Recompile Callback for testing the disassembled instruction
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync * @param pUserData User pointer (callback specific)
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync *
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync */
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsyncstatic int patmRecompileCodeStream(PVM pVM, GCPTRTYPE(uint8_t *) pInstrGC, GCPTRTYPE(uint8_t *) pCurInstrGC, PFN_PATMR3ANALYSE pfnPATMR3Recompile, void *pUserData)
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync{
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync DISCPUSTATE cpu;
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync PPATCHINFO pPatch = (PPATCHINFO)pUserData;
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync int rc = VWRN_CONTINUE_ANALYSIS;
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync uint32_t opsize;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync R3PTRTYPE(uint8_t *) pCurInstrHC = 0;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync bool disret;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#ifdef LOG_ENABLED
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync char szOutput[256];
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#endif
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync while (rc == VWRN_CONTINUE_RECOMPILE)
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync {
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync ////Log(("patmRecompileCodeStream %VGv %VGv\n", pInstrGC, pCurInstrGC));
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync pCurInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pCurInstrGC);
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync if (pCurInstrHC == NULL)
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync {
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync rc = VERR_PATCHING_REFUSED; /* fatal in this case */
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync goto end;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync }
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#ifdef LOG_ENABLED
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pCurInstrGC, pCurInstrHC, &opsize, szOutput);
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync Log(("Recompile: %s", szOutput));
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync#else
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pCurInstrGC, pCurInstrHC, &opsize, NULL);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#endif
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (disret == false)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("Disassembly failed (probably page not present) -> return to caller\n"));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Add lookup record for patch to guest address translation */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync patmr3AddP2GLookupRecord(pVM, pPatch, PATCHCODE_PTR_HC(pPatch) + pPatch->uCurPatchOffset, pCurInstrGC, PATM_LOOKUP_BOTHDIR);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync patmPatchGenIllegalInstr(pVM, pPatch);
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = VINF_SUCCESS; /* Note: don't fail here; we might refuse an important patch!! */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto end;
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync rc = pfnPATMR3Recompile(pVM, &cpu, pInstrGC, pCurInstrGC, pUserData);
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync if (rc != VWRN_CONTINUE_RECOMPILE)
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync {
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync /* If irqs are inhibited because of the current instruction, then we must make sure the next one is executed! */
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync if ( rc == VINF_SUCCESS
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync && (pPatch->flags & PATMFL_INHIBIT_IRQS))
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync {
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync DISCPUSTATE cpunext;
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync uint32_t opsizenext;
61b5982fad4660d0fe3dd6ceba9eda85eb32f7e8vboxsync uint8_t *pNextInstrHC;
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync RTGCPTR pNextInstrGC = pCurInstrGC + opsize;
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync Log(("patmRecompileCodeStream: irqs inhibited by instruction %VGv\n", pNextInstrGC));
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync /* Certain instructions (e.g. sti) force the next instruction to be executed before any interrupts can occur.
c8cedf818a53e003ce5a59c552d2f15c1b51f64cvboxsync * Recompile the next instruction as well
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
16a9adc14900ca18e6909679a579f6833425e030vboxsync pNextInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pNextInstrGC);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (pNextInstrHC == NULL)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = VERR_PATCHING_REFUSED; /* fatal in this case */
16a9adc14900ca18e6909679a579f6833425e030vboxsync goto end;
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync cpunext.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpunext, pNextInstrGC, pNextInstrHC, &opsizenext, NULL);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (disret == false)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync rc = VERR_PATCHING_REFUSED; /* fatal in this case */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync goto end;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync switch(cpunext.pCurInstr->opcode)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync case OP_IRET: /* inhibit cleared in generated code */
16a9adc14900ca18e6909679a579f6833425e030vboxsync case OP_SYSEXIT: /* faults; inhibit should be cleared in HC handling */
16a9adc14900ca18e6909679a579f6833425e030vboxsync case OP_HLT:
16a9adc14900ca18e6909679a579f6833425e030vboxsync break; /* recompile these */
16a9adc14900ca18e6909679a579f6833425e030vboxsync
bbede9c189def47a9880f0ffb03c0c230c774185vboxsync default:
a3369a746b56a8966dd78619f4d191c9662f400dvboxsync if (cpunext.pCurInstr->optype & OPTYPE_CONTROLFLOW)
a3369a746b56a8966dd78619f4d191c9662f400dvboxsync {
ee00a0b29854e7f513198772bccb6650f6dd2184vboxsync Log(("Unexpected control flow instruction after inhibit irq instruction\n"));
a3369a746b56a8966dd78619f4d191c9662f400dvboxsync
51fe8789a74f6c118894aaa12eb69ec155386dbdvboxsync rc = patmPatchGenJumpToGuest(pVM, pPatch, pNextInstrGC, true /* clear inhibit irq flag */);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync AssertRC(rc);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pPatch->flags &= ~PATMFL_INHIBIT_IRQS;
d5ea45cc92d7f1d3ade8189944531f665bfe8ed5vboxsync goto end; /** @todo should be ok to ignore instruction fusing in this case */
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync }
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync break;
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /** @note after a cli we must continue to a proper exit point */
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync if (cpunext.pCurInstr->opcode != OP_CLI)
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync {
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync rc = pfnPATMR3Recompile(pVM, &cpunext, pInstrGC, pNextInstrGC, pUserData);
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync if (VBOX_SUCCESS(rc))
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync {
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync rc = VINF_SUCCESS;
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync goto end;
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync else
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VWRN_CONTINUE_RECOMPILE;
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync else
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break; /* done! */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /** @todo continue with the instructions following the jump and then recompile the jump target code */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
0ccdfa1953b2f57311fb9ec01a2baf5e1e366f5avboxsync
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync /* For our first attempt, we'll handle only simple relative jumps and calls (immediate offset coded in instruction). */
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if ( (cpu.pCurInstr->optype & OPTYPE_CONTROLFLOW)
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync && (OP_PARM_VTYPE(cpu.pCurInstr->param1) == OP_PARM_J)
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync && cpu.pCurInstr->opcode != OP_CALL /* complete functions are replaced; don't bother here. */
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync )
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync {
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync GCPTRTYPE(uint8_t *) addr = PATMResolveBranch(&cpu, pCurInstrGC);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (addr == 0)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("We don't support far jumps here!! (%08X)\n", cpu.param1.flags));
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = VERR_PATCHING_REFUSED;
16a9adc14900ca18e6909679a579f6833425e030vboxsync break;
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("Jump encountered target %VGv\n", addr));
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* We don't check if the branch target lies in a valid page as we've already done that in the analysis phase. */
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (!(cpu.pCurInstr->optype & OPTYPE_UNCOND_CONTROLFLOW))
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("patmRecompileCodeStream continue passed conditional jump\n"));
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* First we need to finish this linear code stream until the next exit point. */
16a9adc14900ca18e6909679a579f6833425e030vboxsync rc = patmRecompileCodeStream(pVM, pInstrGC, pCurInstrGC+opsize, pfnPATMR3Recompile, pUserData);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (VBOX_FAILURE(rc))
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("patmRecompileCodeStream fatal error %d\n", rc));
16a9adc14900ca18e6909679a579f6833425e030vboxsync break; //fatal error
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync if (patmGuestGCPtrToPatchGCPtr(pVM, pPatch, addr) == 0)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync /* New code; let's recompile it. */
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("patmRecompileCodeStream continue with jump\n"));
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync /*
16a9adc14900ca18e6909679a579f6833425e030vboxsync * If we are jumping to an existing patch (or within 5 bytes of the entrypoint), then we must temporarily disable
16a9adc14900ca18e6909679a579f6833425e030vboxsync * this patch so we can continue our analysis
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * We rely on CSAM to detect and resolve conflicts
16a9adc14900ca18e6909679a579f6833425e030vboxsync */
16a9adc14900ca18e6909679a579f6833425e030vboxsync PPATCHINFO pTargetPatch = PATMFindActivePatchByEntrypoint(pVM, addr);
16a9adc14900ca18e6909679a579f6833425e030vboxsync if(pTargetPatch)
16a9adc14900ca18e6909679a579f6833425e030vboxsync {
16a9adc14900ca18e6909679a579f6833425e030vboxsync Log(("Found active patch at target %VGv (%VGv) -> temporarily disabling it!!\n", addr, pTargetPatch->pPrivInstrGC));
16a9adc14900ca18e6909679a579f6833425e030vboxsync PATMR3DisablePatch(pVM, pTargetPatch->pPrivInstrGC);
16a9adc14900ca18e6909679a579f6833425e030vboxsync }
16a9adc14900ca18e6909679a579f6833425e030vboxsync
670b83d458bceb92123155b5b47a39b9d24e3266vboxsync if (cpu.pCurInstr->opcode == OP_CALL) pPatch->pTempInfo->nrCalls++;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync rc = patmRecompileCodeStream(pVM, pInstrGC, addr, pfnPATMR3Recompile, pUserData);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (cpu.pCurInstr->opcode == OP_CALL) pPatch->pTempInfo->nrCalls--;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if(pTargetPatch)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync PATMR3EnablePatch(pVM, pTargetPatch->pPrivInstrGC);
9c149a2789022f5011e88fb62f02a1cc8068e88fvboxsync }
c0a370e600bb60153a269fb32b5f709347c35768vboxsync
c0a370e600bb60153a269fb32b5f709347c35768vboxsync if (VBOX_FAILURE(rc))
c0a370e600bb60153a269fb32b5f709347c35768vboxsync {
c0a370e600bb60153a269fb32b5f709347c35768vboxsync Log(("patmRecompileCodeStream fatal error %d\n", rc));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync break; //done!
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync /* Always return to caller here; we're done! */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync rc = VINF_SUCCESS;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync goto end;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync else
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (cpu.pCurInstr->optype & OPTYPE_UNCOND_CONTROLFLOW)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync rc = VINF_SUCCESS;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync goto end;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync pCurInstrGC += opsize;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsyncend:
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(!(pPatch->flags & PATMFL_RECOMPILE_NEXT));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return rc;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync}
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync/**
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * Generate the jump from guest to patch code
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync *
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @returns VBox status code.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pVM The VM to operate on.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pPatch Patch record
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsyncstatic int patmGenJumpToPatch(PVM pVM, PPATCHINFO pPatch, bool fAddFixup = true)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync{
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync uint8_t temp[8];
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync uint8_t *pPB;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync int rc;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(pPatch->cbPatchJump <= sizeof(temp));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(!(pPatch->flags & PATMFL_PATCHED_GUEST_CODE));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync pPB = pPatch->pPrivInstrHC;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync#ifdef PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (pPatch->flags & PATMFL_JUMP_CONFLICT)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(pPatch->pPatchJumpDestGC);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (pPatch->cbPatchJump == SIZEOF_NEARJUMP32)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync // jmp [PatchCode]
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (fAddFixup)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (patmPatchAddReloc32(pVM, pPatch, &pPB[1], FIXUP_REL_JMPTOPATCH, pPatch->pPrivInstrGC + pPatch->cbPatchJump, pPatch->pPatchJumpDestGC) != VINF_SUCCESS)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Log(("Relocation failed for the jump in the guest code!!\n"));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return VERR_PATCHING_REFUSED;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync temp[0] = pPatch->aPrivInstr[0]; //jump opcode copied from original instruction
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync *(uint32_t *)&temp[1] = (uint32_t)pPatch->pPatchJumpDestGC - ((uint32_t)pPatch->pPrivInstrGC + pPatch->cbPatchJump); //return address
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync else
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (pPatch->cbPatchJump == SIZEOF_NEAR_COND_JUMP32)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync // jmp [PatchCode]
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (fAddFixup)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (patmPatchAddReloc32(pVM, pPatch, &pPB[2], FIXUP_REL_JMPTOPATCH, pPatch->pPrivInstrGC + pPatch->cbPatchJump, pPatch->pPatchJumpDestGC) != VINF_SUCCESS)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Log(("Relocation failed for the jump in the guest code!!\n"));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return VERR_PATCHING_REFUSED;
c0a370e600bb60153a269fb32b5f709347c35768vboxsync }
c0a370e600bb60153a269fb32b5f709347c35768vboxsync }
c0a370e600bb60153a269fb32b5f709347c35768vboxsync
c0a370e600bb60153a269fb32b5f709347c35768vboxsync temp[0] = pPatch->aPrivInstr[0]; //jump opcode copied from original instruction
c0a370e600bb60153a269fb32b5f709347c35768vboxsync temp[1] = pPatch->aPrivInstr[1]; //jump opcode copied from original instruction
c0a370e600bb60153a269fb32b5f709347c35768vboxsync *(uint32_t *)&temp[2] = (uint32_t)pPatch->pPatchJumpDestGC - ((uint32_t)pPatch->pPrivInstrGC + pPatch->cbPatchJump); //return address
c0a370e600bb60153a269fb32b5f709347c35768vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync else
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(0);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return VERR_PATCHING_REFUSED;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync }
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync else
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync#endif
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(pPatch->cbPatchJump == SIZEOF_NEARJUMP32);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync // jmp [PatchCode]
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (fAddFixup)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (patmPatchAddReloc32(pVM, pPatch, &pPB[1], FIXUP_REL_JMPTOPATCH, pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32, PATCHCODE_PTR_GC(pPatch)) != VINF_SUCCESS)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Log(("Relocation failed for the jump in the guest code!!\n"));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync return VERR_PATCHING_REFUSED;
c0a370e600bb60153a269fb32b5f709347c35768vboxsync }
c0a370e600bb60153a269fb32b5f709347c35768vboxsync }
c0a370e600bb60153a269fb32b5f709347c35768vboxsync temp[0] = 0xE9; //jmp
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync *(uint32_t *)&temp[1] = (RTGCUINTPTR)PATCHCODE_PTR_GC(pPatch) - ((RTGCUINTPTR)pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32); //return address
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = PGMPhysWriteGCPtrDirty(pVM, pPatch->pPrivInstrGC, temp, pPatch->cbPatchJump);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync AssertRC(rc);
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (rc == VINF_SUCCESS)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync pPatch->flags |= PATMFL_PATCHED_GUEST_CODE;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync return rc;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync}
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync/**
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync * Remove the jump from guest to patch code
61d064a54f03596920c3918f58ecc7764074a5d8vboxsync *
9496f2d398b49813176939d7a339ae513d5175efvboxsync * @returns VBox status code.
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync * @param pVM The VM to operate on.
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync * @param pPatch Patch record
9496f2d398b49813176939d7a339ae513d5175efvboxsync */
9496f2d398b49813176939d7a339ae513d5175efvboxsyncstatic int patmRemoveJumpToPatch(PVM pVM, PPATCHINFO pPatch)
5d0d754550d06b7d59a935e59caaf814462d53ccvboxsync{
9496f2d398b49813176939d7a339ae513d5175efvboxsync#ifdef DEBUG
d80c85a1bc7317da7d0cd1254fae6a20db039c8cvboxsync DISCPUSTATE cpu;
9496f2d398b49813176939d7a339ae513d5175efvboxsync char szOutput[256];
9496f2d398b49813176939d7a339ae513d5175efvboxsync uint32_t opsize, i = 0;
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync bool disret;
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync while(i < pPatch->cbPrivInstr)
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync {
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC + i, &pPatch->pPrivInstrHC[i], &opsize, szOutput);
d1bffa158f98ff3c18f7d085e7372c9ea00e9a43vboxsync if (disret == false)
24a0cc1776a88752cc25446a98e2a3881e623216vboxsync break;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync
d1bffa158f98ff3c18f7d085e7372c9ea00e9a43vboxsync Log(("Org patch jump: %s", szOutput));
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync Assert(opsize);
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync i += opsize;
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync }
f35c44bfc9e1036d0cb376fb144cdae416c7ef3avboxsync#endif
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync /* Restore original code (privileged instruction + following instructions that were overwritten because of the 5/6 byte jmp). */
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync int rc = PGMPhysWriteGCPtrDirty(pVM, pPatch->pPrivInstrGC, pPatch->aPrivInstr, pPatch->cbPatchJump);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#ifdef DEBUG
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (rc == VINF_SUCCESS)
927320c7f81d3acdbccb5f3fea7548b4b7184b98vboxsync {
6b223679d40f5e57e55e867e806a9f194e2cde12vboxsync DISCPUSTATE cpu;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync char szOutput[256];
9496f2d398b49813176939d7a339ae513d5175efvboxsync uint32_t opsize, i = 0;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync bool disret;
9496f2d398b49813176939d7a339ae513d5175efvboxsync
9496f2d398b49813176939d7a339ae513d5175efvboxsync while(i < pPatch->cbPrivInstr)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC + i, &pPatch->pPrivInstrHC[i], &opsize, szOutput);
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if (disret == false)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync break;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("Org instr: %s", szOutput));
76364cddabfeb143dad91862d41a5638d8860b25vboxsync Assert(opsize);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync i += opsize;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync#endif
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync pPatch->flags &= ~PATMFL_PATCHED_GUEST_CODE;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync return rc;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync}
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync/**
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync * Generate the call from guest to patch code
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync *
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync * @returns VBox status code.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pVM The VM to operate on.
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync * @param pPatch Patch record
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync */
e4f367251aede667a6de69baa54ef9eb5f150871vboxsyncstatic int patmGenCallToPatch(PVM pVM, PPATCHINFO pPatch, RTGCPTR pTargetGC, bool fAddFixup = true)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync{
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync uint8_t temp[8];
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync uint8_t *pPB;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync int rc;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(pPatch->cbPatchJump <= sizeof(temp));
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync pPB = pPatch->pPrivInstrHC;
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync Assert(pPatch->cbPatchJump == SIZEOF_NEARJUMP32);
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync // jmp [PatchCode]
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync if (fAddFixup)
e4f367251aede667a6de69baa54ef9eb5f150871vboxsync {
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync if (patmPatchAddReloc32(pVM, pPatch, &pPB[1], FIXUP_REL_JMPTOPATCH, pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32, pTargetGC) != VINF_SUCCESS)
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync {
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync Log(("Relocation failed for the jump in the guest code!!\n"));
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync return VERR_PATCHING_REFUSED;
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync }
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync }
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync Assert(pPatch->aPrivInstr[0] == 0xE8 || pPatch->aPrivInstr[0] == 0xE9); /* call or jmp */
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync temp[0] = pPatch->aPrivInstr[0];
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync *(uint32_t *)&temp[1] = (uint32_t)pTargetGC - ((uint32_t)pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32); //return address
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync rc = PGMPhysWriteGCPtrDirty(pVM, pPatch->pPrivInstrGC, temp, pPatch->cbPatchJump);
681fd85cc7cd49e9cf66a917d6ae9ff36eb7d9e9vboxsync AssertRC(rc);
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync return rc;
16a9adc14900ca18e6909679a579f6833425e030vboxsync}
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync
16a9adc14900ca18e6909679a579f6833425e030vboxsync/**
16a9adc14900ca18e6909679a579f6833425e030vboxsync * Patch cli/sti pushf/popf instruction block at specified location
16a9adc14900ca18e6909679a579f6833425e030vboxsync *
16a9adc14900ca18e6909679a579f6833425e030vboxsync * @returns VBox status code.
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param pVM The VM to operate on.
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param pInstrGC Guest context point to privileged instruction
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync * @param pInstrHC Host context point to privileged instruction
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param uOpcode Instruction opcode
009d45aa55691312278d41edb20154dc208d9cd8vboxsync * @param uOpSize Size of starting instruction
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync * @param pPatchRec Patch record
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync *
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync * @note returns failure if patching is not allowed or possible
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync *
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync */
cab115cfa31c584def7069312a1e23c3fc88533bvboxsyncPATMR3DECL(int) PATMR3PatchBlock(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC,
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync uint32_t uOpcode, uint32_t uOpSize, PPATMPATCHREC pPatchRec)
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync{
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync PPATCHINFO pPatch = &pPatchRec->patch;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync int rc = VERR_PATCHING_REFUSED;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync DISCPUSTATE cpu;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync uint32_t orgOffsetPatchMem = ~0;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync RTGCPTR pInstrStart;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync#ifdef LOG_ENABLED
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync uint32_t opsize;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync char szOutput[256];
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync bool disret;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync#endif
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync /* Save original offset (in case of failures later on) */
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync /** @todo use the hypervisor heap (that has quite a few consequences for save/restore though) */
009d45aa55691312278d41edb20154dc208d9cd8vboxsync orgOffsetPatchMem = pVM->patm.s.offPatchMem;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync Assert(!(pPatch->flags & (PATMFL_GUEST_SPECIFIC|PATMFL_USER_MODE|PATMFL_TRAPHANDLER)));
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync switch (uOpcode)
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync {
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync case OP_MOV:
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync break;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync case OP_CLI:
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync case OP_PUSHF:
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync /* We can 'call' a cli or pushf patch. It will either return to the original guest code when IF is set again, or fault. */
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync /** @note special precautions are taken when disabling and enabling such patches. */
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync pPatch->flags |= PATMFL_CALLABLE_AS_FUNCTION;
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync break;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync default:
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync if (!(pPatch->flags & PATMFL_IDTHANDLER))
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync {
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync AssertMsg(0, ("PATMR3PatchBlock: Invalid opcode %x\n", uOpcode));
cab115cfa31c584def7069312a1e23c3fc88533bvboxsync return VERR_INVALID_PARAMETER;
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync }
009d45aa55691312278d41edb20154dc208d9cd8vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if (!(pPatch->flags & (PATMFL_IDTHANDLER|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT|PATMFL_SYSENTER|PATMFL_INT3_REPLACEMENT_BLOCK)))
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync pPatch->flags |= PATMFL_MUST_INSTALL_PATCHJMP;
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync /* If we're going to insert a patch jump, then the jump itself is not allowed to cross a page boundary. */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync if ( (pPatch->flags & PATMFL_MUST_INSTALL_PATCHJMP)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync && PAGE_ADDRESS(pInstrGC) != PAGE_ADDRESS(pInstrGC + SIZEOF_NEARJUMP32)
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync )
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync {
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync STAM_COUNTER_INC(&pVM->patm.s.StatPageBoundaryCrossed);
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync#ifdef DEBUG_sandervl
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync//// AssertMsgFailed(("Patch jump would cross page boundary -> refuse!!\n"));
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync#endif
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync rc = VERR_PATCHING_REFUSED;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync goto failure;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync }
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pPatch->nrPatch2GuestRecs = 0;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pInstrStart = pInstrGC;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync#ifdef PATM_ENABLE_CALL
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pPatch->flags |= PATMFL_SUPPORT_CALLS | PATMFL_SUPPORT_INDIRECT_CALLS;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync#endif
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pPatch->pPatchBlockOffset = pVM->patm.s.offPatchMem;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pPatch->uCurPatchOffset = 0;
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
b7a5b3f9f9ecce32ddacf8404c625ce0451bbdc1vboxsync
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if ((pPatch->flags & (PATMFL_IDTHANDLER|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT|PATMFL_SYSENTER)) == PATMFL_IDTHANDLER)
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync {
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync Assert(pPatch->flags & PATMFL_INTHANDLER);
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync /* Install fake cli patch (to clear the virtual IF and check int xx parameters) */
4a23807f02e9920d92c8449bd93d84501add460avboxsync rc = patmPatchGenIntEntry(pVM, pPatch, pInstrGC);
d9d5fbda1b8f7a6f7fae555db60d0e636fd03af8vboxsync if (VBOX_FAILURE(rc))
4a23807f02e9920d92c8449bd93d84501add460avboxsync goto failure;
1189c7dde5d7f6c26f338ced3d40fc830b822e68vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /***************************************************************************************************************************/
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /** @note We can't insert *any* code before a sysenter handler; some linux guests have an invalid stack at this point!!!!! */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /***************************************************************************************************************************/
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync#ifdef VBOX_WITH_STATISTICS
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (!(pPatch->flags & PATMFL_SYSENTER))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = patmPatchGenStats(pVM, pPatch, pInstrGC);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (VBOX_FAILURE(rc))
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto failure;
5b465a7c1237993faf8bb50120d247f3f0319adavboxsync }
09127e6ed46502ff8a6a521713ee8ace53667683vboxsync#endif
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync rc = patmRecompileCodeStream(pVM, pInstrGC, pInstrGC, patmRecompileCallback, pPatch);
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync if (rc != VINF_SUCCESS)
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("PATMR3PatchCli: patmRecompileCodeStream failed with %d\n", rc));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync goto failure;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Calculated during analysis. */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync if (pPatch->cbPatchBlockSize < SIZEOF_NEARJUMP32)
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync {
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Most likely cause: we encountered an illegal instruction very early on. */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /** @todo could turn it into an int3 callable patch. */
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync Log(("PATMR3PatchBlock: patch block too small -> refuse\n"));
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = VERR_PATCHING_REFUSED;
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync goto failure;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync }
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync /* size of patch block */
ad77e3ec3cde24263bc7537575f5cae442bee3b1vboxsync pPatch->cbPatchBlockSize = pPatch->uCurPatchOffset;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Update free pointer in patch memory. */
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync pVM->patm.s.offPatchMem += pPatch->cbPatchBlockSize;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Round to next 8 byte boundary. */
63c12491acc2b8b95c8ac454f1c48b98eec8f7d8vboxsync pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync
8083a259c13e6e26e56ca2582edbad4a8cfac25avboxsync /*
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync * Insert into patch to guest lookup tree
1bf495e3eec00dd79cecb6b36ef2a97f422c3737vboxsync */
cba6719bd64ec749967bbe931230452664109857vboxsync LogFlow(("Insert %VGv patch offset %VGv\n", pPatchRec->patch.pPrivInstrGC, pPatch->pPatchBlockOffset));
cba6719bd64ec749967bbe931230452664109857vboxsync pPatchRec->CoreOffset.Key = pPatch->pPatchBlockOffset;
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, &pPatchRec->CoreOffset);
9496f2d398b49813176939d7a339ae513d5175efvboxsync AssertMsg(rc, ("RTAvlULInsert failed for %x\n", pPatchRec->CoreOffset.Key));
9496f2d398b49813176939d7a339ae513d5175efvboxsync if (!rc)
840653a285d6bb20fb3150f7c85313956ae4ddb7vboxsync {
cba6719bd64ec749967bbe931230452664109857vboxsync rc = VERR_PATCHING_REFUSED;
cba6719bd64ec749967bbe931230452664109857vboxsync goto failure;
cba6719bd64ec749967bbe931230452664109857vboxsync }
cba6719bd64ec749967bbe931230452664109857vboxsync
a0240ff4f7663045c848fdbc192ea3d4d9f70a11vboxsync /* Note that patmr3SetBranchTargets can install additional patches!! */
cba6719bd64ec749967bbe931230452664109857vboxsync rc = patmr3SetBranchTargets(pVM, pPatch);
if (rc != VINF_SUCCESS)
{
Log(("PATMR3PatchCli: patmr3SetBranchTargets failed with %d\n", rc));
goto failure;
}
#ifdef LOG_ENABLED
Log(("Patch code ----------------------------------------------------------\n"));
patmr3DisasmCodeStream(pVM, PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_GC(pPatch), patmr3DisasmCallback, pPatch);
Log(("Patch code ends -----------------------------------------------------\n"));
#endif
/* make a copy of the guest code bytes that will be overwritten */
pPatch->cbPatchJump = SIZEOF_NEARJUMP32;
rc = PGMPhysReadGCPtr(pVM, pPatch->aPrivInstr, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
AssertRC(rc);
if (pPatch->flags & PATMFL_INT3_REPLACEMENT_BLOCK)
{
/*uint8_t ASMInt3 = 0xCC; - unused */
Log(("PATMR3PatchBlock %VGv -> int 3 callable patch.\n", pPatch->pPrivInstrGC));
/* Replace first opcode byte with 'int 3'. */
rc = patmActivateInt3Patch(pVM, pPatch);
if (VBOX_FAILURE(rc))
goto failure;
/* normal patch can be turned into an int3 patch -> clear patch jump installation flag. */
pPatch->flags &= ~PATMFL_MUST_INSTALL_PATCHJMP;
pPatch->flags &= ~PATMFL_INSTR_HINT;
STAM_COUNTER_INC(&pVM->patm.s.StatInt3Callable);
}
else
if (pPatch->flags & PATMFL_MUST_INSTALL_PATCHJMP)
{
Assert(!(pPatch->flags & (PATMFL_IDTHANDLER|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT|PATMFL_SYSENTER|PATMFL_INT3_REPLACEMENT_BLOCK)));
/* now insert a jump in the guest code */
rc = patmGenJumpToPatch(pVM, pPatch, true);
AssertRC(rc);
if (VBOX_FAILURE(rc))
goto failure;
}
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput, PATMREAD_RAWCODE);
Log(("%s patch: %s", patmGetInstructionString(pPatch->opcode, pPatch->flags), szOutput));
#endif
patmEmptyTree(pVM, &pPatch->pTempInfo->IllegalInstrTree);
pPatch->pTempInfo->nrIllegalInstr = 0;
Log(("Successfully installed %s patch at %VGv\n", patmGetInstructionString(pPatch->opcode, pPatch->flags), pInstrGC));
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
if (pPatchRec->CoreOffset.Key)
RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, pPatchRec->CoreOffset.Key);
patmEmptyTree(pVM, &pPatch->FixupTree);
pPatch->nrFixups = 0;
patmEmptyTree(pVM, &pPatch->JumpTree);
pPatch->nrJumpRecs = 0;
patmEmptyTree(pVM, &pPatch->pTempInfo->IllegalInstrTree);
pPatch->pTempInfo->nrIllegalInstr = 0;
/* Turn this cli patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
pPatch->pPatchBlockOffset = 0;
// Give back the patch memory we no longer need
Assert(orgOffsetPatchMem != (uint32_t)~0);
pVM->patm.s.offPatchMem = orgOffsetPatchMem;
return rc;
}
/**
* Patch IDT handler
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pInstrHC Host context point to privileged instruction
* @param uOpSize Size of starting instruction
* @param pPatchRec Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
static int patmIdtHandler(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC,
uint32_t uOpSize, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch = &pPatchRec->patch;
bool disret;
DISCPUSTATE cpuPush, cpuJmp;
uint32_t opsize;
RTGCPTR pCurInstrGC = pInstrGC;
uint8_t *pCurInstrHC = pInstrHC;
uint32_t orgOffsetPatchMem = ~0;
/*
* In Linux it's often the case that many interrupt handlers push a predefined value onto the stack
* and then jump to a common entrypoint. In order not to waste a lot of memory, we will check for this
* condition here and only patch the common entypoint once.
*/
cpuPush.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpuPush, pCurInstrGC, pCurInstrHC, &opsize, NULL);
Assert(disret);
if (disret && cpuPush.pCurInstr->opcode == OP_PUSH)
{
RTGCPTR pJmpInstrGC;
int rc;
pCurInstrGC += opsize;
pCurInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pCurInstrGC);
cpuJmp.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpuJmp, pCurInstrGC, pCurInstrHC, &opsize, NULL);
if ( disret
&& cpuJmp.pCurInstr->opcode == OP_JMP
&& (pJmpInstrGC = PATMResolveBranch(&cpuJmp, pCurInstrGC))
)
{
PPATMPATCHREC pJmpPatch = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pJmpInstrGC);
if (pJmpPatch == 0)
{
/* Patch it first! */
rc = PATMR3InstallPatch(pVM, pJmpInstrGC, pPatch->flags | PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT);
if (rc != VINF_SUCCESS)
goto failure;
pJmpPatch = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pJmpInstrGC);
Assert(pJmpPatch);
}
if (pJmpPatch->patch.uState != PATCH_ENABLED)
goto failure;
/* save original offset (in case of failures later on) */
orgOffsetPatchMem = pVM->patm.s.offPatchMem;
pPatch->pPatchBlockOffset = pVM->patm.s.offPatchMem;
pPatch->uCurPatchOffset = 0;
pPatch->nrPatch2GuestRecs = 0;
#ifdef VBOX_WITH_STATISTICS
rc = patmPatchGenStats(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#endif
/* Install fake cli patch (to clear the virtual IF) */
rc = patmPatchGenIntEntry(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
/* Add lookup record for patch to guest address translation (for the push) */
patmr3AddP2GLookupRecord(pVM, pPatch, PATCHCODE_PTR_HC(pPatch) + pPatch->uCurPatchOffset, pInstrGC, PATM_LOOKUP_BOTHDIR);
/* Duplicate push. */
rc = patmPatchGenDuplicate(pVM, pPatch, &cpuPush, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
/* Generate jump to common entrypoint. */
rc = patmPatchGenPatchJump(pVM, pPatch, pCurInstrGC, PATCHCODE_PTR_GC(&pJmpPatch->patch));
if (VBOX_FAILURE(rc))
goto failure;
/* size of patch block */
pPatch->cbPatchBlockSize = pPatch->uCurPatchOffset;
/* Update free pointer in patch memory. */
pVM->patm.s.offPatchMem += pPatch->cbPatchBlockSize;
/* Round to next 8 byte boundary */
pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
/* There's no jump from guest to patch code. */
pPatch->cbPatchJump = 0;
#ifdef LOG_ENABLED
Log(("Patch code ----------------------------------------------------------\n"));
patmr3DisasmCodeStream(pVM, PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_GC(pPatch), patmr3DisasmCallback, pPatch);
Log(("Patch code ends -----------------------------------------------------\n"));
#endif
Log(("Successfully installed IDT handler patch at %VGv\n", pInstrGC));
/*
* Insert into patch to guest lookup tree
*/
LogFlow(("Insert %VGv patch offset %VGv\n", pPatchRec->patch.pPrivInstrGC, pPatch->pPatchBlockOffset));
pPatchRec->CoreOffset.Key = pPatch->pPatchBlockOffset;
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, &pPatchRec->CoreOffset);
AssertMsg(rc, ("RTAvlULInsert failed for %x\n", pPatchRec->CoreOffset.Key));
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
}
}
failure:
/* Give back the patch memory we no longer need */
if (orgOffsetPatchMem != (uint32_t)~0)
pVM->patm.s.offPatchMem = orgOffsetPatchMem;
return PATMR3PatchBlock(pVM, pInstrGC, pInstrHC, OP_CLI, uOpSize, pPatchRec);
}
/**
* Install a trampoline to call a guest trap handler directly
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pPatchRec Patch record
*
*/
static int patmInstallTrapTrampoline(PVM pVM, RTGCPTR pInstrGC, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch = &pPatchRec->patch;
int rc = VERR_PATCHING_REFUSED;
uint32_t orgOffsetPatchMem = ~0;
#ifdef LOG_ENABLED
bool disret;
DISCPUSTATE cpu;
uint32_t opsize;
char szOutput[256];
#endif
// save original offset (in case of failures later on)
orgOffsetPatchMem = pVM->patm.s.offPatchMem;
pPatch->pPatchBlockOffset = pVM->patm.s.offPatchMem;
pPatch->uCurPatchOffset = 0;
pPatch->nrPatch2GuestRecs = 0;
#ifdef VBOX_WITH_STATISTICS
rc = patmPatchGenStats(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#endif
rc = patmPatchGenTrapEntry(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
/* size of patch block */
pPatch->cbPatchBlockSize = pPatch->uCurPatchOffset;
/* Update free pointer in patch memory. */
pVM->patm.s.offPatchMem += pPatch->cbPatchBlockSize;
/* Round to next 8 byte boundary */
pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
/* There's no jump from guest to patch code. */
pPatch->cbPatchJump = 0;
#ifdef LOG_ENABLED
Log(("Patch code ----------------------------------------------------------\n"));
patmr3DisasmCodeStream(pVM, PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_GC(pPatch), patmr3DisasmCallback, pPatch);
Log(("Patch code ends -----------------------------------------------------\n"));
#endif
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput);
Log(("TRAP handler patch: %s", szOutput));
#endif
Log(("Successfully installed Trap Trampoline patch at %VGv\n", pInstrGC));
/*
* Insert into patch to guest lookup tree
*/
LogFlow(("Insert %VGv patch offset %VGv\n", pPatchRec->patch.pPrivInstrGC, pPatch->pPatchBlockOffset));
pPatchRec->CoreOffset.Key = pPatch->pPatchBlockOffset;
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, &pPatchRec->CoreOffset);
AssertMsg(rc, ("RTAvlULInsert failed for %x\n", pPatchRec->CoreOffset.Key));
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
AssertMsgFailed(("Failed to install trap handler trampoline!!\n"));
/* Turn this cli patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
pPatch->pPatchBlockOffset = 0;
/* Give back the patch memory we no longer need */
Assert(orgOffsetPatchMem != (uint32_t)~0);
pVM->patm.s.offPatchMem = orgOffsetPatchMem;
return rc;
}
#ifdef DEBUG
/**
* Check if the instruction is patched as a common idt handler
*
* @returns true or false
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to the instruction
*
*/
static bool patmIsCommonIDTHandlerPatch(PVM pVM, RTGCPTR pInstrGC)
{
PPATMPATCHREC pRec;
pRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pRec && pRec->patch.flags & PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT)
return true;
return false;
}
#endif //DEBUG
/**
* Duplicates a complete function
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pPatchRec Patch record
*
*/
static int patmDuplicateFunction(PVM pVM, RTGCPTR pInstrGC, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch = &pPatchRec->patch;
int rc = VERR_PATCHING_REFUSED;
DISCPUSTATE cpu;
uint32_t orgOffsetPatchMem = ~0;
Log(("patmDuplicateFunction %VGv\n", pInstrGC));
/* Save original offset (in case of failures later on). */
orgOffsetPatchMem = pVM->patm.s.offPatchMem;
/* We will not go on indefinitely with call instruction handling. */
if (pVM->patm.s.ulCallDepth > PATM_MAX_CALL_DEPTH)
{
Log(("patmDuplicateFunction: maximum callback depth reached!!\n"));
return VERR_PATCHING_REFUSED;
}
pVM->patm.s.ulCallDepth++;
#ifdef PATM_ENABLE_CALL
pPatch->flags |= PATMFL_SUPPORT_CALLS | PATMFL_SUPPORT_INDIRECT_CALLS;
#endif
Assert(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION));
pPatch->nrPatch2GuestRecs = 0;
pPatch->pPatchBlockOffset = pVM->patm.s.offPatchMem;
pPatch->uCurPatchOffset = 0;
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
/** @note Set the PATM interrupt flag here; it was cleared before the patched call. (!!!) */
rc = patmPatchGenSetPIF(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#ifdef VBOX_WITH_STATISTICS
rc = patmPatchGenStats(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#endif
rc = patmRecompileCodeStream(pVM, pInstrGC, pInstrGC, patmRecompileCallback, pPatch);
if (rc != VINF_SUCCESS)
{
Log(("PATMR3PatchCli: patmRecompileCodeStream failed with %d\n", rc));
goto failure;
}
//size of patch block
pPatch->cbPatchBlockSize = pPatch->uCurPatchOffset;
//update free pointer in patch memory
pVM->patm.s.offPatchMem += pPatch->cbPatchBlockSize;
/* Round to next 8 byte boundary. */
pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
pPatch->uState = PATCH_ENABLED;
/*
* Insert into patch to guest lookup tree
*/
LogFlow(("Insert %VGv patch offset %VGv\n", pPatchRec->patch.pPrivInstrGC, pPatch->pPatchBlockOffset));
pPatchRec->CoreOffset.Key = pPatch->pPatchBlockOffset;
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, &pPatchRec->CoreOffset);
AssertMsg(rc, ("RTAvloGCPtrInsert failed for %x\n", pPatchRec->CoreOffset.Key));
if (!rc)
{
rc = VERR_PATCHING_REFUSED;
goto failure;
}
/* Note that patmr3SetBranchTargets can install additional patches!! */
rc = patmr3SetBranchTargets(pVM, pPatch);
if (rc != VINF_SUCCESS)
{
Log(("PATMR3PatchCli: patmr3SetBranchTargets failed with %d\n", rc));
goto failure;
}
#ifdef LOG_ENABLED
Log(("Patch code ----------------------------------------------------------\n"));
patmr3DisasmCodeStream(pVM, PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_GC(pPatch), patmr3DisasmCallback, pPatch);
Log(("Patch code ends -----------------------------------------------------\n"));
#endif
Log(("Successfully installed function duplication patch at %VGv\n", pInstrGC));
patmEmptyTree(pVM, &pPatch->pTempInfo->IllegalInstrTree);
pPatch->pTempInfo->nrIllegalInstr = 0;
pVM->patm.s.ulCallDepth--;
STAM_COUNTER_INC(&pVM->patm.s.StatInstalledFunctionPatches);
return VINF_SUCCESS;
failure:
if (pPatchRec->CoreOffset.Key)
RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, pPatchRec->CoreOffset.Key);
patmEmptyTree(pVM, &pPatch->FixupTree);
pPatch->nrFixups = 0;
patmEmptyTree(pVM, &pPatch->JumpTree);
pPatch->nrJumpRecs = 0;
patmEmptyTree(pVM, &pPatch->pTempInfo->IllegalInstrTree);
pPatch->pTempInfo->nrIllegalInstr = 0;
/* Turn this cli patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
pPatch->pPatchBlockOffset = 0;
// Give back the patch memory we no longer need
Assert(orgOffsetPatchMem != (uint32_t)~0);
pVM->patm.s.offPatchMem = orgOffsetPatchMem;
pVM->patm.s.ulCallDepth--;
Log(("patmDupicateFunction %VGv failed!!\n", pInstrGC));
return rc;
}
/**
* Creates trampoline code to jump inside an existing patch
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pPatchRec Patch record
*
*/
static int patmCreateTrampoline(PVM pVM, RTGCPTR pInstrGC, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch = &pPatchRec->patch;
RTGCPTR pPage, pPatchTargetGC = 0;
uint32_t orgOffsetPatchMem = ~0;
int rc = VERR_PATCHING_REFUSED;
Log(("patmCreateTrampoline %VGv\n", pInstrGC));
/* Save original offset (in case of failures later on). */
orgOffsetPatchMem = pVM->patm.s.offPatchMem;
/* First we check if the duplicate function target lies in some existing function patch already. Will save some space. */
/** @todo we already checked this before */
pPage = pInstrGC & PAGE_BASE_GC_MASK;
PPATMPATCHPAGE pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, (RTGCPTR)pPage);
if (pPatchPage)
{
uint32_t i;
for (i=0;i<pPatchPage->cCount;i++)
{
if (pPatchPage->aPatch[i])
{
PPATCHINFO pPatch = pPatchPage->aPatch[i];
if ( (pPatch->flags & PATMFL_DUPLICATE_FUNCTION)
&& pPatch->uState == PATCH_ENABLED)
{
pPatchTargetGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pInstrGC);
if (pPatchTargetGC)
{
uint32_t offsetPatch = pPatchTargetGC - pVM->patm.s.pPatchMemGC;
PRECPATCHTOGUEST pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32GetBestFit(&pPatch->Patch2GuestAddrTree, offsetPatch, false);
Assert(pPatchToGuestRec);
pPatchToGuestRec->fJumpTarget = true;
Assert(pPatchTargetGC != pPatch->pPrivInstrGC);
Log(("patmCreateTrampoline: generating jump to code inside patch at %VGv\n", pPatch->pPrivInstrGC));
pPatch->flags |= PATMFL_EXTERNAL_JUMP_INSIDE;
break;
}
}
}
}
}
AssertReturn(pPatchPage && pPatchTargetGC, VERR_PATCHING_REFUSED);
pPatch->nrPatch2GuestRecs = 0;
pPatch->pPatchBlockOffset = pVM->patm.s.offPatchMem;
pPatch->uCurPatchOffset = 0;
/** @note Set the PATM interrupt flag here; it was cleared before the patched call. (!!!) */
rc = patmPatchGenSetPIF(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#ifdef VBOX_WITH_STATISTICS
rc = patmPatchGenStats(pVM, pPatch, pInstrGC);
if (VBOX_FAILURE(rc))
goto failure;
#endif
rc = patmPatchGenPatchJump(pVM, pPatch, pInstrGC, pPatchTargetGC);
if (VBOX_FAILURE(rc))
goto failure;
/*
* Insert into patch to guest lookup tree
*/
LogFlow(("Insert %VGv patch offset %VGv\n", pPatchRec->patch.pPrivInstrGC, pPatch->pPatchBlockOffset));
pPatchRec->CoreOffset.Key = pPatch->pPatchBlockOffset;
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, &pPatchRec->CoreOffset);
AssertMsg(rc, ("RTAvloGCPtrInsert failed for %x\n", pPatchRec->CoreOffset.Key));
if (!rc)
{
rc = VERR_PATCHING_REFUSED;
goto failure;
}
/* size of patch block */
pPatch->cbPatchBlockSize = pPatch->uCurPatchOffset;
/* Update free pointer in patch memory. */
pVM->patm.s.offPatchMem += pPatch->cbPatchBlockSize;
/* Round to next 8 byte boundary */
pVM->patm.s.offPatchMem = RT_ALIGN_32(pVM->patm.s.offPatchMem, 8);
/* There's no jump from guest to patch code. */
pPatch->cbPatchJump = 0;
/* Enable the patch. */
pPatch->uState = PATCH_ENABLED;
/* We allow this patch to be called as a function. */
pPatch->flags |= PATMFL_CALLABLE_AS_FUNCTION;
STAM_COUNTER_INC(&pVM->patm.s.StatInstalledTrampoline);
return VINF_SUCCESS;
failure:
if (pPatchRec->CoreOffset.Key)
RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, pPatchRec->CoreOffset.Key);
patmEmptyTree(pVM, &pPatch->FixupTree);
pPatch->nrFixups = 0;
patmEmptyTree(pVM, &pPatch->JumpTree);
pPatch->nrJumpRecs = 0;
patmEmptyTree(pVM, &pPatch->pTempInfo->IllegalInstrTree);
pPatch->pTempInfo->nrIllegalInstr = 0;
/* Turn this cli patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
pPatch->pPatchBlockOffset = 0;
// Give back the patch memory we no longer need
Assert(orgOffsetPatchMem != (uint32_t)~0);
pVM->patm.s.offPatchMem = orgOffsetPatchMem;
return rc;
}
/**
* Patch branch target function for call/jump at specified location.
* (in responds to a VINF_PATM_DUPLICATE_FUNCTION GC exit reason)
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pCtx Guest context
*
*/
PATMR3DECL(int) PATMR3DuplicateFunctionRequest(PVM pVM, PCPUMCTX pCtx)
{
RTGCPTR pBranchTarget, pPage;
int rc;
RTGCPTR pPatchTargetGC = 0;
pBranchTarget = pCtx->edx;
pBranchTarget = SELMToFlat(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid, pBranchTarget);
/* First we check if the duplicate function target lies in some existing function patch already. Will save some space. */
pPage = pBranchTarget & PAGE_BASE_GC_MASK;
PPATMPATCHPAGE pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, (RTGCPTR)pPage);
if (pPatchPage)
{
uint32_t i;
for (i=0;i<pPatchPage->cCount;i++)
{
if (pPatchPage->aPatch[i])
{
PPATCHINFO pPatch = pPatchPage->aPatch[i];
if ( (pPatch->flags & PATMFL_DUPLICATE_FUNCTION)
&& pPatch->uState == PATCH_ENABLED)
{
pPatchTargetGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pBranchTarget);
if (pPatchTargetGC)
{
STAM_COUNTER_INC(&pVM->patm.s.StatDuplicateUseExisting);
break;
}
}
}
}
}
if (pPatchTargetGC)
{
/* Create a trampoline that also sets PATM_INTERRUPTFLAG. */
rc = PATMR3InstallPatch(pVM, pBranchTarget, PATMFL_CODE32 | PATMFL_TRAMPOLINE);
}
else
{
rc = PATMR3InstallPatch(pVM, pBranchTarget, PATMFL_CODE32 | PATMFL_DUPLICATE_FUNCTION);
}
if (rc == VINF_SUCCESS)
{
pPatchTargetGC = PATMR3QueryPatchGCPtr(pVM, pBranchTarget);
Assert(pPatchTargetGC);
}
if (pPatchTargetGC)
{
pCtx->eax = pPatchTargetGC;
pCtx->eax = pCtx->eax - (RTGCUINTPTR)pVM->patm.s.pPatchMemGC; /* make it relative */
}
else
{
/* We add a dummy entry into the lookup cache so we won't get bombarded with the same requests over and over again. */
pCtx->eax = 0;
STAM_COUNTER_INC(&pVM->patm.s.StatDuplicateREQFailed);
}
Assert(PATMIsPatchGCAddr(pVM, pCtx->edi));
rc = PATMAddBranchToLookupCache(pVM, pCtx->edi, pBranchTarget, pCtx->eax);
AssertRC(rc);
pCtx->eip += PATM_ILLEGAL_INSTR_SIZE;
STAM_COUNTER_INC(&pVM->patm.s.StatDuplicateREQSuccess);
return VINF_SUCCESS;
}
/**
* Replaces a function call by a call to an existing function duplicate (or jmp -> jmp)
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pCpu Disassembly CPU structure ptr
* @param pInstrGC Guest context point to privileged instruction
* @param pPatch Patch record
*
*/
static int patmReplaceFunctionCall(PVM pVM, DISCPUSTATE *pCpu, RTGCPTR pInstrGC, PPATCHINFO pPatch)
{
int rc = VERR_PATCHING_REFUSED;
DISCPUSTATE cpu;
RTGCPTR pTargetGC;
PPATMPATCHREC pPatchFunction;
uint32_t opsize;
bool disret;
#ifdef LOG_ENABLED
char szOutput[256];
#endif
Assert(pPatch->flags & PATMFL_REPLACE_FUNCTION_CALL);
Assert((pCpu->pCurInstr->opcode == OP_CALL || pCpu->pCurInstr->opcode == OP_JMP) && pCpu->opsize == SIZEOF_NEARJUMP32);
if ((pCpu->pCurInstr->opcode != OP_CALL && pCpu->pCurInstr->opcode != OP_JMP) || pCpu->opsize != SIZEOF_NEARJUMP32)
{
rc = VERR_PATCHING_REFUSED;
goto failure;
}
pTargetGC = PATMResolveBranch(pCpu, pInstrGC);
if (pTargetGC == 0)
{
Log(("We don't support far jumps here!! (%08X)\n", pCpu->param1.flags));
rc = VERR_PATCHING_REFUSED;
goto failure;
}
pPatchFunction = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pTargetGC);
if (pPatchFunction == NULL)
{
for(;;)
{
/* It could be an indirect call (call -> jmp dest).
* Note that it's dangerous to assume the jump will never change...
*/
uint8_t *pTmpInstrHC;
pTmpInstrHC = PATMGCVirtToHCVirt(pVM, pPatch, pTargetGC);
Assert(pTmpInstrHC);
if (pTmpInstrHC == 0)
break;
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pTargetGC, pTmpInstrHC, &opsize, NULL);
if (disret == false || cpu.pCurInstr->opcode != OP_JMP)
break;
pTargetGC = PATMResolveBranch(&cpu, pTargetGC);
if (pTargetGC == 0)
{
break;
}
pPatchFunction = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pTargetGC);
break;
}
if (pPatchFunction == 0)
{
AssertMsgFailed(("Unable to find duplicate function %VGv\n", pTargetGC));
rc = VERR_PATCHING_REFUSED;
goto failure;
}
}
// make a copy of the guest code bytes that will be overwritten
pPatch->cbPatchJump = SIZEOF_NEARJUMP32;
rc = PGMPhysReadGCPtr(pVM, pPatch->aPrivInstr, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
AssertRC(rc);
/* Now replace the original call in the guest code */
rc = patmGenCallToPatch(pVM, pPatch, PATCHCODE_PTR_GC(&pPatchFunction->patch), true);
AssertRC(rc);
if (VBOX_FAILURE(rc))
goto failure;
/* Lowest and highest address for write monitoring. */
pPatch->pInstrGCLowest = pInstrGC;
pPatch->pInstrGCHighest = pInstrGC + pCpu->opsize;
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput);
Log(("Call patch: %s", szOutput));
#endif
Log(("Successfully installed function replacement patch at %VGv\n", pInstrGC));
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
/* Turn this patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
return rc;
}
/**
* Replace the address in an MMIO instruction with the cached version.
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pCpu Disassembly CPU structure ptr
* @param pPatch Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
static int patmPatchMMIOInstr(PVM pVM, RTGCPTR pInstrGC, DISCPUSTATE *pCpu, PPATCHINFO pPatch)
{
uint8_t *pPB;
int rc = VERR_PATCHING_REFUSED;
#ifdef LOG_ENABLED
DISCPUSTATE cpu;
uint32_t opsize;
bool disret;
char szOutput[256];
#endif
Assert(pVM->patm.s.mmio.pCachedData);
if (!pVM->patm.s.mmio.pCachedData)
goto failure;
if (pCpu->param2.flags != USE_DISPLACEMENT32)
goto failure;
pPB = pPatch->pPrivInstrHC;
/* Add relocation record for cached data access. */
if (patmPatchAddReloc32(pVM, pPatch, &pPB[pCpu->opsize - sizeof(RTGCPTR)], FIXUP_ABSOLUTE, pPatch->pPrivInstrGC, pVM->patm.s.mmio.pCachedData) != VINF_SUCCESS)
{
Log(("Relocation failed for cached mmio address!!\n"));
return VERR_PATCHING_REFUSED;
}
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput);
Log(("MMIO patch old instruction: %s", szOutput));
#endif
/* Save original instruction. */
rc = PGMPhysReadGCPtr(pVM, pPatch->aPrivInstr, pPatch->pPrivInstrGC, pPatch->cbPrivInstr);
AssertRC(rc);
pPatch->cbPatchJump = pPatch->cbPrivInstr; /* bit of a misnomer in this case; size of replacement instruction. */
/* Replace address with that of the cached item. */
rc = PGMPhysWriteGCPtrDirty(pVM, pInstrGC + pCpu->opsize - sizeof(RTGCPTR), &pVM->patm.s.mmio.pCachedData, sizeof(RTGCPTR));
AssertRC(rc);
if (VBOX_FAILURE(rc))
{
goto failure;
}
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput);
Log(("MMIO patch: %s", szOutput));
#endif
pVM->patm.s.mmio.pCachedData = 0;
pVM->patm.s.mmio.GCPhys = 0;
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
/* Turn this patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
return rc;
}
/**
* Replace the address in an MMIO instruction with the cached version. (instruction is part of an existing patch)
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pPatch Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
static int patmPatchPATMMMIOInstr(PVM pVM, RTGCPTR pInstrGC, PPATCHINFO pPatch)
{
DISCPUSTATE cpu;
uint32_t opsize;
bool disret;
uint8_t *pInstrHC;
#ifdef LOG_ENABLED
char szOutput[256];
#endif
AssertReturn(pVM->patm.s.mmio.pCachedData, VERR_INVALID_PARAMETER);
/* Convert GC to HC address. */
pInstrHC = patmPatchGCPtr2PatchHCPtr(pVM, pInstrGC);
AssertReturn(pInstrHC, VERR_PATCHING_REFUSED);
/* Disassemble mmio instruction. */
cpu.mode = pPatch->uOpMode;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pInstrGC, pInstrHC, &opsize, NULL);
if (disret == false)
{
Log(("Disassembly failed (probably page not present) -> return to caller\n"));
return VERR_PATCHING_REFUSED;
}
AssertMsg(opsize <= MAX_INSTR_SIZE, ("privileged instruction too big %d!!\n", opsize));
if (opsize > MAX_INSTR_SIZE)
return VERR_PATCHING_REFUSED;
if (cpu.param2.flags != USE_DISPLACEMENT32)
return VERR_PATCHING_REFUSED;
/* Add relocation record for cached data access. */
if (patmPatchAddReloc32(pVM, pPatch, &pInstrHC[cpu.opsize - sizeof(RTGCPTR)], FIXUP_ABSOLUTE) != VINF_SUCCESS)
{
Log(("Relocation failed for cached mmio address!!\n"));
return VERR_PATCHING_REFUSED;
}
/* Replace address with that of the cached item. */
*(RTGCPTR *)&pInstrHC[cpu.opsize - sizeof(RTGCPTR)] = pVM->patm.s.mmio.pCachedData;
/* Lowest and highest address for write monitoring. */
pPatch->pInstrGCLowest = pInstrGC;
pPatch->pInstrGCHighest = pInstrGC + cpu.opsize;
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pInstrGC, pInstrHC, &opsize, szOutput);
Log(("MMIO patch: %s", szOutput));
#endif
pVM->patm.s.mmio.pCachedData = 0;
pVM->patm.s.mmio.GCPhys = 0;
return VINF_SUCCESS;
}
/**
* Activates an int3 patch
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
*/
static int patmActivateInt3Patch(PVM pVM, PPATCHINFO pPatch)
{
uint8_t ASMInt3 = 0xCC;
int rc;
Assert(pPatch->flags & (PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK));
Assert(pPatch->uState != PATCH_ENABLED);
/* Replace first opcode byte with 'int 3'. */
rc = PGMPhysWriteGCPtrDirty(pVM, pPatch->pPrivInstrGC, &ASMInt3, sizeof(ASMInt3));
AssertRC(rc);
pPatch->cbPatchJump = sizeof(ASMInt3);
return rc;
}
/**
* Deactivates an int3 patch
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
*/
static int patmDeactivateInt3Patch(PVM pVM, PPATCHINFO pPatch)
{
uint8_t ASMInt3 = 0xCC;
int rc;
Assert(pPatch->flags & (PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK));
Assert(pPatch->uState == PATCH_ENABLED || pPatch->uState == PATCH_DIRTY);
/* Restore first opcode byte. */
rc = PGMPhysWriteGCPtrDirty(pVM, pPatch->pPrivInstrGC, pPatch->aPrivInstr, sizeof(ASMInt3));
AssertRC(rc);
return rc;
}
/**
* Replace an instruction with a breakpoint (0xCC), that is handled dynamically in the guest context.
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pInstrHC Host context point to privileged instruction
* @param pCpu Disassembly CPU structure ptr
* @param pPatch Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
PATMR3DECL(int) PATMR3PatchInstrInt3(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC, DISCPUSTATE *pCpu, PPATCHINFO pPatch)
{
uint8_t ASMInt3 = 0xCC;
int rc;
/** @note Do not use patch memory here! It might called during patch installation too. */
#ifdef LOG_ENABLED
DISCPUSTATE cpu;
char szOutput[256];
uint32_t opsize;
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
PATMR3DISInstr(pVM, pPatch, &cpu, pInstrGC, pInstrHC, &opsize, szOutput);
Log(("PATMR3PatchInstrInt3: %s", szOutput));
#endif
/* Save the original instruction. */
rc = PGMPhysReadGCPtr(pVM, pPatch->aPrivInstr, pPatch->pPrivInstrGC, pPatch->cbPrivInstr);
AssertRC(rc);
pPatch->cbPatchJump = sizeof(ASMInt3); /* bit of a misnomer in this case; size of replacement instruction. */
pPatch->flags |= PATMFL_INT3_REPLACEMENT;
/* Replace first opcode byte with 'int 3'. */
rc = patmActivateInt3Patch(pVM, pPatch);
if (VBOX_FAILURE(rc))
goto failure;
/* Lowest and highest address for write monitoring. */
pPatch->pInstrGCLowest = pInstrGC;
pPatch->pInstrGCHighest = pInstrGC + pCpu->opsize;
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
/* Turn this patch into a dummy. */
return VERR_PATCHING_REFUSED;
}
#ifdef PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES
/**
* Patch a jump instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC Guest context point to privileged instruction
* @param pInstrHC Host context point to privileged instruction
* @param pCpu Disassembly CPU structure ptr
* @param pPatchRec Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
int patmPatchJump(PVM pVM, RTGCPTR pInstrGC, R3PTRTYPE(uint8_t *) pInstrHC, DISCPUSTATE *pCpu, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch = &pPatchRec->patch;
int rc = VERR_PATCHING_REFUSED;
#ifdef LOG_ENABLED
bool disret;
DISCPUSTATE cpu;
uint32_t opsize;
char szOutput[256];
#endif
pPatch->pPatchBlockOffset = 0; /* doesn't use patch memory */
pPatch->uCurPatchOffset = 0;
pPatch->cbPatchBlockSize = 0;
pPatch->flags |= PATMFL_SINGLE_INSTRUCTION;
/*
* Instruction replacements such as these should never be interrupted. I've added code to EM.cpp to
* make sure this never happens. (unless a trap is triggered (intentionally or not))
*/
switch (pCpu->pCurInstr->opcode)
{
case OP_JO:
case OP_JNO:
case OP_JC:
case OP_JNC:
case OP_JE:
case OP_JNE:
case OP_JBE:
case OP_JNBE:
case OP_JS:
case OP_JNS:
case OP_JP:
case OP_JNP:
case OP_JL:
case OP_JNL:
case OP_JLE:
case OP_JNLE:
case OP_JMP:
Assert(pPatch->flags & PATMFL_JUMP_CONFLICT);
Assert(pCpu->param1.flags & USE_IMMEDIATE32_REL);
if (!(pCpu->param1.flags & USE_IMMEDIATE32_REL))
goto failure;
Assert(pCpu->opsize == SIZEOF_NEARJUMP32 || pCpu->opsize == SIZEOF_NEAR_COND_JUMP32);
if (pCpu->opsize != SIZEOF_NEARJUMP32 && pCpu->opsize != SIZEOF_NEAR_COND_JUMP32)
goto failure;
if (PAGE_ADDRESS(pInstrGC) != PAGE_ADDRESS(pInstrGC + pCpu->opsize))
{
STAM_COUNTER_INC(&pVM->patm.s.StatPageBoundaryCrossed);
AssertMsgFailed(("Patch jump would cross page boundary -> refuse!!\n"));
rc = VERR_PATCHING_REFUSED;
goto failure;
}
break;
default:
goto failure;
}
// make a copy of the guest code bytes that will be overwritten
Assert(pCpu->opsize <= sizeof(pPatch->aPrivInstr));
Assert(pCpu->opsize >= SIZEOF_NEARJUMP32);
pPatch->cbPatchJump = pCpu->opsize;
rc = PGMPhysReadGCPtr(pVM, pPatch->aPrivInstr, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
AssertRC(rc);
/* Now insert a jump in the guest code. */
/*
* A conflict jump patch needs to be treated differently; we'll just replace the relative jump address with one that
* references the target instruction in the conflict patch.
*/
RTGCPTR pJmpDest = PATMR3GuestGCPtrToPatchGCPtr(pVM, pInstrGC + pCpu->opsize + (int32_t)pCpu->param1.parval);
AssertMsg(pJmpDest, ("PATMR3GuestGCPtrToPatchGCPtr failed for %VGv\n", pInstrGC + pCpu->opsize + (int32_t)pCpu->param1.parval));
pPatch->pPatchJumpDestGC = pJmpDest;
rc = patmGenJumpToPatch(pVM, pPatch, true);
AssertRC(rc);
if (VBOX_FAILURE(rc))
goto failure;
pPatch->flags |= PATMFL_MUST_INSTALL_PATCHJMP;
#ifdef LOG_ENABLED
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC, pPatch->pPrivInstrHC, &opsize, szOutput);
Log(("%s patch: %s", patmGetInstructionString(pPatch->opcode, pPatch->flags), szOutput));
#endif
Log(("Successfully installed %s patch at %VGv\n", patmGetInstructionString(pPatch->opcode, pPatch->flags), pInstrGC));
STAM_COUNTER_INC(&pVM->patm.s.StatInstalledJump);
/* Lowest and highest address for write monitoring. */
pPatch->pInstrGCLowest = pInstrGC;
pPatch->pInstrGCHighest = pInstrGC + pPatch->cbPatchJump;
pPatch->uState = PATCH_ENABLED;
return VINF_SUCCESS;
failure:
/* Turn this cli patch into a dummy. */
pPatch->uState = PATCH_REFUSED;
return rc;
}
#endif /* PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES */
/**
* Gives hint to PATM about supervisor guest instructions
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context point to privileged instruction
* @param flags Patch flags
*/
PATMR3DECL(int) PATMR3AddHint(PVM pVM, RTGCPTR pInstrGC, uint32_t flags)
{
Assert(pInstrGC);
Assert(flags == PATMFL_CODE32);
Log(("PATMR3AddHint %VGv\n", pInstrGC));
return PATMR3InstallPatch(pVM, pInstrGC, PATMFL_CODE32 | PATMFL_INSTR_HINT);
}
/**
* Patch privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context point to privileged instruction (0:32 flat address)
* @param flags Patch flags
*
* @note returns failure if patching is not allowed or possible
*/
PATMR3DECL(int) PATMR3InstallPatch(PVM pVM, RTGCPTR pInstrGC, uint64_t flags)
{
DISCPUSTATE cpu;
R3PTRTYPE(uint8_t *) pInstrHC;
uint32_t opsize;
PPATMPATCHREC pPatchRec;
PCPUMCTX pCtx = 0;
bool disret;
int rc;
if (!pVM || pInstrGC == 0 || (flags & ~(PATMFL_CODE32|PATMFL_IDTHANDLER|PATMFL_INTHANDLER|PATMFL_SYSENTER|PATMFL_TRAPHANDLER|PATMFL_DUPLICATE_FUNCTION|PATMFL_REPLACE_FUNCTION_CALL|PATMFL_GUEST_SPECIFIC|PATMFL_INT3_REPLACEMENT|PATMFL_TRAPHANDLER_WITH_ERRORCODE|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT|PATMFL_MMIO_ACCESS|PATMFL_TRAMPOLINE|PATMFL_INSTR_HINT|PATMFL_JUMP_CONFLICT)))
{
AssertFailed();
return VERR_INVALID_PARAMETER;
}
if (PATMIsEnabled(pVM) == false)
return VERR_PATCHING_REFUSED;
/* Test for patch conflict only with patches that actually change guest code. */
if (!(flags & (PATMFL_GUEST_SPECIFIC|PATMFL_IDTHANDLER|PATMFL_INTHANDLER|PATMFL_TRAMPOLINE)))
{
PPATCHINFO pConflictPatch = PATMFindActivePatchByEntrypoint(pVM, pInstrGC);
AssertReleaseMsg(pConflictPatch == 0, ("Unable to patch overwritten instruction at %VGv (%VGv)\n", pInstrGC, pConflictPatch->pPrivInstrGC));
if (pConflictPatch != 0)
return VERR_PATCHING_REFUSED;
}
if (!(flags & PATMFL_CODE32))
{
/** @todo Only 32 bits code right now */
AssertMsgFailed(("PATMR3InstallPatch: We don't support 16 bits code at this moment!!\n"));
return VERR_NOT_IMPLEMENTED;
}
/* We ran out of patch memory; don't bother anymore. */
if (pVM->patm.s.fOutOfMemory == true)
return VERR_PATCHING_REFUSED;
/* Make sure the code selector is wide open; otherwise refuse. */
CPUMQueryGuestCtxPtr(pVM, &pCtx);
if (CPUMGetGuestCPL(pVM, CPUMCTX2CORE(pCtx)) == 0)
{
RTGCPTR pInstrGCFlat = SELMToFlat(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid, pInstrGC);
if (pInstrGCFlat != pInstrGC)
{
Log(("PATMR3InstallPatch: code selector not wide open: %04x:%VGv != %VGv eflags=%08x\n", pCtx->cs, pInstrGCFlat, pInstrGC, pCtx->eflags.u32));
return VERR_PATCHING_REFUSED;
}
}
/** @note the OpenBSD specific check will break if we allow additional patches to be installed (int 3)) */
if (!(flags & PATMFL_GUEST_SPECIFIC))
{
/* New code. Make sure CSAM has a go at it first. */
CSAMR3CheckCode(pVM, pInstrGC);
}
/** @note obsolete */
if ( PATMIsPatchGCAddr(pVM, pInstrGC)
&& (flags & PATMFL_MMIO_ACCESS))
{
RTGCUINTPTR offset;
void *pvPatchCoreOffset;
/* Find the patch record. */
offset = pInstrGC - pVM->patm.s.pPatchMemGC;
pvPatchCoreOffset = RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, offset, false);
if (pvPatchCoreOffset == NULL)
{
AssertMsgFailed(("PATMR3InstallPatch: patch not found at address %VGv!!\n", pInstrGC));
return VERR_PATCH_NOT_FOUND; //fatal error
}
pPatchRec = PATM_PATCHREC_FROM_COREOFFSET(pvPatchCoreOffset);
return patmPatchPATMMMIOInstr(pVM, pInstrGC, &pPatchRec->patch);
}
AssertReturn(!PATMIsPatchGCAddr(pVM, pInstrGC), VERR_PATCHING_REFUSED);
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pPatchRec)
{
Assert(!(flags & PATMFL_TRAMPOLINE));
/* Hints about existing patches are ignored. */
if (flags & PATMFL_INSTR_HINT)
return VERR_PATCHING_REFUSED;
if (pPatchRec->patch.uState == PATCH_DISABLE_PENDING)
{
Log(("PATMR3InstallPatch: disable operation is pending for patch at %VGv\n", pPatchRec->patch.pPrivInstrGC));
PATMR3DisablePatch(pVM, pPatchRec->patch.pPrivInstrGC);
Assert(pPatchRec->patch.uState == PATCH_DISABLED);
}
if (pPatchRec->patch.uState == PATCH_DISABLED)
{
/* A patch, for which we previously received a hint, will be enabled and turned into a normal patch. */
if (pPatchRec->patch.flags & PATMFL_INSTR_HINT)
{
Log(("Enabling HINTED patch %VGv\n", pInstrGC));
pPatchRec->patch.flags &= ~PATMFL_INSTR_HINT;
}
else
Log(("Enabling patch %VGv again\n", pInstrGC));
/** @todo we shouldn't disable and enable patches too often (it's relatively cheap, but pointless if it always happens) */
rc = PATMR3EnablePatch(pVM, pInstrGC);
if (VBOX_SUCCESS(rc))
return VWRN_PATCH_ENABLED;
return rc;
}
if ( pPatchRec->patch.uState == PATCH_ENABLED
|| pPatchRec->patch.uState == PATCH_DIRTY)
{
/*
* The patch might have been overwritten.
*/
STAM_COUNTER_INC(&pVM->patm.s.StatOverwritten);
if (pPatchRec->patch.uState != PATCH_REFUSED && pPatchRec->patch.uState != PATCH_UNUSABLE)
{
/* Patch must have been overwritten; remove it and pretend nothing happened. */
Log(("Patch an existing patched instruction?!? (%VGv)\n", pInstrGC));
if (pPatchRec->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_MMIO_ACCESS|PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK))
{
if (flags & PATMFL_IDTHANDLER)
pPatchRec->patch.flags |= (flags & (PATMFL_IDTHANDLER|PATMFL_TRAPHANDLER|PATMFL_INTHANDLER)); /* update the type */
return VERR_PATM_ALREADY_PATCHED; /* already done once */
}
}
PATMR3RemovePatch(pVM, pInstrGC);
}
else
{
AssertMsg(pPatchRec->patch.uState == PATCH_REFUSED || pPatchRec->patch.uState == PATCH_UNUSABLE, ("Patch an existing patched instruction?!? (%VGv, state=%d)\n", pInstrGC, pPatchRec->patch.uState));
/* already tried it once! */
return VERR_PATCHING_REFUSED;
}
}
rc = MMHyperAlloc(pVM, sizeof(PATMPATCHREC), 0, MM_TAG_PATM_PATCH, (void **)&pPatchRec);
if (VBOX_FAILURE(rc))
{
Log(("Out of memory!!!!\n"));
return VERR_NO_MEMORY;
}
pPatchRec->Core.Key = pInstrGC;
pPatchRec->patch.uState = PATCH_REFUSED; //default
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTree, &pPatchRec->Core);
Assert(rc);
RTGCPHYS GCPhys;
rc = PGMGstGetPage(pVM, pInstrGC, NULL, &GCPhys);
if (rc != VINF_SUCCESS)
{
Log(("PGMGstGetPage failed with %Vrc\n", rc));
return rc;
}
/* Disallow patching instructions inside ROM code; complete function duplication is allowed though. */
if ( !(flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_TRAMPOLINE))
&& !PGMPhysIsGCPhysNormal(pVM, GCPhys))
{
Log(("Code at %RGv (phys %RGp) is in a ROM, MMIO or invalid page - refused\n", pInstrGC, GCPhys));
return VERR_PATCHING_REFUSED;
}
GCPhys = GCPhys + (pInstrGC & PAGE_OFFSET_MASK);
rc = PGMPhysGCPhys2HCPtr(pVM, GCPhys, MAX_INSTR_SIZE, (void **)&pInstrHC);
AssertRCReturn(rc, rc);
pPatchRec->patch.pPrivInstrHC = pInstrHC;
pPatchRec->patch.pPrivInstrGC = pInstrGC;
pPatchRec->patch.flags = flags;
pPatchRec->patch.uOpMode = (flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
pPatchRec->patch.pInstrGCLowest = pInstrGC;
pPatchRec->patch.pInstrGCHighest = pInstrGC;
if (!(pPatchRec->patch.flags & (PATMFL_DUPLICATE_FUNCTION | PATMFL_IDTHANDLER | PATMFL_SYSENTER | PATMFL_TRAMPOLINE)))
{
/*
* Close proximity to an unusable patch is a possible hint that this patch would turn out to be dangerous too!
*/
PPATMPATCHREC pPatchNear = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, (pInstrGC + SIZEOF_NEARJUMP32 - 1), false);
if (pPatchNear)
{
if (pPatchNear->patch.uState == PATCH_UNUSABLE && pInstrGC < pPatchNear->patch.pPrivInstrGC && pInstrGC + SIZEOF_NEARJUMP32 > pPatchNear->patch.pPrivInstrGC)
{
Log(("Dangerous patch; would overwrite the ususable patch at %VGv\n", pPatchNear->patch.pPrivInstrGC));
pPatchRec->patch.uState = PATCH_UNUSABLE;
/*
* Leave the new patch active as it's marked unusable; to prevent us from checking it over and over again
*/
return VERR_PATCHING_REFUSED;
}
}
}
pPatchRec->patch.pTempInfo = (PPATCHINFOTEMP)MMR3HeapAllocZ(pVM, MM_TAG_PATM_PATCH, sizeof(PATCHINFOTEMP));
if (pPatchRec->patch.pTempInfo == 0)
{
Log(("Out of memory!!!!\n"));
return VERR_NO_MEMORY;
}
cpu.mode = pPatchRec->patch.uOpMode;
disret = PATMR3DISInstr(pVM, &pPatchRec->patch, &cpu, pInstrGC, pInstrHC, &opsize, NULL);
if (disret == false)
{
Log(("Disassembly failed (probably page not present) -> return to caller\n"));
return VERR_PATCHING_REFUSED;
}
AssertMsg(opsize <= MAX_INSTR_SIZE, ("privileged instruction too big %d!!\n", opsize));
if (opsize > MAX_INSTR_SIZE)
{
return VERR_PATCHING_REFUSED;
}
pPatchRec->patch.cbPrivInstr = opsize;
pPatchRec->patch.opcode = cpu.pCurInstr->opcode;
/* Restricted hinting for now. */
Assert(!(flags & PATMFL_INSTR_HINT) || cpu.pCurInstr->opcode == OP_CLI);
/* Allocate statistics slot */
if (pVM->patm.s.uCurrentPatchIdx < PATM_STAT_MAX_COUNTERS)
{
pPatchRec->patch.uPatchIdx = pVM->patm.s.uCurrentPatchIdx++;
}
else
{
Log(("WARNING: Patch index wrap around!!\n"));
pPatchRec->patch.uPatchIdx = PATM_STAT_INDEX_DUMMY;
}
if (pPatchRec->patch.flags & PATMFL_TRAPHANDLER)
{
rc = patmInstallTrapTrampoline(pVM, pInstrGC, pPatchRec);
}
else
if (pPatchRec->patch.flags & (PATMFL_DUPLICATE_FUNCTION ))
{
rc = patmDuplicateFunction(pVM, pInstrGC, pPatchRec);
}
else
if (pPatchRec->patch.flags & PATMFL_TRAMPOLINE)
{
rc = patmCreateTrampoline(pVM, pInstrGC, pPatchRec);
}
else
if (pPatchRec->patch.flags & PATMFL_REPLACE_FUNCTION_CALL)
{
rc = patmReplaceFunctionCall(pVM, &cpu, pInstrGC, &pPatchRec->patch);
}
else
if (pPatchRec->patch.flags & PATMFL_INT3_REPLACEMENT)
{
rc = PATMR3PatchInstrInt3(pVM, pInstrGC, pInstrHC, &cpu, &pPatchRec->patch);
}
else
if (pPatchRec->patch.flags & PATMFL_MMIO_ACCESS)
{
rc = patmPatchMMIOInstr(pVM, pInstrGC, &cpu, &pPatchRec->patch);
}
else
if (pPatchRec->patch.flags & (PATMFL_IDTHANDLER|PATMFL_SYSENTER))
{
if (pPatchRec->patch.flags & PATMFL_SYSENTER)
pPatchRec->patch.flags |= PATMFL_IDTHANDLER; /* we treat a sysenter handler as an IDT handler */
rc = patmIdtHandler(pVM, pInstrGC, pInstrHC, opsize, pPatchRec);
#ifdef VBOX_WITH_STATISTICS
if ( rc == VINF_SUCCESS
&& (pPatchRec->patch.flags & PATMFL_SYSENTER))
{
pVM->patm.s.uSysEnterPatchIdx = pPatchRec->patch.uPatchIdx;
}
#endif
}
else
if (pPatchRec->patch.flags & PATMFL_GUEST_SPECIFIC)
{
switch (cpu.pCurInstr->opcode)
{
case OP_SYSENTER:
case OP_PUSH:
rc = PATMInstallGuestSpecificPatch(pVM, &cpu, pInstrGC, pInstrHC, pPatchRec);
if (rc == VINF_SUCCESS)
{
if (rc == VINF_SUCCESS)
Log(("PATMR3InstallPatch GUEST: %s %VGv code32=%d\n", patmGetInstructionString(pPatchRec->patch.opcode, pPatchRec->patch.flags), pInstrGC, (flags & PATMFL_CODE32) ? 1 : 0));
return rc;
}
break;
default:
rc = VERR_NOT_IMPLEMENTED;
break;
}
}
else
{
switch (cpu.pCurInstr->opcode)
{
case OP_SYSENTER:
rc = PATMInstallGuestSpecificPatch(pVM, &cpu, pInstrGC, pInstrHC, pPatchRec);
if (rc == VINF_SUCCESS)
{
Log(("PATMR3InstallPatch GUEST: %s %VGv code32=%d\n", patmGetInstructionString(pPatchRec->patch.opcode, pPatchRec->patch.flags), pInstrGC, (flags & PATMFL_CODE32) ? 1 : 0));
return VINF_SUCCESS;
}
break;
#ifdef PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES
case OP_JO:
case OP_JNO:
case OP_JC:
case OP_JNC:
case OP_JE:
case OP_JNE:
case OP_JBE:
case OP_JNBE:
case OP_JS:
case OP_JNS:
case OP_JP:
case OP_JNP:
case OP_JL:
case OP_JNL:
case OP_JLE:
case OP_JNLE:
case OP_JECXZ:
case OP_LOOP:
case OP_LOOPNE:
case OP_LOOPE:
case OP_JMP:
if (pPatchRec->patch.flags & PATMFL_JUMP_CONFLICT)
{
rc = patmPatchJump(pVM, pInstrGC, pInstrHC, &cpu, pPatchRec);
break;
}
return VERR_NOT_IMPLEMENTED;
#endif
case OP_PUSHF:
case OP_CLI:
Log(("PATMR3InstallPatch %s %VGv code32=%d\n", patmGetInstructionString(pPatchRec->patch.opcode, pPatchRec->patch.flags), pInstrGC, (flags & PATMFL_CODE32) ? 1 : 0));
rc = PATMR3PatchBlock(pVM, pInstrGC, pInstrHC, cpu.pCurInstr->opcode, opsize, pPatchRec);
break;
case OP_STR:
case OP_SGDT:
case OP_SLDT:
case OP_SIDT:
case OP_CPUID:
case OP_LSL:
case OP_LAR:
case OP_SMSW:
case OP_VERW:
case OP_VERR:
case OP_IRET:
rc = PATMR3PatchInstrInt3(pVM, pInstrGC, pInstrHC, &cpu, &pPatchRec->patch);
break;
default:
return VERR_NOT_IMPLEMENTED;
}
}
if (rc != VINF_SUCCESS)
{
if (pPatchRec && pPatchRec->patch.nrPatch2GuestRecs)
{
patmEmptyTreeU32(pVM, &pPatchRec->patch.Patch2GuestAddrTree);
pPatchRec->patch.nrPatch2GuestRecs = 0;
}
pVM->patm.s.uCurrentPatchIdx--;
}
else
{
rc = patmInsertPatchPages(pVM, &pPatchRec->patch);
AssertRCReturn(rc, rc);
/* Keep track upper and lower boundaries of patched instructions */
if (pPatchRec->patch.pInstrGCLowest < pVM->patm.s.pPatchedInstrGCLowest)
pVM->patm.s.pPatchedInstrGCLowest = pPatchRec->patch.pInstrGCLowest;
if (pPatchRec->patch.pInstrGCHighest > pVM->patm.s.pPatchedInstrGCHighest)
pVM->patm.s.pPatchedInstrGCHighest = pPatchRec->patch.pInstrGCHighest;
Log(("Patch lowest %VGv highest %VGv\n", pPatchRec->patch.pInstrGCLowest, pPatchRec->patch.pInstrGCHighest));
Log(("Global lowest %VGv highest %VGv\n", pVM->patm.s.pPatchedInstrGCLowest, pVM->patm.s.pPatchedInstrGCHighest));
STAM_COUNTER_ADD(&pVM->patm.s.StatInstalled, 1);
STAM_COUNTER_ADD(&pVM->patm.s.StatPATMMemoryUsed, pPatchRec->patch.cbPatchBlockSize);
rc = VINF_SUCCESS;
/* Patch hints are not enabled by default. Only when the are actually encountered. */
if (pPatchRec->patch.flags & PATMFL_INSTR_HINT)
{
rc = PATMR3DisablePatch(pVM, pInstrGC);
AssertRCReturn(rc, rc);
}
#ifdef VBOX_WITH_STATISTICS
/* Register statistics counter */
if (PATM_STAT_INDEX_IS_VALID(pPatchRec->patch.uPatchIdx))
{
STAMR3RegisterCallback(pVM, &pPatchRec->patch, STAMVISIBILITY_NOT_GUI, STAMUNIT_GOOD_BAD, patmResetStat, patmPrintStat, "Patch statistics",
"/PATM/Stats/Patch/0x%VGv", pPatchRec->patch.pPrivInstrGC);
#ifndef DEBUG_sandervl
/* Full breakdown for the GUI. */
STAMR3RegisterF(pVM, &pVM->patm.s.pStatsHC[pPatchRec->patch.uPatchIdx], STAMTYPE_RATIO_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_GOOD_BAD, PATMPatchType(pVM, &pPatchRec->patch),
"/PATM/Stats/PatchBD/0x%VGv", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cbPatchBlockSize,STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cbPatchBlockSize", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cbPatchJump, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cbPatchJump", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cbPrivInstr, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cbPrivInstr", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cCodeWrites, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cCodeWrites", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cInvalidWrites, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cInvalidWrites", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.cTraps, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/cTraps", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.flags, STAMTYPE_X32, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, NULL, "/PATM/Stats/PatchBD/0x%VGv/flags", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.nrJumpRecs, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/nrJumpRecs", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.nrFixups, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/nrFixups", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.opcode, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, NULL, "/PATM/Stats/PatchBD/0x%VGv/opcode", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.uOldState, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, NULL, "/PATM/Stats/PatchBD/0x%VGv/uOldState", pPatchRec->patch.pPrivInstrGC);
STAMR3RegisterF(pVM, &pPatchRec->patch.uOpMode, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, NULL, "/PATM/Stats/PatchBD/0x%VGv/uOpMode", pPatchRec->patch.pPrivInstrGC);
/// @todo change the state to be a callback so we can get a state mnemonic instead.
STAMR3RegisterF(pVM, &pPatchRec->patch.uState, STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, NULL, "/PATM/Stats/PatchBD/0x%VGv/uState", pPatchRec->patch.pPrivInstrGC);
#endif
}
#endif
}
return rc;
}
/**
* Query instruction size
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
* @param pInstrGC Instruction address
*/
static uint32_t patmGetInstrSize(PVM pVM, PPATCHINFO pPatch, RTGCPTR pInstrGC)
{
uint8_t *pInstrHC;
int rc = PGMPhysGCPtr2HCPtr(pVM, pInstrGC, (RTHCPTR *)&pInstrHC);
if (rc == VINF_SUCCESS)
{
DISCPUSTATE cpu;
bool disret;
uint32_t opsize;
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pInstrGC, pInstrHC, &opsize, NULL, PATMREAD_ORGCODE | PATMREAD_NOCHECK);
if (disret)
return opsize;
}
return 0;
}
/**
* Add patch to page record
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPage Page address
* @param pPatch Patch record
*/
int patmAddPatchToPage(PVM pVM, RTGCUINTPTR pPage, PPATCHINFO pPatch)
{
PPATMPATCHPAGE pPatchPage;
int rc;
Log(("patmAddPatchToPage: insert patch %VHv to page %VGv\n", pPatch, pPage));
pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, pPage);
if (pPatchPage)
{
Assert(pPatchPage->cCount <= pPatchPage->cMaxPatches);
if (pPatchPage->cCount == pPatchPage->cMaxPatches)
{
uint32_t cMaxPatchesOld = pPatchPage->cMaxPatches;
PPATCHINFO *paPatchOld = pPatchPage->aPatch;
pPatchPage->cMaxPatches += PATMPATCHPAGE_PREALLOC_INCREMENT;
rc = MMHyperAlloc(pVM, sizeof(PPATCHINFO)*pPatchPage->cMaxPatches, 0, MM_TAG_PATM_PATCH, (void **)&pPatchPage->aPatch);
if (VBOX_FAILURE(rc))
{
Log(("Out of memory!!!!\n"));
return VERR_NO_MEMORY;
}
memcpy(pPatchPage->aPatch, paPatchOld, cMaxPatchesOld*sizeof(PPATCHINFO));
MMHyperFree(pVM, paPatchOld);
}
pPatchPage->aPatch[pPatchPage->cCount] = pPatch;
pPatchPage->cCount++;
}
else
{
rc = MMHyperAlloc(pVM, sizeof(PATMPATCHPAGE), 0, MM_TAG_PATM_PATCH, (void **)&pPatchPage);
if (VBOX_FAILURE(rc))
{
Log(("Out of memory!!!!\n"));
return VERR_NO_MEMORY;
}
pPatchPage->Core.Key = pPage;
pPatchPage->cCount = 1;
pPatchPage->cMaxPatches = PATMPATCHPAGE_PREALLOC_INCREMENT;
rc = MMHyperAlloc(pVM, sizeof(PPATCHINFO)*PATMPATCHPAGE_PREALLOC_INCREMENT, 0, MM_TAG_PATM_PATCH, (void **)&pPatchPage->aPatch);
if (VBOX_FAILURE(rc))
{
Log(("Out of memory!!!!\n"));
MMHyperFree(pVM, pPatchPage);
return VERR_NO_MEMORY;
}
pPatchPage->aPatch[0] = pPatch;
rc = RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, &pPatchPage->Core);
Assert(rc);
pVM->patm.s.cPageRecords++;
STAM_COUNTER_INC(&pVM->patm.s.StatPatchPageInserted);
}
CSAMR3MonitorPage(pVM, pPage, CSAM_TAG_PATM);
/* Get the closest guest instruction (from below) */
PRECGUESTTOPATCH pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGetBestFit(&pPatch->Guest2PatchAddrTree, pPage, true);
Assert(pGuestToPatchRec);
if (pGuestToPatchRec)
{
if ( pPatchPage->pLowestAddrGC == 0
|| pPatchPage->pLowestAddrGC > (RTGCPTR)pGuestToPatchRec->Core.Key)
{
RTGCUINTPTR offset;
pPatchPage->pLowestAddrGC = (RTGCPTR)pGuestToPatchRec->Core.Key;
offset = pPatchPage->pLowestAddrGC & PAGE_OFFSET_MASK;
/* If we're too close to the page boundary, then make sure an instruction from the previous page doesn't cross the boundary itself. */
if (offset && offset < MAX_INSTR_SIZE)
{
/* Get the closest guest instruction (from above) */
pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGetBestFit(&pPatch->Guest2PatchAddrTree, pPage-1, false);
if (pGuestToPatchRec)
{
uint32_t size = patmGetInstrSize(pVM, pPatch, (RTGCPTR)pGuestToPatchRec->Core.Key);
if ((RTGCUINTPTR)pGuestToPatchRec->Core.Key + size > pPage)
pPatchPage->pLowestAddrGC = pPage;
}
}
}
}
/* Get the closest guest instruction (from above) */
pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGetBestFit(&pPatch->Guest2PatchAddrTree, pPage+PAGE_SIZE-1, false);
Assert(pGuestToPatchRec);
if (pGuestToPatchRec)
{
if ( pPatchPage->pHighestAddrGC == 0
|| pPatchPage->pHighestAddrGC < (RTGCPTR)pGuestToPatchRec->Core.Key)
{
pPatchPage->pHighestAddrGC = (RTGCPTR)pGuestToPatchRec->Core.Key;
/* Increase by instruction size. */
uint32_t size = patmGetInstrSize(pVM, pPatch, pPatchPage->pHighestAddrGC);
//// Assert(size);
pPatchPage->pHighestAddrGC += size;
}
}
return VINF_SUCCESS;
}
/**
* Remove patch from page record
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPage Page address
* @param pPatch Patch record
*/
int patmRemovePatchFromPage(PVM pVM, RTGCUINTPTR pPage, PPATCHINFO pPatch)
{
PPATMPATCHPAGE pPatchPage;
int rc;
pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, pPage);
Assert(pPatchPage);
if (!pPatchPage)
return VERR_INVALID_PARAMETER;
Assert(pPatchPage->cCount <= pPatchPage->cMaxPatches);
Log(("patmRemovePatchPage: remove patch %VHv from page %VGv\n", pPatch, pPage));
if (pPatchPage->cCount > 1)
{
uint32_t i;
/* Used by multiple patches */
for (i=0;i<pPatchPage->cCount;i++)
{
if (pPatchPage->aPatch[i] == pPatch)
{
pPatchPage->aPatch[i] = 0;
break;
}
}
/* close the gap between the remaining pointers. */
if (i < pPatchPage->cCount - 1)
{
memcpy(&pPatchPage->aPatch[i], &pPatchPage->aPatch[i+1], sizeof(PPATCHINFO)*(pPatchPage->cCount - (i+1)));
}
AssertMsg(i < pPatchPage->cCount, ("Unable to find patch %VHv in page %VGv\n", pPatch, pPage));
pPatchPage->cCount--;
}
else
{
PPATMPATCHPAGE pPatchNode;
Log(("patmRemovePatchFromPage %VGv\n", pPage));
STAM_COUNTER_INC(&pVM->patm.s.StatPatchPageRemoved);
pPatchNode = (PPATMPATCHPAGE)RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, pPage);
Assert(pPatchNode && pPatchNode == pPatchPage);
Assert(pPatchPage->aPatch);
rc = MMHyperFree(pVM, pPatchPage->aPatch);
AssertRC(rc);
rc = MMHyperFree(pVM, pPatchPage);
AssertRC(rc);
pVM->patm.s.cPageRecords--;
}
return VINF_SUCCESS;
}
/**
* Insert page records for all guest pages that contain instructions that were recompiled for this patch
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
*/
int patmInsertPatchPages(PVM pVM, PPATCHINFO pPatch)
{
int rc;
RTGCUINTPTR pPatchPageStart, pPatchPageEnd, pPage;
/* Insert the pages that contain patched instructions into a lookup tree for detecting self-modifying code. */
pPatchPageStart = (RTGCUINTPTR)pPatch->pInstrGCLowest & PAGE_BASE_GC_MASK;
pPatchPageEnd = (RTGCUINTPTR)pPatch->pInstrGCHighest & PAGE_BASE_GC_MASK;
/** @todo optimize better (large gaps between current and next used page) */
for(pPage = pPatchPageStart; pPage <= pPatchPageEnd; pPage += PAGE_SIZE)
{
/* Get the closest guest instruction (from above) */
PRECGUESTTOPATCH pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGetBestFit(&pPatch->Guest2PatchAddrTree, pPage, true);
if ( pGuestToPatchRec
&& PAGE_ADDRESS(pGuestToPatchRec->Core.Key) == PAGE_ADDRESS(pPage)
)
{
/* Code in page really patched -> add record */
rc = patmAddPatchToPage(pVM, pPage, pPatch);
AssertRC(rc);
}
}
pPatch->flags |= PATMFL_CODE_MONITORED;
return VINF_SUCCESS;
}
/**
* Remove page records for all guest pages that contain instructions that were recompiled for this patch
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
*/
int patmRemovePatchPages(PVM pVM, PPATCHINFO pPatch)
{
int rc;
RTGCUINTPTR pPatchPageStart, pPatchPageEnd, pPage;
/* Insert the pages that contain patched instructions into a lookup tree for detecting self-modifying code. */
pPatchPageStart = (RTGCUINTPTR)pPatch->pInstrGCLowest & PAGE_BASE_GC_MASK;
pPatchPageEnd = (RTGCUINTPTR)pPatch->pInstrGCHighest & PAGE_BASE_GC_MASK;
for(pPage = pPatchPageStart; pPage <= pPatchPageEnd; pPage += PAGE_SIZE)
{
/* Get the closest guest instruction (from above) */
PRECGUESTTOPATCH pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGetBestFit(&pPatch->Guest2PatchAddrTree, pPage, true);
if ( pGuestToPatchRec
&& PAGE_ADDRESS(pGuestToPatchRec->Core.Key) == PAGE_ADDRESS(pPage) /** @todo bird: PAGE_ADDRESS is for the current context really. check out these. */
)
{
/* Code in page really patched -> remove record */
rc = patmRemovePatchFromPage(pVM, pPage, pPatch);
AssertRC(rc);
}
}
pPatch->flags &= ~PATMFL_CODE_MONITORED;
return VINF_SUCCESS;
}
/**
* Notifies PATM about a (potential) write to code that has been patched.
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param GCPtr GC pointer to write address
* @param cbWrite Nr of bytes to write
*
*/
PATMR3DECL(int) PATMR3PatchWrite(PVM pVM, RTGCPTR GCPtr, uint32_t cbWrite)
{
RTGCUINTPTR pWritePageStart, pWritePageEnd, pPage;
Log(("PATMR3PatchWrite %VGv %x\n", GCPtr, cbWrite));
Assert(VM_IS_EMT(pVM));
/* Quick boundary check */
if ( GCPtr < pVM->patm.s.pPatchedInstrGCLowest
|| GCPtr > pVM->patm.s.pPatchedInstrGCHighest
)
return VINF_SUCCESS;
STAM_PROFILE_ADV_START(&pVM->patm.s.StatPatchWrite, a);
pWritePageStart = (RTGCUINTPTR)GCPtr & PAGE_BASE_GC_MASK;
pWritePageEnd = ((RTGCUINTPTR)GCPtr + cbWrite - 1) & PAGE_BASE_GC_MASK;
for (pPage = pWritePageStart; pPage <= pWritePageEnd; pPage += PAGE_SIZE)
{
loop_start:
PPATMPATCHPAGE pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, (RTGCPTR)pPage);
if (pPatchPage)
{
uint32_t i;
bool fValidPatchWrite = false;
for (i=0;i<pPatchPage->cCount;i++)
{
if (pPatchPage->aPatch[i])
{
PPATCHINFO pPatch = pPatchPage->aPatch[i];
RTGCPTR pPatchInstrGC;
//unused: bool fForceBreak = false;
Assert(pPatchPage->aPatch[i]->flags & PATMFL_CODE_MONITORED);
/** @todo inefficient and includes redundant checks for multiple pages. */
for (uint32_t j=0; j<cbWrite; j++)
{
RTGCPTR pGuestPtrGC = (RTGCPTR)((RTGCUINTPTR)GCPtr + j);
if ( pPatch->cbPatchJump
&& pGuestPtrGC >= pPatch->pPrivInstrGC
&& pGuestPtrGC < pPatch->pPrivInstrGC + pPatch->cbPatchJump)
{
/* The guest is about to overwrite the 5 byte jump to patch code. Remove the patch. */
Log(("PATMR3PatchWrite: overwriting jump to patch code -> remove patch.\n"));
int rc = PATMR3RemovePatch(pVM, pPatch->pPrivInstrGC);
AssertRC(rc);
/** @note jump back to the start as the pPatchPage has been deleted or changed */
goto loop_start;
}
pPatchInstrGC = patmGuestGCPtrToPatchGCPtr(pVM, pPatch, pGuestPtrGC);
if (pPatchInstrGC)
{
uint32_t PatchOffset = pPatchInstrGC - pVM->patm.s.pPatchMemGC; /* Offset in memory reserved for PATM. */
fValidPatchWrite = true;
PRECPATCHTOGUEST pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32Get(&pPatch->Patch2GuestAddrTree, PatchOffset);
Assert(pPatchToGuestRec);
if (pPatchToGuestRec && !pPatchToGuestRec->fDirty)
{
Log(("PATMR3PatchWrite: Found patched instruction %VGv -> %VGv\n", pGuestPtrGC, pPatchInstrGC));
if (++pPatch->cCodeWrites > PATM_MAX_CODE_WRITES)
{
LogRel(("PATM: Disable block at %VGv - write %VGv-%VGv\n", pPatch->pPrivInstrGC, pGuestPtrGC, pGuestPtrGC+cbWrite));
PATMR3MarkDirtyPatch(pVM, pPatch);
/** @note jump back to the start as the pPatchPage has been deleted or changed */
goto loop_start;
}
else
{
/* Replace the patch instruction with a breakpoint; when it's hit, then we'll attempt to recompile the instruction again. */
uint8_t *pInstrHC = patmPatchGCPtr2PatchHCPtr(pVM, pPatchInstrGC);
pPatchToGuestRec->u8DirtyOpcode = *pInstrHC;
pPatchToGuestRec->fDirty = true;
*pInstrHC = 0xCC;
STAM_COUNTER_INC(&pVM->patm.s.StatInstrDirty);
}
}
/* else already marked dirty */
}
}
}
} /* for each patch */
if (fValidPatchWrite == false)
{
/* Write to a part of the page that either:
* - doesn't contain any code (shared code/data); rather unlikely
* - old code page that's no longer in active use.
*/
invalid_write_loop_start:
pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, (RTGCPTR)pPage);
if (pPatchPage)
{
for (i=0;i<pPatchPage->cCount;i++)
{
PPATCHINFO pPatch = pPatchPage->aPatch[i];
if (pPatch->cInvalidWrites > PATM_MAX_INVALID_WRITES)
{
/** @note possibly dangerous assumption that all future writes will be harmless. */
if (pPatch->flags & PATMFL_IDTHANDLER)
{
LogRel(("PATM: Stop monitoring IDT handler pages at %VGv - invalid write %VGv-%VGv (this is not a fatal error)\n", pPatch->pPrivInstrGC, GCPtr, GCPtr+cbWrite));
Assert(pPatch->flags & PATMFL_CODE_MONITORED);
int rc = patmRemovePatchPages(pVM, pPatch);
AssertRC(rc);
}
else
{
LogRel(("PATM: Disable block at %VGv - invalid write %VGv-%VGv \n", pPatch->pPrivInstrGC, GCPtr, GCPtr+cbWrite));
PATMR3MarkDirtyPatch(pVM, pPatch);
}
/** @note jump back to the start as the pPatchPage has been deleted or changed */
goto invalid_write_loop_start;
}
} /* for */
}
}
}
}
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatPatchWrite, a);
return VINF_SUCCESS;
}
/**
* Disable all patches in a flushed page
*
* @returns VBox status code
* @param pVM The VM to operate on.
* @param addr GC address of the page to flush
*/
/** @note Currently only called by CSAMR3FlushPage; optimization to avoid having to double check if the physical address has changed
*/
PATMR3DECL(int) PATMR3FlushPage(PVM pVM, RTGCPTR addr)
{
addr &= PAGE_BASE_GC_MASK;
PPATMPATCHPAGE pPatchPage = (PPATMPATCHPAGE)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPage, addr);
if (pPatchPage)
{
int i;
/* From top to bottom as the array is modified by PATMR3MarkDirtyPatch. */
for (i=(int)pPatchPage->cCount-1;i>=0;i--)
{
if (pPatchPage->aPatch[i])
{
PPATCHINFO pPatch = pPatchPage->aPatch[i];
Log(("PATMR3FlushPage %VGv remove patch at %VGv\n", addr, pPatch->pPrivInstrGC));
PATMR3MarkDirtyPatch(pVM, pPatch);
}
}
STAM_COUNTER_INC(&pVM->patm.s.StatFlushed);
}
return VINF_SUCCESS;
}
/**
* Checks if the instructions at the specified address has been patched already.
*
* @returns boolean, patched or not
* @param pVM The VM to operate on.
* @param pInstrGC Guest context pointer to instruction
*/
PATMR3DECL(bool) PATMR3HasBeenPatched(PVM pVM, RTGCPTR pInstrGC)
{
PPATMPATCHREC pPatchRec;
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pPatchRec && pPatchRec->patch.uState == PATCH_ENABLED)
return true;
return false;
}
/**
* Query the opcode of the original code that was overwritten by the 5 bytes patch jump
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstrGC GC address of instr
* @param pByte opcode byte pointer (OUT)
*
*/
PATMR3DECL(int) PATMR3QueryOpcode(PVM pVM, RTGCPTR pInstrGC, uint8_t *pByte)
{
PPATMPATCHREC pPatchRec;
/** @todo this will not work for aliased pages! (never has, but so far not a problem for us) */
/* Shortcut. */
if ( !PATMIsEnabled(pVM)
|| pInstrGC < pVM->patm.s.pPatchedInstrGCLowest
|| pInstrGC > pVM->patm.s.pPatchedInstrGCHighest)
{
return VERR_PATCH_NOT_FOUND;
}
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC, false);
// if the patch is enabled and the pointer lies within 5 bytes of this priv instr ptr, then we've got a hit!
if ( pPatchRec
&& pPatchRec->patch.uState == PATCH_ENABLED
&& pInstrGC >= pPatchRec->patch.pPrivInstrGC
&& pInstrGC < pPatchRec->patch.pPrivInstrGC + pPatchRec->patch.cbPatchJump)
{
RTGCPTR offset = pInstrGC - pPatchRec->patch.pPrivInstrGC;
*pByte = pPatchRec->patch.aPrivInstr[offset];
if (pPatchRec->patch.cbPatchJump == 1)
{
Log(("PATMR3QueryOpcode: returning opcode %2X for instruction at %VGv\n", *pByte, pInstrGC));
}
STAM_COUNTER_ADD(&pVM->patm.s.StatNrOpcodeRead, 1);
return VINF_SUCCESS;
}
return VERR_PATCH_NOT_FOUND;
}
/**
* Disable patch for privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context point to privileged instruction
*
* @note returns failure if patching is not allowed or possible
*
*/
PATMR3DECL(int) PATMR3DisablePatch(PVM pVM, RTGCPTR pInstrGC)
{
PPATMPATCHREC pPatchRec;
PPATCHINFO pPatch;
Log(("PATMR3DisablePatch: %VGv\n", pInstrGC));
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pPatchRec)
{
int rc = VINF_SUCCESS;
pPatch = &pPatchRec->patch;
/* Already disabled? */
if (pPatch->uState == PATCH_DISABLED)
return VINF_SUCCESS;
/* Clear the IDT entries for the patch we're disabling. */
/** @note very important as we clear IF in the patch itself */
/** @todo this needs to be changed */
if (pPatch->flags & PATMFL_IDTHANDLER)
{
uint32_t iGate;
iGate = TRPMR3QueryGateByHandler(pVM, PATCHCODE_PTR_GC(pPatch));
if (iGate != (uint32_t)~0)
{
TRPMR3SetGuestTrapHandler(pVM, iGate, TRPM_INVALID_HANDLER);
LogRel(("PATM: Disabling IDT %x patch handler %VGv\n", iGate, pInstrGC));
}
}
/* Mark the entry with a breakpoint in case somebody else calls it later on (cli patch used as a function, function, trampoline or idt patches) */
if ( pPatch->pPatchBlockOffset
&& pPatch->uState == PATCH_ENABLED)
{
Log(("Invalidate patch at %VGv (HC=%VGv)\n", PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_HC(pPatch)));
pPatch->bDirtyOpcode = *PATCHCODE_PTR_HC(pPatch);
*PATCHCODE_PTR_HC(pPatch) = 0xCC;
}
/* IDT or function patches haven't changed any guest code. */
if (pPatch->flags & PATMFL_PATCHED_GUEST_CODE)
{
Assert(pPatch->flags & PATMFL_MUST_INSTALL_PATCHJMP);
Assert(!(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAMPOLINE|PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK)));
if (pPatch->uState != PATCH_REFUSED)
{
AssertMsg(pPatch->pPrivInstrHC, ("Invalid HC pointer?!? (%VGv)\n", pInstrGC));
Assert(pPatch->cbPatchJump);
/** pPrivInstrHC is probably not valid anymore */
rc = PGMPhysGCPtr2HCPtr(pVM, pPatchRec->patch.pPrivInstrGC, (PRTHCPTR)&pPatchRec->patch.pPrivInstrHC);
if (rc == VINF_SUCCESS)
{
uint8_t temp[16];
Assert(pPatch->cbPatchJump < sizeof(temp));
/* Let's first check if the guest code is still the same. */
rc = PGMPhysReadGCPtr(pVM, temp, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT);
if (rc == VINF_SUCCESS)
{
RTGCINTPTR displ = (RTGCUINTPTR)PATCHCODE_PTR_GC(pPatch) - ((RTGCUINTPTR)pPatch->pPrivInstrGC + SIZEOF_NEARJUMP32);
if ( temp[0] != 0xE9 /* jmp opcode */
|| *(RTGCINTPTR *)(&temp[1]) != displ
)
{
Log(("PATMR3DisablePatch: Can't disable a patch who's guest code has changed!!\n"));
STAM_COUNTER_INC(&pVM->patm.s.StatOverwritten);
/* Remove it completely */
pPatch->uState = PATCH_DISABLED; /* don't call PATMR3DisablePatch again */
rc = PATMR3RemovePatch(pVM, pInstrGC);
AssertRC(rc);
return VWRN_PATCH_REMOVED;
}
}
patmRemoveJumpToPatch(pVM, pPatch);
}
else
{
Log(("PATMR3DisablePatch: unable to disable patch -> mark PATCH_DISABLE_PENDING\n"));
pPatch->uState = PATCH_DISABLE_PENDING;
}
}
else
{
AssertMsgFailed(("Patch was refused!\n"));
return VERR_PATCH_ALREADY_DISABLED;
}
}
else
if (pPatch->flags & (PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK))
{
uint8_t temp[16];
Assert(pPatch->cbPatchJump < sizeof(temp));
/* Let's first check if the guest code is still the same. */
rc = PGMPhysReadGCPtr(pVM, temp, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
Assert(rc == VINF_SUCCESS || rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT);
if (rc == VINF_SUCCESS)
{
if (temp[0] != 0xCC)
{
Log(("PATMR3DisablePatch: Can't disable a patch who's guest code has changed!!\n"));
STAM_COUNTER_INC(&pVM->patm.s.StatOverwritten);
/* Remove it completely */
pPatch->uState = PATCH_DISABLED; /* don't call PATMR3DisablePatch again */
rc = PATMR3RemovePatch(pVM, pInstrGC);
AssertRC(rc);
return VWRN_PATCH_REMOVED;
}
patmDeactivateInt3Patch(pVM, pPatch);
}
}
if (rc == VINF_SUCCESS)
{
/* Save old state and mark this one as disabled (so it can be enabled later on). */
if (pPatch->uState == PATCH_DISABLE_PENDING)
{
/* Just to be safe, let's make sure this one can never be reused; the patch might be marked dirty already (int3 at start) */
pPatch->uState = PATCH_UNUSABLE;
}
else
if (pPatch->uState != PATCH_DIRTY)
{
pPatch->uOldState = pPatch->uState;
pPatch->uState = PATCH_DISABLED;
}
STAM_COUNTER_ADD(&pVM->patm.s.StatDisabled, 1);
}
Log(("PATMR3DisablePatch: disabled patch at %VGv\n", pInstrGC));
return VINF_SUCCESS;
}
Log(("Patch not found!\n"));
return VERR_PATCH_NOT_FOUND;
}
/**
* Permanently disable patch for privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context instruction pointer
* @param pConflictAddr Guest context pointer which conflicts with specified patch
* @param pConflictPatch Conflicting patch
*
*/
static int patmDisableUnusablePatch(PVM pVM, RTGCPTR pInstrGC, RTGCPTR pConflictAddr, PPATCHINFO pConflictPatch)
{
#ifdef PATM_RESOLVE_CONFLICTS_WITH_JUMP_PATCHES
PATCHINFO patch = {0};
DISCPUSTATE cpu;
R3PTRTYPE(uint8_t *) pInstrHC;
uint32_t opsize;
bool disret;
int rc;
pInstrHC = PATMGCVirtToHCVirt(pVM, &patch, pInstrGC);
cpu.mode = (pConflictPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, &patch, &cpu, pInstrGC, pInstrHC, &opsize, NULL);
/*
* If it's a 5 byte relative jump, then we can work around the problem by replacing the 32 bits relative offset
* with one that jumps right into the conflict patch.
* Otherwise we must disable the conflicting patch to avoid serious problems.
*/
if ( disret == true
&& (pConflictPatch->flags & PATMFL_CODE32)
&& (cpu.pCurInstr->opcode == OP_JMP || (cpu.pCurInstr->optype & OPTYPE_COND_CONTROLFLOW))
&& (cpu.param1.flags & USE_IMMEDIATE32_REL))
{
/* Hint patches must be enabled first. */
if (pConflictPatch->flags & PATMFL_INSTR_HINT)
{
Log(("Enabling HINTED patch %VGv\n", pConflictPatch->pPrivInstrGC));
pConflictPatch->flags &= ~PATMFL_INSTR_HINT;
rc = PATMR3EnablePatch(pVM, pConflictPatch->pPrivInstrGC);
Assert(rc == VINF_SUCCESS || rc == VERR_PATCH_NOT_FOUND);
/* Enabling might fail if the patched code has changed in the meantime. */
if (rc != VINF_SUCCESS)
return rc;
}
rc = PATMR3InstallPatch(pVM, pInstrGC, PATMFL_CODE32 | PATMFL_JUMP_CONFLICT);
if (VBOX_SUCCESS(rc))
{
Log(("PATM -> CONFLICT: Installed JMP patch for patch conflict at %VGv\n", pInstrGC));
STAM_COUNTER_INC(&pVM->patm.s.StatFixedConflicts);
return VINF_SUCCESS;
}
}
#endif
if (pConflictPatch->opcode == OP_CLI)
{
/* Turn it into an int3 patch; our GC trap handler will call the generated code manually. */
Log(("PATM -> CONFLICT: Found active patch at instruction %VGv with target %VGv -> turn into int 3 patch!!\n", pInstrGC, pConflictPatch->pPrivInstrGC));
int rc = PATMR3DisablePatch(pVM, pConflictPatch->pPrivInstrGC);
if (rc == VWRN_PATCH_REMOVED)
return VINF_SUCCESS;
if (VBOX_SUCCESS(rc))
{
pConflictPatch->flags &= ~(PATMFL_MUST_INSTALL_PATCHJMP|PATMFL_INSTR_HINT);
pConflictPatch->flags |= PATMFL_INT3_REPLACEMENT_BLOCK;
rc = PATMR3EnablePatch(pVM, pConflictPatch->pPrivInstrGC);
if (rc == VERR_PATCH_NOT_FOUND)
return VINF_SUCCESS; /* removed already */
AssertRC(rc);
if (VBOX_SUCCESS(rc))
{
STAM_COUNTER_INC(&pVM->patm.s.StatInt3Callable);
return VINF_SUCCESS;
}
}
/* else turned into unusable patch (see below) */
}
else
{
Log(("PATM -> CONFLICT: Found active patch at instruction %VGv with target %VGv -> DISABLING it!!\n", pInstrGC, pConflictPatch->pPrivInstrGC));
int rc = PATMR3DisablePatch(pVM, pConflictPatch->pPrivInstrGC);
if (rc == VWRN_PATCH_REMOVED)
return VINF_SUCCESS;
}
/* No need to monitor the code anymore. */
if (pConflictPatch->flags & PATMFL_CODE_MONITORED)
{
int rc = patmRemovePatchPages(pVM, pConflictPatch);
AssertRC(rc);
}
pConflictPatch->uState = PATCH_UNUSABLE;
STAM_COUNTER_INC(&pVM->patm.s.StatUnusable);
return VERR_PATCH_DISABLED;
}
/**
* Enable patch for privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context point to privileged instruction
*
* @note returns failure if patching is not allowed or possible
*
*/
PATMR3DECL(int) PATMR3EnablePatch(PVM pVM, RTGCPTR pInstrGC)
{
PPATMPATCHREC pPatchRec;
PPATCHINFO pPatch;
Log(("PATMR3EnablePatch %VGv\n", pInstrGC));
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pPatchRec)
{
int rc = VINF_SUCCESS;
pPatch = &pPatchRec->patch;
if (pPatch->uState == PATCH_DISABLED)
{
if (pPatch->flags & PATMFL_MUST_INSTALL_PATCHJMP)
{
Assert(!(pPatch->flags & PATMFL_PATCHED_GUEST_CODE));
/** @todo -> pPrivInstrHC is probably not valid anymore */
rc = PGMPhysGCPtr2HCPtr(pVM, pPatchRec->patch.pPrivInstrGC, (PRTHCPTR)&pPatchRec->patch.pPrivInstrHC);
if (rc == VINF_SUCCESS)
{
#ifdef DEBUG
DISCPUSTATE cpu;
char szOutput[256];
uint32_t opsize, i = 0;
#endif
uint8_t temp[16];
Assert(pPatch->cbPatchJump < sizeof(temp));
// let's first check if the guest code is still the same
int rc = PGMPhysReadGCPtr(pVM, temp, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
AssertRC(rc);
if (memcmp(temp, pPatch->aPrivInstr, pPatch->cbPatchJump))
{
Log(("PATMR3EnablePatch: Can't enable a patch who's guest code has changed!!\n"));
STAM_COUNTER_INC(&pVM->patm.s.StatOverwritten);
/* Remove it completely */
PATMR3RemovePatch(pVM, pInstrGC);
return VERR_PATCH_NOT_FOUND;
}
rc = patmGenJumpToPatch(pVM, pPatch, false);
AssertRC(rc);
if (VBOX_FAILURE(rc))
return rc;
#ifdef DEBUG
bool disret;
i = 0;
while(i < pPatch->cbPatchJump)
{
cpu.mode = (pPatch->flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, pPatch, &cpu, pPatch->pPrivInstrGC + i, &pPatch->pPrivInstrHC[i], &opsize, szOutput);
Log(("Renewed patch instr: %s", szOutput));
i += opsize;
}
#endif
}
}
else
if (pPatch->flags & (PATMFL_INT3_REPLACEMENT|PATMFL_INT3_REPLACEMENT_BLOCK))
{
uint8_t temp[16];
Assert(pPatch->cbPatchJump < sizeof(temp));
/* Let's first check if the guest code is still the same. */
int rc = PGMPhysReadGCPtr(pVM, temp, pPatch->pPrivInstrGC, pPatch->cbPatchJump);
AssertRC(rc);
if (memcmp(temp, pPatch->aPrivInstr, pPatch->cbPatchJump))
{
Log(("PATMR3EnablePatch: Can't enable a patch who's guest code has changed!!\n"));
STAM_COUNTER_INC(&pVM->patm.s.StatOverwritten);
PATMR3RemovePatch(pVM, pInstrGC);
return VERR_PATCH_NOT_FOUND;
}
rc = patmActivateInt3Patch(pVM, pPatch);
if (VBOX_FAILURE(rc))
return rc;
}
pPatch->uState = pPatch->uOldState; //restore state
/* Restore the entry breakpoint with the original opcode (see PATMR3DisablePatch). */
if (pPatch->pPatchBlockOffset)
{
*PATCHCODE_PTR_HC(pPatch) = pPatch->bDirtyOpcode;
}
STAM_COUNTER_ADD(&pVM->patm.s.StatEnabled, 1);
}
else
Log(("PATMR3EnablePatch: Unable to enable patch %VGv with state %d\n", pInstrGC, pPatch->uState));
return rc;
}
return VERR_PATCH_NOT_FOUND;
}
/**
* Remove patch for privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatchRec Patch record
* @param fForceRemove Remove *all* patches
*/
int PATMRemovePatch(PVM pVM, PPATMPATCHREC pPatchRec, bool fForceRemove)
{
PPATCHINFO pPatch;
pPatch = &pPatchRec->patch;
/* Strictly forbidden to remove such patches. There can be dependencies!! */
AssertReturn(fForceRemove || !(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION)), VERR_ACCESS_DENIED);
/** @note NEVER EVER REUSE PATCH MEMORY */
/** @note PATMR3DisablePatch put a breakpoint (0xCC) at the entry of this patch */
if (pPatchRec->patch.pPatchBlockOffset)
{
PAVLOGCPTRNODECORE pNode;
pNode = RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, pPatchRec->patch.pPatchBlockOffset);
Assert(pNode);
}
if (pPatchRec->patch.flags & PATMFL_CODE_MONITORED)
{
int rc = patmRemovePatchPages(pVM, &pPatchRec->patch);
AssertRC(rc);
}
#ifdef VBOX_WITH_STATISTICS
if (PATM_STAT_INDEX_IS_VALID(pPatchRec->patch.uPatchIdx))
{
STAMR3Deregister(pVM, &pPatchRec->patch);
#ifndef DEBUG_sandervl
STAMR3Deregister(pVM, &pVM->patm.s.pStatsHC[pPatchRec->patch.uPatchIdx]);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchBlockSize);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchJump);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPrivInstr);
STAMR3Deregister(pVM, &pPatchRec->patch.cCodeWrites);
STAMR3Deregister(pVM, &pPatchRec->patch.cInvalidWrites);
STAMR3Deregister(pVM, &pPatchRec->patch.cTraps);
STAMR3Deregister(pVM, &pPatchRec->patch.flags);
STAMR3Deregister(pVM, &pPatchRec->patch.nrJumpRecs);
STAMR3Deregister(pVM, &pPatchRec->patch.nrFixups);
STAMR3Deregister(pVM, &pPatchRec->patch.opcode);
STAMR3Deregister(pVM, &pPatchRec->patch.uState);
STAMR3Deregister(pVM, &pPatchRec->patch.uOldState);
STAMR3Deregister(pVM, &pPatchRec->patch.uOpMode);
#endif
}
#endif
/** @note no need to free Guest2PatchAddrTree as those records share memory with Patch2GuestAddrTree records. */
patmEmptyTreeU32(pVM, &pPatch->Patch2GuestAddrTree);
pPatch->nrPatch2GuestRecs = 0;
Assert(pPatch->Patch2GuestAddrTree == 0);
patmEmptyTree(pVM, &pPatch->FixupTree);
pPatch->nrFixups = 0;
Assert(pPatch->FixupTree == 0);
if (pPatchRec->patch.pTempInfo)
MMR3HeapFree(pPatchRec->patch.pTempInfo);
/** @note might fail, because it has already been removed (e.g. during reset). */
RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pPatchRec->Core.Key);
/* Free the patch record */
MMHyperFree(pVM, pPatchRec);
return VINF_SUCCESS;
}
/**
* Attempt to refresh the patch by recompiling its entire code block
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatchRec Patch record
*/
int patmR3RefreshPatch(PVM pVM, PPATMPATCHREC pPatchRec)
{
PPATCHINFO pPatch;
int rc;
RTGCPTR pInstrGC = pPatchRec->patch.pPrivInstrGC;
Log(("patmR3RefreshPatch: attempt to refresh patch at %VGv\n", pInstrGC));
pPatch = &pPatchRec->patch;
AssertReturn(pPatch->flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAPHANDLER), VERR_PATCHING_REFUSED);
AssertReturn(!(pPatch->flags & PATMFL_EXTERNAL_JUMP_INSIDE), VERR_PATCHING_REFUSED);
/** Note: quite ugly to enable/disable/remove/insert old and new patches, but there's no easy way around it. */
rc = PATMR3DisablePatch(pVM, pInstrGC);
AssertRC(rc);
/** Kick it out of the lookup tree to make sure PATMR3InstallPatch doesn't fail (hack alert) */
RTAvloGCPtrRemove(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pPatchRec->Core.Key);
#ifdef VBOX_WITH_STATISTICS
if (PATM_STAT_INDEX_IS_VALID(pPatchRec->patch.uPatchIdx))
{
STAMR3Deregister(pVM, &pPatchRec->patch);
#ifndef DEBUG_sandervl
STAMR3Deregister(pVM, &pVM->patm.s.pStatsHC[pPatchRec->patch.uPatchIdx]);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchBlockSize);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPatchJump);
STAMR3Deregister(pVM, &pPatchRec->patch.cbPrivInstr);
STAMR3Deregister(pVM, &pPatchRec->patch.cCodeWrites);
STAMR3Deregister(pVM, &pPatchRec->patch.cInvalidWrites);
STAMR3Deregister(pVM, &pPatchRec->patch.cTraps);
STAMR3Deregister(pVM, &pPatchRec->patch.flags);
STAMR3Deregister(pVM, &pPatchRec->patch.nrJumpRecs);
STAMR3Deregister(pVM, &pPatchRec->patch.nrFixups);
STAMR3Deregister(pVM, &pPatchRec->patch.opcode);
STAMR3Deregister(pVM, &pPatchRec->patch.uState);
STAMR3Deregister(pVM, &pPatchRec->patch.uOldState);
STAMR3Deregister(pVM, &pPatchRec->patch.uOpMode);
#endif
}
#endif
/** Note: We don't attempt to reuse patch memory here as it's quite common that the new code block requires more memory. */
/* Attempt to install a new patch. */
rc = PATMR3InstallPatch(pVM, pInstrGC, pPatch->flags & (PATMFL_CODE32|PATMFL_IDTHANDLER|PATMFL_INTHANDLER|PATMFL_TRAPHANDLER|PATMFL_DUPLICATE_FUNCTION|PATMFL_TRAPHANDLER_WITH_ERRORCODE|PATMFL_IDTHANDLER_WITHOUT_ENTRYPOINT));
if (VBOX_SUCCESS(rc))
{
RTGCPTR pPatchTargetGC;
PPATMPATCHREC pNewPatchRec;
/* Determine target address in new patch */
pPatchTargetGC = PATMR3QueryPatchGCPtr(pVM, pInstrGC);
Assert(pPatchTargetGC);
if (!pPatchTargetGC)
{
rc = VERR_PATCHING_REFUSED;
goto failure;
}
/* Reset offset into patch memory to put the next code blocks right at the beginning. */
pPatch->uCurPatchOffset = 0;
/* insert jump to new patch in old patch block */
rc = patmPatchGenPatchJump(pVM, pPatch, pInstrGC, pPatchTargetGC, false /* no lookup record */);
if (VBOX_FAILURE(rc))
goto failure;
pNewPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
Assert(pNewPatchRec); /* can't fail */
/* Remove old patch (only do that when everything is finished) */
int rc2 = PATMRemovePatch(pVM, pPatchRec, true /* force removal */);
AssertRC(rc2);
/* Put the new patch back into the tree, because removing the old one kicked this one out. (hack alert) */
RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTree, &pNewPatchRec->Core);
LogRel(("PATM: patmR3RefreshPatch: succeeded to refresh patch at %VGv \n", pInstrGC));
STAM_COUNTER_INC(&pVM->patm.s.StatPatchRefreshSuccess);
}
failure:
if (VBOX_FAILURE(rc))
{
LogRel(("PATM: patmR3RefreshPatch: failed to refresh patch at %VGv. Reactiving old one. \n", pInstrGC));
/* Remove the new inactive patch */
rc = PATMR3RemovePatch(pVM, pInstrGC);
AssertRC(rc);
/* Put the old patch back into the tree (or else it won't be saved) (hack alert) */
RTAvloGCPtrInsert(&pVM->patm.s.PatchLookupTreeHC->PatchTree, &pPatchRec->Core);
/* Enable again in case the dirty instruction is near the end and there are safe code paths. */
int rc2 = PATMR3EnablePatch(pVM, pInstrGC);
AssertRC(rc2);
STAM_COUNTER_INC(&pVM->patm.s.StatPatchRefreshFailed);
}
return rc;
}
/**
* Find patch for privileged instruction at specified location
*
* @returns Patch structure pointer if found; else NULL
* @param pVM The VM to operate on.
* @param pInstr Guest context point to instruction that might lie within 5 bytes of an existing patch jump
* @param fIncludeHints Include hinted patches or not
*
*/
PPATCHINFO PATMFindActivePatchByEntrypoint(PVM pVM, RTGCPTR pInstrGC, bool fIncludeHints)
{
PPATMPATCHREC pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC, false);
/* if the patch is enabled, the pointer is not indentical to the privileged patch ptr and it lies within 5 bytes of this priv instr ptr, then we've got a hit! */
if (pPatchRec)
{
if ( pPatchRec->patch.uState == PATCH_ENABLED
&& (pPatchRec->patch.flags & PATMFL_PATCHED_GUEST_CODE)
&& pInstrGC > pPatchRec->patch.pPrivInstrGC
&& pInstrGC < pPatchRec->patch.pPrivInstrGC + pPatchRec->patch.cbPatchJump)
{
Log(("Found active patch at %VGv (org %VGv)\n", pInstrGC, pPatchRec->patch.pPrivInstrGC));
return &pPatchRec->patch;
}
else
if ( fIncludeHints
&& pPatchRec->patch.uState == PATCH_DISABLED
&& (pPatchRec->patch.flags & PATMFL_INSTR_HINT)
&& pInstrGC > pPatchRec->patch.pPrivInstrGC
&& pInstrGC < pPatchRec->patch.pPrivInstrGC + pPatchRec->patch.cbPatchJump)
{
Log(("Found HINT patch at %VGv (org %VGv)\n", pInstrGC, pPatchRec->patch.pPrivInstrGC));
return &pPatchRec->patch;
}
}
return NULL;
}
/**
* Checks whether the GC address is inside a generated patch jump
*
* @returns true -> yes, false -> no
* @param pVM The VM to operate on.
* @param pAddr Guest context address
* @param pPatchAddr Guest context patch address (if true)
*/
PATMR3DECL(bool) PATMR3IsInsidePatchJump(PVM pVM, RTGCPTR pAddr, PRTGCPTR pPatchAddr)
{
RTGCPTR addr;
PPATCHINFO pPatch;
if (PATMIsEnabled(pVM) == false)
return false;
if (pPatchAddr == NULL)
pPatchAddr = &addr;
*pPatchAddr = 0;
pPatch = PATMFindActivePatchByEntrypoint(pVM, pAddr);
if (pPatch)
{
*pPatchAddr = pPatch->pPrivInstrGC;
}
return *pPatchAddr == 0 ? false : true;
}
/**
* Remove patch for privileged instruction at specified location
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pInstr Guest context point to privileged instruction
*
* @note returns failure if patching is not allowed or possible
*
*/
PATMR3DECL(int) PATMR3RemovePatch(PVM pVM, RTGCPTR pInstrGC)
{
PPATMPATCHREC pPatchRec;
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC);
if (pPatchRec)
{
int rc = PATMR3DisablePatch(pVM, pInstrGC);
if (rc == VWRN_PATCH_REMOVED)
return VINF_SUCCESS;
return PATMRemovePatch(pVM, pPatchRec, false);
}
AssertFailed();
return VERR_PATCH_NOT_FOUND;
}
/**
* Mark patch as dirty
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch record
*
* @note returns failure if patching is not allowed or possible
*
*/
PATMR3DECL(int) PATMR3MarkDirtyPatch(PVM pVM, PPATCHINFO pPatch)
{
if (pPatch->pPatchBlockOffset)
{
Log(("Invalidate patch at %VGv (HC=%VGv)\n", PATCHCODE_PTR_GC(pPatch), PATCHCODE_PTR_HC(pPatch)));
pPatch->bDirtyOpcode = *PATCHCODE_PTR_HC(pPatch);
*PATCHCODE_PTR_HC(pPatch) = 0xCC;
}
STAM_COUNTER_INC(&pVM->patm.s.StatDirty);
/* Put back the replaced instruction. */
int rc = PATMR3DisablePatch(pVM, pPatch->pPrivInstrGC);
if (rc == VWRN_PATCH_REMOVED)
return VINF_SUCCESS;
/** @note we don't restore patch pages for patches that are not enabled! */
/** @note be careful when changing this behaviour!! */
/* The patch pages are no longer marked for self-modifying code detection */
if (pPatch->flags & PATMFL_CODE_MONITORED)
{
int rc = patmRemovePatchPages(pVM, pPatch);
AssertRCReturn(rc, rc);
}
pPatch->uState = PATCH_DIRTY;
/* Paranoia; make sure this patch is not somewhere in the callchain, so prevent ret instructions from succeeding. */
CTXSUFF(pVM->patm.s.pGCState)->Psp = PATM_STACK_SIZE;
return VINF_SUCCESS;
}
/**
* Query the corresponding GC instruction pointer from a pointer inside the patch block itself
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPatch Patch block structure pointer
* @param pPatchGC GC address in patch block
*/
RTGCPTR patmPatchGCPtr2GuestGCPtr(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t *) pPatchGC)
{
Assert(pPatch->Patch2GuestAddrTree);
/* Get the closest record from below. */
PRECPATCHTOGUEST pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32GetBestFit(&pPatch->Patch2GuestAddrTree, pPatchGC - pVM->patm.s.pPatchMemGC, false);
if (pPatchToGuestRec)
return pPatchToGuestRec->pOrgInstrGC;
return 0;
}
/* Converts Guest code GC ptr to Patch code GC ptr (if found)
*
* @returns corresponding GC pointer in patch block
* @param pVM The VM to operate on.
* @param pPatch Current patch block pointer
* @param pInstrGC Guest context pointer to privileged instruction
*
*/
RTGCPTR patmGuestGCPtrToPatchGCPtr(PVM pVM, PPATCHINFO pPatch, GCPTRTYPE(uint8_t*) pInstrGC)
{
if (pPatch->Guest2PatchAddrTree)
{
PRECGUESTTOPATCH pGuestToPatchRec = (PRECGUESTTOPATCH)RTAvlGCPtrGet(&pPatch->Guest2PatchAddrTree, pInstrGC);
if (pGuestToPatchRec)
return pVM->patm.s.pPatchMemGC + pGuestToPatchRec->PatchOffset;
}
return 0;
}
/* Converts Guest code GC ptr to Patch code GC ptr (if found)
*
* @returns corresponding GC pointer in patch block
* @param pVM The VM to operate on.
* @param pInstrGC Guest context pointer to privileged instruction
*
*/
PATMR3DECL(RTGCPTR) PATMR3GuestGCPtrToPatchGCPtr(PVM pVM, GCPTRTYPE(uint8_t*) pInstrGC)
{
PPATMPATCHREC pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pInstrGC, false);
if (pPatchRec && pPatchRec->patch.uState == PATCH_ENABLED && pInstrGC >= pPatchRec->patch.pPrivInstrGC)
{
return patmGuestGCPtrToPatchGCPtr(pVM, &pPatchRec->patch, pInstrGC);
}
return 0;
}
/**
* Query the corresponding GC instruction pointer from a pointer inside the patch block itself
*
* @returns original GC instruction pointer or 0 if not found
* @param pVM The VM to operate on.
* @param pPatchGC GC address in patch block
* @param pEnmState State of the translated address (out)
*
*/
PATMR3DECL(RTGCPTR) PATMR3PatchToGCPtr(PVM pVM, RTGCPTR pPatchGC, PATMTRANSSTATE *pEnmState)
{
PPATMPATCHREC pPatchRec;
void *pvPatchCoreOffset;
RTGCPTR pPrivInstrGC;
Assert(PATMIsPatchGCAddr(pVM, pPatchGC));
pvPatchCoreOffset = RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, pPatchGC - pVM->patm.s.pPatchMemGC, false);
if (pvPatchCoreOffset == 0)
{
Log(("PATMR3PatchToGCPtr failed for %VGv offset %x\n", pPatchGC, pPatchGC - pVM->patm.s.pPatchMemGC));
return 0;
}
pPatchRec = PATM_PATCHREC_FROM_COREOFFSET(pvPatchCoreOffset);
pPrivInstrGC = patmPatchGCPtr2GuestGCPtr(pVM, &pPatchRec->patch, pPatchGC);
if (pEnmState)
{
AssertMsg(pPrivInstrGC && ( pPatchRec->patch.uState == PATCH_ENABLED
|| pPatchRec->patch.uState == PATCH_DIRTY
|| pPatchRec->patch.uState == PATCH_DISABLE_PENDING
|| pPatchRec->patch.uState == PATCH_UNUSABLE),
("pPrivInstrGC=%VGv uState=%d\n", pPrivInstrGC, pPatchRec->patch.uState));
if ( !pPrivInstrGC
|| pPatchRec->patch.uState == PATCH_UNUSABLE
|| pPatchRec->patch.uState == PATCH_REFUSED)
{
pPrivInstrGC = 0;
*pEnmState = PATMTRANS_FAILED;
}
else
if (pVM->patm.s.pGCStateHC->GCPtrInhibitInterrupts == pPrivInstrGC)
{
*pEnmState = PATMTRANS_INHIBITIRQ;
}
else
if ( pPatchRec->patch.uState == PATCH_ENABLED
&& !(pPatchRec->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAMPOLINE))
&& pPrivInstrGC > pPatchRec->patch.pPrivInstrGC
&& pPrivInstrGC < pPatchRec->patch.pPrivInstrGC + pPatchRec->patch.cbPatchJump)
{
*pEnmState = PATMTRANS_OVERWRITTEN;
}
else
if (PATMFindActivePatchByEntrypoint(pVM, pPrivInstrGC))
{
*pEnmState = PATMTRANS_OVERWRITTEN;
}
else
if (pPrivInstrGC == pPatchRec->patch.pPrivInstrGC)
{
*pEnmState = PATMTRANS_PATCHSTART;
}
else
*pEnmState = PATMTRANS_SAFE;
}
return pPrivInstrGC;
}
/**
* Returns the GC pointer of the patch for the specified GC address
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pAddrGC Guest context address
*/
PATMR3DECL(RTGCPTR) PATMR3QueryPatchGCPtr(PVM pVM, RTGCPTR pAddrGC)
{
PPATMPATCHREC pPatchRec;
// Find the patch record
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGet(&pVM->patm.s.PatchLookupTreeHC->PatchTree, pAddrGC);
/** @todo we should only use patches that are enabled! always did this, but it's incorrect! */
if (pPatchRec && (pPatchRec->patch.uState == PATCH_ENABLED || pPatchRec->patch.uState == PATCH_DIRTY))
return PATCHCODE_PTR_GC(&pPatchRec->patch);
return 0;
}
/**
* Attempt to recover dirty instructions
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pCtx CPU context
* @param pPatch Patch record
* @param pPatchToGuestRec Patch to guest address record
* @param pEip GC pointer of trapping instruction
*/
static int patmR3HandleDirtyInstr(PVM pVM, PCPUMCTX pCtx, PPATMPATCHREC pPatch, PRECPATCHTOGUEST pPatchToGuestRec, RTGCPTR pEip)
{
DISCPUSTATE CpuOld, CpuNew;
uint8_t *pPatchInstrHC, *pCurPatchInstrHC;
int rc;
RTGCPTR pCurInstrGC, pCurPatchInstrGC;
uint32_t cbDirty;
PRECPATCHTOGUEST pRec;
Log(("patmR3HandleDirtyInstr: dirty instruction at %VGv (%VGv)\n", pEip, pPatchToGuestRec->pOrgInstrGC));
pRec = pPatchToGuestRec;
pCurInstrGC = pPatchToGuestRec->pOrgInstrGC;
pCurPatchInstrGC = pEip;
cbDirty = 0;
pPatchInstrHC = patmPatchGCPtr2PatchHCPtr(pVM, pCurPatchInstrGC);
/* Find all adjacent dirty instructions */
while (true)
{
if (pRec->fJumpTarget)
{
LogRel(("PATM: patmR3HandleDirtyInstr: dirty instruction at %VGv (%VGv) ignored, because instruction in function was reused as target of jump\n", pEip, pPatchToGuestRec->pOrgInstrGC));
pRec->fDirty = false;
return VERR_PATCHING_REFUSED;
}
/* Restore original instruction opcode byte so we can check if the write was indeed safe. */
pCurPatchInstrHC = patmPatchGCPtr2PatchHCPtr(pVM, pCurPatchInstrGC);
*pCurPatchInstrHC = pRec->u8DirtyOpcode;
/* Only harmless instructions are acceptable. */
rc = CPUMR3DisasmInstrCPU(pVM, pCtx, pCurPatchInstrGC, &CpuOld, 0);
if ( VBOX_FAILURE(rc)
|| !(CpuOld.pCurInstr->optype & OPTYPE_HARMLESS))
break;
#ifdef DEBUG
char szBuf[256];
szBuf[0] = '\0';
DBGFR3DisasInstr(pVM, pCtx->cs, pCurPatchInstrGC, szBuf, sizeof(szBuf));
Log(("DIRTY: %s\n", szBuf));
#endif
/** Remove old lookup record. */
patmr3RemoveP2GLookupRecord(pVM, &pPatch->patch, pCurPatchInstrGC);
pCurPatchInstrGC += CpuOld.opsize;
cbDirty += CpuOld.opsize;
/* Mark as clean; if we fail we'll let it always fault. */
pRec->fDirty = false;
/* Let's see if there's another dirty instruction right after. */
pRec = (PRECPATCHTOGUEST)RTAvlU32GetBestFit(&pPatch->patch.Patch2GuestAddrTree, pCurPatchInstrGC - pVM->patm.s.pPatchMemGC, true);
if (!pRec || !pRec->fDirty)
break; /* no more dirty instructions */
}
if ( VBOX_SUCCESS(rc)
&& (CpuOld.pCurInstr->optype & OPTYPE_HARMLESS)
)
{
uint32_t cbLeft;
pCurPatchInstrHC = pPatchInstrHC;
pCurPatchInstrGC = pEip;
cbLeft = cbDirty;
while (cbLeft && VBOX_SUCCESS(rc))
{
bool fValidInstr;
rc = CPUMR3DisasmInstrCPU(pVM, pCtx, pCurInstrGC, &CpuNew, 0);
fValidInstr = !!(CpuNew.pCurInstr->optype & OPTYPE_HARMLESS);
if ( !fValidInstr
&& (CpuNew.pCurInstr->optype & OPTYPE_RELATIVE_CONTROLFLOW)
)
{
RTGCPTR pTargetGC = PATMResolveBranch(&CpuNew, pCurInstrGC);
if ( pTargetGC >= pPatchToGuestRec->pOrgInstrGC
&& pTargetGC <= pPatchToGuestRec->pOrgInstrGC + cbDirty
)
{
/* A relative jump to an instruction inside or to the end of the dirty block is acceptable. */
fValidInstr = true;
}
}
/* If the instruction is completely harmless (which implies a 1:1 patch copy). */
if ( rc == VINF_SUCCESS
&& CpuNew.opsize <= cbLeft /* must still fit */
&& fValidInstr
)
{
#ifdef DEBUG
char szBuf[256];
szBuf[0] = '\0';
DBGFR3DisasInstr(pVM, pCtx->cs, pCurInstrGC, szBuf, sizeof(szBuf));
Log(("NEW: %s\n", szBuf));
#endif
/* Copy the new instruction. */
rc = PGMPhysReadGCPtr(pVM, pCurPatchInstrHC, pCurInstrGC, CpuNew.opsize);
AssertRC(rc);
/* Add a new lookup record for the duplicated instruction. */
patmr3AddP2GLookupRecord(pVM, &pPatch->patch, pCurPatchInstrHC, pCurInstrGC, PATM_LOOKUP_BOTHDIR);
}
else
{
#ifdef DEBUG
char szBuf[256];
szBuf[0] = '\0';
DBGFR3DisasInstr(pVM, pCtx->cs, pCurInstrGC, szBuf, sizeof(szBuf));
Log(("NEW: %s (FAILED)\n", szBuf));
#endif
/* Restore the old lookup record for the duplicated instruction. */
patmr3AddP2GLookupRecord(pVM, &pPatch->patch, pCurPatchInstrHC, pCurInstrGC, PATM_LOOKUP_BOTHDIR);
/** @todo in theory we need to restore the lookup records for the remaining dirty instructions too! */
rc = VERR_PATCHING_REFUSED;
break;
}
pCurInstrGC += CpuNew.opsize;
pCurPatchInstrHC += CpuNew.opsize;
pCurPatchInstrGC += CpuNew.opsize;
cbLeft -= CpuNew.opsize;
}
}
else
rc = VERR_PATCHING_REFUSED;
if (VBOX_SUCCESS(rc))
{
STAM_COUNTER_INC(&pVM->patm.s.StatInstrDirtyGood);
}
else
{
STAM_COUNTER_INC(&pVM->patm.s.StatInstrDirtyBad);
/* Mark the whole instruction stream with breakpoints. */
memset(pPatchInstrHC, 0xCC, cbDirty);
if ( pVM->patm.s.fOutOfMemory == false
&& (pPatch->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_IDTHANDLER|PATMFL_TRAPHANDLER)))
{
rc = patmR3RefreshPatch(pVM, pPatch);
if (VBOX_FAILURE(rc))
{
LogRel(("PATM: Failed to refresh dirty patch at %VGv. Disabling it.\n", pPatch->patch.pPrivInstrGC));
}
/* Even if we succeed, we must go back to the original instruction as the patched one could be invalid. */
rc = VERR_PATCHING_REFUSED;
}
}
return rc;
}
/**
* Handle trap inside patch code
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pCtx CPU context
* @param pEip GC pointer of trapping instruction
* @param ppNewEip GC pointer to new instruction
*/
PATMR3DECL(int) PATMR3HandleTrap(PVM pVM, PCPUMCTX pCtx, RTGCPTR pEip, RTGCPTR *ppNewEip)
{
PPATMPATCHREC pPatch = 0;
void *pvPatchCoreOffset;
RTGCUINTPTR offset;
RTGCPTR pNewEip;
int rc ;
PRECPATCHTOGUEST pPatchToGuestRec = 0;
pNewEip = 0;
*ppNewEip = 0;
STAM_PROFILE_ADV_START(&pVM->patm.s.StatHandleTrap, a);
/* Find the patch record. */
/** @note there might not be a patch to guest translation record (global function) */
offset = pEip - pVM->patm.s.pPatchMemGC;
pvPatchCoreOffset = RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTreeByPatchAddr, offset, false);
if (pvPatchCoreOffset)
{
pPatch = PATM_PATCHREC_FROM_COREOFFSET(pvPatchCoreOffset);
if (pPatch->patch.uState == PATCH_DIRTY)
{
Log(("PATMR3HandleTrap: trap in dirty patch at %VGv\n", pEip));
if (pPatch->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_CALLABLE_AS_FUNCTION))
{
/* Function duplication patches set fPIF to 1 on entry */
pVM->patm.s.pGCStateHC->fPIF = 1;
}
}
else
if (pPatch->patch.uState == PATCH_DISABLED)
{
Log(("PATMR3HandleTrap: trap in disabled patch at %VGv\n", pEip));
if (pPatch->patch.flags & (PATMFL_DUPLICATE_FUNCTION|PATMFL_CALLABLE_AS_FUNCTION))
{
/* Function duplication patches set fPIF to 1 on entry */
pVM->patm.s.pGCStateHC->fPIF = 1;
}
}
else
if (pPatch->patch.uState == PATCH_DISABLE_PENDING)
{
RTGCPTR pPrivInstrGC = pPatch->patch.pPrivInstrGC;
Log(("PATMR3HandleTrap: disable operation is pending for patch at %VGv\n", pPatch->patch.pPrivInstrGC));
rc = PATMR3DisablePatch(pVM, pPatch->patch.pPrivInstrGC);
AssertReleaseMsg(rc != VWRN_PATCH_REMOVED, ("PATMR3DisablePatch removed patch at %VGv\n", pPrivInstrGC));
AssertMsg(pPatch->patch.uState == PATCH_DISABLED || pPatch->patch.uState == PATCH_UNUSABLE, ("Unexpected failure to disable patch state=%d rc=%Vrc\n", pPatch->patch.uState, rc));
}
pPatchToGuestRec = (PRECPATCHTOGUEST)RTAvlU32GetBestFit(&pPatch->patch.Patch2GuestAddrTree, offset, false);
AssertReleaseMsg(pPatchToGuestRec, ("PATMR3HandleTrap: Unable to find corresponding guest address for %VGv (offset %x)\n", pEip, offset));
pNewEip = pPatchToGuestRec->pOrgInstrGC;
pPatch->patch.cTraps++;
PATM_STAT_FAULT_INC(&pPatch->patch);
}
else
AssertReleaseMsg(pVM->patm.s.pGCStateHC->fPIF == 0, ("PATMR3HandleTrap: Unable to find translation record for %VGv (PIF=0)\n", pEip));
/* Check if we were interrupted in PATM generated instruction code. */
if (pVM->patm.s.pGCStateHC->fPIF == 0)
{
DISCPUSTATE Cpu;
rc = CPUMR3DisasmInstrCPU(pVM, pCtx, pEip, &Cpu, "PIF Trap: ");
AssertRC(rc);
if ( rc == VINF_SUCCESS
&& ( Cpu.pCurInstr->opcode == OP_PUSHF
|| Cpu.pCurInstr->opcode == OP_PUSH
|| Cpu.pCurInstr->opcode == OP_CALL)
)
{
uint64_t fFlags;
STAM_COUNTER_INC(&pVM->patm.s.StatPushTrap);
if (Cpu.pCurInstr->opcode == OP_PUSH)
{
rc = PGMShwGetPage(pVM, pCtx->esp, &fFlags, NULL);
if ( rc == VINF_SUCCESS
&& ((fFlags & (X86_PTE_P|X86_PTE_RW)) == (X86_PTE_P|X86_PTE_RW)) )
{
/* The stack address is fine, so the push argument is a pointer -> emulate this instruction */
/* Reset the PATM stack. */
CTXSUFF(pVM->patm.s.pGCState)->Psp = PATM_STACK_SIZE;
pVM->patm.s.pGCStateHC->fPIF = 1;
Log(("Faulting push -> go back to the original instruction\n"));
/* continue at the original instruction */
*ppNewEip = pNewEip - SELMToFlat(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid, 0);
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return VINF_SUCCESS;
}
}
/* Typical pushf (most patches)/push (call patch) trap because of a monitored page. */
rc = PGMShwModifyPage(pVM, pCtx->esp, 1, X86_PTE_RW, ~(uint64_t)X86_PTE_RW);
AssertMsgRC(rc, ("PGMShwModifyPage -> rc=%Vrc\n", rc));
if (rc == VINF_SUCCESS)
{
/* The guest page *must* be present. */
rc = PGMGstGetPage(pVM, pCtx->esp, &fFlags, NULL);
if (rc == VINF_SUCCESS && (fFlags & X86_PTE_P))
{
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return VINF_PATCH_CONTINUE;
}
}
}
char szBuf[256];
szBuf[0] = '\0';
DBGFR3DisasInstr(pVM, pCtx->cs, pEip, szBuf, sizeof(szBuf));
/* Very bad. We crashed in emitted code. Probably stack? */
if (pPatch)
{
AssertReleaseMsg(pVM->patm.s.pGCStateHC->fPIF == 1,
("Crash in patch code %VGv (%VGv) esp=%RX32\nPatch state=%x flags=%x fDirty=%d\n%s\n", pEip, pNewEip, CPUMGetGuestESP(pVM), pPatch->patch.uState, pPatch->patch.flags, pPatchToGuestRec->fDirty, szBuf));
}
else
AssertReleaseMsg(pVM->patm.s.pGCStateHC->fPIF == 1,
("Crash in patch code %VGv (%VGv) esp=%RX32\n%s\n", pEip, pNewEip, CPUMGetGuestESP(pVM), szBuf));
EMR3FatalError(pVM, VERR_INTERNAL_ERROR);
}
/* From here on, we must have a valid patch to guest translation. */
if (pvPatchCoreOffset == 0)
{
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
AssertMsgFailed(("PATMR3HandleTrap: patch not found at address %VGv!!\n", pEip));
return VERR_PATCH_NOT_FOUND; //fatal error
}
/* Take care of dirty/changed instructions. */
if (pPatchToGuestRec->fDirty)
{
Assert(pPatchToGuestRec->Core.Key == offset);
Assert(pVM->patm.s.pGCStateHC->fPIF == 1);
rc = patmR3HandleDirtyInstr(pVM, pCtx, pPatch, pPatchToGuestRec, pEip);
if (VBOX_SUCCESS(rc))
{
/* Retry the current instruction. */
pNewEip = pEip;
rc = VINF_PATCH_CONTINUE; /* Continue at current patch instruction. */
}
else
{
/* Reset the PATM stack. */
CTXSUFF(pVM->patm.s.pGCState)->Psp = PATM_STACK_SIZE;
rc = VINF_SUCCESS; /* Continue at original instruction. */
}
*ppNewEip = pNewEip - SELMToFlat(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid, 0);
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return rc;
}
#ifdef VBOX_STRICT
if (pPatch->patch.flags & PATMFL_DUPLICATE_FUNCTION)
{
DISCPUSTATE cpu;
bool disret;
uint32_t opsize;
cpu.mode = (pPatch->patch.flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, &pPatch->patch, &cpu, pNewEip, PATMGCVirtToHCVirt(pVM, &pPatch->patch, pNewEip), &opsize, NULL, PATMREAD_RAWCODE);
if (disret && cpu.pCurInstr->opcode == OP_RETN)
{
RTGCPTR retaddr;
PCPUMCTX pCtx;
int rc;
rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
AssertRC(rc);
rc = PGMPhysReadGCPtr(pVM, &retaddr, pCtx->esp, sizeof(retaddr));
AssertRC(rc);
Log(("Return failed at %VGv (%VGv)\n", pEip, pNewEip));
Log(("Expected return address %VGv found address %VGv Psp=%x\n", pVM->patm.s.pGCStackHC[(pVM->patm.s.pGCStateHC->Psp+PATM_STACK_SIZE)/sizeof(RTGCPTR)], retaddr, pVM->patm.s.pGCStateHC->Psp));
}
}
#endif
/* Return original address, correct by subtracting the CS base address. */
*ppNewEip = pNewEip - SELMToFlat(pVM, pCtx->eflags, pCtx->cs, &pCtx->csHid, 0);
/* Reset the PATM stack. */
CTXSUFF(pVM->patm.s.pGCState)->Psp = PATM_STACK_SIZE;
if (pVM->patm.s.pGCStateHC->GCPtrInhibitInterrupts == pNewEip)
{
/* Must be a faulting instruction after sti; currently only sysexit, hlt or iret */
Log(("PATMR3HandleTrap %VGv -> inhibit irqs set!\n", pEip));
#ifdef VBOX_STRICT
DISCPUSTATE cpu;
bool disret;
uint32_t opsize;
cpu.mode = (pPatch->patch.flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, &pPatch->patch, &cpu, pNewEip, PATMGCVirtToHCVirt(pVM, &pPatch->patch, pNewEip), &opsize, NULL, PATMREAD_ORGCODE);
if (disret && (cpu.pCurInstr->opcode == OP_SYSEXIT || cpu.pCurInstr->opcode == OP_HLT || cpu.pCurInstr->opcode == OP_INT3))
{
cpu.mode = (pPatch->patch.flags & PATMFL_CODE32) ? CPUMODE_32BIT : CPUMODE_16BIT;
disret = PATMR3DISInstr(pVM, &pPatch->patch, &cpu, pNewEip, PATMGCVirtToHCVirt(pVM, &pPatch->patch, pNewEip), &opsize, NULL, PATMREAD_RAWCODE);
Assert(cpu.pCurInstr->opcode == OP_SYSEXIT || cpu.pCurInstr->opcode == OP_HLT || cpu.pCurInstr->opcode == OP_IRET);
}
#endif
EMSetInhibitInterruptsPC(pVM, pNewEip);
pVM->patm.s.pGCStateHC->GCPtrInhibitInterrupts = 0;
}
Log2(("pPatchBlockGC %VGv - pEip %VGv corresponding GC address %VGv\n", PATCHCODE_PTR_GC(&pPatch->patch), pEip, pNewEip));
if (pNewEip >= pPatch->patch.pPrivInstrGC && pNewEip < pPatch->patch.pPrivInstrGC + pPatch->patch.cbPatchJump)
{
/* We can't jump back to code that we've overwritten with a 5 byte jump! */
Log(("Disabling patch at location %VGv due to trap too close to the privileged instruction \n", pPatch->patch.pPrivInstrGC));
PATMR3DisablePatch(pVM, pPatch->patch.pPrivInstrGC);
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return VERR_PATCH_DISABLED;
}
#ifdef PATM_REMOVE_PATCH_ON_TOO_MANY_TRAPS
/** @todo compare to nr of successful runs. add some aging algorithm and determine the best time to disable the patch */
if (pPatch->patch.cTraps > MAX_PATCH_TRAPS)
{
Log(("Disabling patch at location %VGv due to too many traps inside patch code\n", pPatch->patch.pPrivInstrGC));
//we are only wasting time, back out the patch
PATMR3DisablePatch(pVM, pPatch->patch.pPrivInstrGC);
pTrapRec->pNextPatchInstr = 0;
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return VERR_PATCH_DISABLED;
}
#endif
STAM_PROFILE_ADV_STOP(&pVM->patm.s.StatHandleTrap, a);
return VINF_SUCCESS;
}
/**
* Handle page-fault in monitored page
*
* @returns VBox status code.
* @param pVM The VM to operate on.
*/
PATMR3DECL(int) PATMR3HandleMonitoredPage(PVM pVM)
{
RTGCPTR addr = pVM->patm.s.pvFaultMonitor;
addr &= PAGE_BASE_GC_MASK;
int rc = PGMHandlerVirtualDeregister(pVM, addr);
AssertRC(rc); NOREF(rc);
PPATMPATCHREC pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, addr, false);
if (pPatchRec && pPatchRec->patch.uState == PATCH_ENABLED && PAGE_ADDRESS(pPatchRec->patch.pPrivInstrGC) == PAGE_ADDRESS(addr))
{
STAM_COUNTER_INC(&pVM->patm.s.StatMonitored);
Log(("Renewing patch at %VGv\n", pPatchRec->patch.pPrivInstrGC));
rc = PATMR3DisablePatch(pVM, pPatchRec->patch.pPrivInstrGC);
if (rc == VWRN_PATCH_REMOVED)
return VINF_SUCCESS;
PATMR3EnablePatch(pVM, pPatchRec->patch.pPrivInstrGC);
if (addr == pPatchRec->patch.pPrivInstrGC)
addr++;
}
for(;;)
{
pPatchRec = (PPATMPATCHREC)RTAvloGCPtrGetBestFit(&pVM->patm.s.PatchLookupTreeHC->PatchTree, addr, true);
if (!pPatchRec || PAGE_ADDRESS(pPatchRec->patch.pPrivInstrGC) != PAGE_ADDRESS(addr))
break;
if (pPatchRec && pPatchRec->patch.uState == PATCH_ENABLED)
{
STAM_COUNTER_INC(&pVM->patm.s.StatMonitored);
Log(("Renewing patch at %VGv\n", pPatchRec->patch.pPrivInstrGC));
PATMR3DisablePatch(pVM, pPatchRec->patch.pPrivInstrGC);
PATMR3EnablePatch(pVM, pPatchRec->patch.pPrivInstrGC);
}
addr = pPatchRec->patch.pPrivInstrGC + 1;
}
pVM->patm.s.pvFaultMonitor = 0;
return VINF_SUCCESS;
}
#ifdef VBOX_WITH_STATISTICS
static const char *PATMPatchType(PVM pVM, PPATCHINFO pPatch)
{
if (pPatch->flags & PATMFL_SYSENTER)
{
return "SYSENT";
}
else
if (pPatch->flags & (PATMFL_TRAPHANDLER|PATMFL_INTHANDLER))
{
static char szTrap[16];
uint32_t iGate;
iGate = TRPMR3QueryGateByHandler(pVM, PATCHCODE_PTR_GC(pPatch));
if (iGate < 256)
RTStrPrintf(szTrap, sizeof(szTrap), (pPatch->flags & PATMFL_INTHANDLER) ? "INT-%2X" : "TRAP-%2X", iGate);
else
RTStrPrintf(szTrap, sizeof(szTrap), (pPatch->flags & PATMFL_INTHANDLER) ? "INT-??" : "TRAP-??");
return szTrap;
}
else
if (pPatch->flags & (PATMFL_DUPLICATE_FUNCTION))
return "DUPFUNC";
else
if (pPatch->flags & PATMFL_REPLACE_FUNCTION_CALL)
return "FUNCCALL";
else
if (pPatch->flags & PATMFL_TRAMPOLINE)
return "TRAMP";
else
return patmGetInstructionString(pPatch->opcode, pPatch->flags);
}
static const char *PATMPatchState(PVM pVM, PPATCHINFO pPatch)
{
switch(pPatch->uState)
{
case PATCH_ENABLED:
return "ENA";
case PATCH_DISABLED:
return "DIS";
case PATCH_DIRTY:
return "DIR";
case PATCH_UNUSABLE:
return "UNU";
case PATCH_REFUSED:
return "REF";
case PATCH_DISABLE_PENDING:
return "DIP";
default:
AssertFailed();
return " ";
}
}
/**
* Resets the sample.
* @param pVM The VM handle.
* @param pvSample The sample registered using STAMR3RegisterCallback.
*/
static void patmResetStat(PVM pVM, void *pvSample)
{
PPATCHINFO pPatch = (PPATCHINFO)pvSample;
Assert(pPatch);
pVM->patm.s.pStatsHC[pPatch->uPatchIdx].u32A = 0;
pVM->patm.s.pStatsHC[pPatch->uPatchIdx].u32B = 0;
}
/**
* Prints the sample into the buffer.
*
* @param pVM The VM handle.
* @param pvSample The sample registered using STAMR3RegisterCallback.
* @param pszBuf The buffer to print into.
* @param cchBuf The size of the buffer.
*/
static void patmPrintStat(PVM pVM, void *pvSample, char *pszBuf, size_t cchBuf)
{
PPATCHINFO pPatch = (PPATCHINFO)pvSample;
Assert(pPatch);
Assert(pPatch->uState != PATCH_REFUSED);
Assert(!(pPatch->flags & (PATMFL_REPLACE_FUNCTION_CALL|PATMFL_MMIO_ACCESS)));
RTStrPrintf(pszBuf, cchBuf, "size %04x ->%3s %8s - %08d - %08d",
pPatch->cbPatchBlockSize, PATMPatchState(pVM, pPatch), PATMPatchType(pVM, pPatch),
pVM->patm.s.pStatsHC[pPatch->uPatchIdx].u32A, pVM->patm.s.pStatsHC[pPatch->uPatchIdx].u32B);
}
/**
* Returns the GC address of the corresponding patch statistics counter
*
* @returns Stat address
* @param pVM The VM to operate on.
* @param pPatch Patch structure
*/
RTGCPTR patmPatchQueryStatAddress(PVM pVM, PPATCHINFO pPatch)
{
Assert(pPatch->uPatchIdx != PATM_STAT_INDEX_NONE);
return pVM->patm.s.pStatsGC + sizeof(STAMRATIOU32) * pPatch->uPatchIdx + RT_OFFSETOF(STAMRATIOU32, u32A);
}
#endif /* VBOX_WITH_STATISTICS */
#ifdef VBOX_WITH_DEBUGGER
/**
* The '.patmoff' command.
*
* @returns VBox status.
* @param pCmd Pointer to the command descriptor (as registered).
* @param pCmdHlp Pointer to command helper functions.
* @param pVM Pointer to the current VM (if any).
* @param paArgs Pointer to (readonly) array of arguments.
* @param cArgs Number of arguments in the array.
*/
static DECLCALLBACK(int) patmr3CmdOff(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PVM pVM, PCDBGCVAR paArgs, unsigned cArgs, PDBGCVAR pResult)
{
/*
* Validate input.
*/
if (!pVM)
return pCmdHlp->pfnPrintf(pCmdHlp, NULL, "error: The command requires VM to be selected.\n");
RTAvloGCPtrDoWithAll(&pVM->patm.s.PatchLookupTreeHC->PatchTree, true, DisableAllPatches, pVM);
PATMR3AllowPatching(pVM, false);
return pCmdHlp->pfnPrintf(pCmdHlp, NULL, "Patching disabled\n");
}
/**
* The '.patmon' command.
*
* @returns VBox status.
* @param pCmd Pointer to the command descriptor (as registered).
* @param pCmdHlp Pointer to command helper functions.
* @param pVM Pointer to the current VM (if any).
* @param paArgs Pointer to (readonly) array of arguments.
* @param cArgs Number of arguments in the array.
*/
static DECLCALLBACK(int) patmr3CmdOn(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PVM pVM, PCDBGCVAR paArgs, unsigned cArgs, PDBGCVAR pResult)
{
/*
* Validate input.
*/
if (!pVM)
return pCmdHlp->pfnPrintf(pCmdHlp, NULL, "error: The command requires VM to be selected.\n");
PATMR3AllowPatching(pVM, true);
RTAvloGCPtrDoWithAll(&pVM->patm.s.PatchLookupTreeHC->PatchTree, true, EnableAllPatches, pVM);
return pCmdHlp->pfnPrintf(pCmdHlp, NULL, "Patching enabled\n");
}
#endif