/**
* Process raw-mode specific forced actions.
*
* This function is called when any FFs in the VM_FF_HIGH_PRIORITY_PRE_RAW_MASK is pending.
*
* @returns VBox status code. May return VINF_EM_NO_MEMORY but none of the other
* EM statuses.
* @param pVM The cross context VM structure.
* @param pVCpu The cross context virtual CPU structure.
* @param pCtx Pointer to the guest CPU context.
*/
static int emR3HmForcedActions(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
{
/*
* Sync page directory.
*/
if (VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
{
Assert(pVCpu->em.s.enmState != EMSTATE_WAIT_SIPI);
int rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
if (RT_FAILURE(rc))
return rc;
#ifdef VBOX_WITH_RAW_MODE
Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT));
#endif
/* Prefetch pages for EIP and ESP. */
/** @todo This is rather expensive. Should investigate if it really helps at all. */
rc = PGMPrefetchPage(pVCpu, SELMToFlat(pVM, DISSELREG_CS, CPUMCTX2CORE(pCtx), pCtx->rip));
if (rc == VINF_SUCCESS)
rc = PGMPrefetchPage(pVCpu, SELMToFlat(pVM, DISSELREG_SS, CPUMCTX2CORE(pCtx), pCtx->rsp));
if (rc != VINF_SUCCESS)
{
if (rc != VINF_PGM_SYNC_CR3)
{
AssertLogRelMsgReturn(RT_FAILURE(rc), ("%Rrc\n", rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
return rc;
}
rc = PGMSyncCR3(pVCpu, pCtx->cr0, pCtx->cr3, pCtx->cr4, VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
if (RT_FAILURE(rc))
return rc;
}
/** @todo maybe prefetch the supervisor stack page as well */
#ifdef VBOX_WITH_RAW_MODE
Assert(!VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_SELM_SYNC_GDT | VMCPU_FF_SELM_SYNC_LDT));
#endif
}
/*
* Allocate handy pages (just in case the above actions have consumed some pages).
*/
if (VM_FF_IS_PENDING_EXCEPT(pVM, VM_FF_PGM_NEED_HANDY_PAGES, VM_FF_PGM_NO_MEMORY))
{
int rc = PGMR3PhysAllocateHandyPages(pVM);
if (RT_FAILURE(rc))
return rc;
}
/*
* Check whether we're out of memory now.
*
* This may stem from some of the above actions or operations that has been executed
* since we ran FFs. The allocate handy pages must for instance always be followed by
* this check.
*/
if (VM_FF_IS_PENDING(pVM, VM_FF_PGM_NO_MEMORY))
return VINF_EM_NO_MEMORY;
return VINF_SUCCESS;
}
RT_C_DECLS_END
/**
* Exits the trap, called when exiting a trap handler.
*
* Will reset the trap if it's not a guest trap or the trap
* is already handled. Will process resume guest FFs.
*
* @returns rc, can be adjusted if its VINF_SUCCESS or something really bad
* happened.
* @param pVM Pointer to the VM.
* @param pVCpu Pointer to the VMCPU.
* @param rc The VBox status code to return.
* @param pRegFrame Pointer to the register frame for the trap.
*
* @remarks This must not be used for hypervisor traps, only guest traps.
*/
static int trpmGCExitTrap(PVM pVM, PVMCPU pVCpu, int rc, PCPUMCTXCORE pRegFrame)
{
uint32_t uOldActiveVector = pVCpu->trpm.s.uActiveVector;
NOREF(uOldActiveVector);
/* Reset trap? */
if ( rc != VINF_EM_RAW_GUEST_TRAP
&& rc != VINF_EM_RAW_RING_SWITCH_INT)
pVCpu->trpm.s.uActiveVector = UINT32_MAX;
#ifdef VBOX_HIGH_RES_TIMERS_HACK
/*
* We should poll the timers occasionally.
* We must *NOT* do this too frequently as it adds a significant overhead
* and it'll kill us if the trap load is high. (See @bugref{1354}.)
* (The heuristic is not very intelligent, we should really check trap
* frequency etc. here, but alas, we lack any such information atm.)
*/
static unsigned s_iTimerPoll = 0;
if (rc == VINF_SUCCESS)
{
if (!(++s_iTimerPoll & 0xf))
{
TMTimerPollVoid(pVM, pVCpu);
Log2(("TMTimerPoll at %08RX32 - VM_FF_TM_VIRTUAL_SYNC=%d VM_FF_TM_VIRTUAL_SYNC=%d\n", pRegFrame->eip,
VM_FF_ISPENDING(pVM, VM_FF_TM_VIRTUAL_SYNC), VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TIMER)));
}
}
else
s_iTimerPoll = 0;
#endif
/* Clear pending inhibit interrupt state if required. (necessary for dispatching interrupts later on) */
if (VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS))
{
Log2(("VM_FF_INHIBIT_INTERRUPTS at %08RX32 successor %RGv\n", pRegFrame->eip, EMGetInhibitInterruptsPC(pVCpu)));
if (pRegFrame->eip != EMGetInhibitInterruptsPC(pVCpu))
{
/** @note we intentionally don't clear VM_FF_INHIBIT_INTERRUPTS here if the eip is the same as the inhibited instr address.
* Before we are able to execute this instruction in raw mode (iret to guest code) an external interrupt might
* force a world switch again. Possibly allowing a guest interrupt to be dispatched in the process. This could
* break the guest. Sounds very unlikely, but such timing sensitive problem are not as rare as you might think.
*/
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
}
}
/*
* Pending resume-guest-FF?
* Or pending (A)PIC interrupt? Windows XP will crash if we delay APIC interrupts.
*/
if ( rc == VINF_SUCCESS
&& ( VM_FF_ISPENDING(pVM, VM_FF_TM_VIRTUAL_SYNC | VM_FF_REQUEST | VM_FF_PGM_NO_MEMORY | VM_FF_PDM_DMA)
|| VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TIMER | VMCPU_FF_TO_R3 | VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC
| VMCPU_FF_REQUEST | VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
| VMCPU_FF_PDM_CRITSECT)
)
)
{
/* The out of memory condition naturally outranks the others. */
if (RT_UNLIKELY(VM_FF_ISPENDING(pVM, VM_FF_PGM_NO_MEMORY)))
rc = VINF_EM_NO_MEMORY;
/* Pending Ring-3 action. */
else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TO_R3 | VMCPU_FF_PDM_CRITSECT))
{
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
rc = VINF_EM_RAW_TO_R3;
}
/* Pending timer action. */
else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_TIMER))
rc = VINF_EM_RAW_TIMER_PENDING;
/* The Virtual Sync clock has stopped. */
else if (VM_FF_ISPENDING(pVM, VM_FF_TM_VIRTUAL_SYNC))
rc = VINF_EM_RAW_TO_R3;
/* DMA work pending? */
else if (VM_FF_ISPENDING(pVM, VM_FF_PDM_DMA))
rc = VINF_EM_RAW_TO_R3;
/* Pending request packets might contain actions that need immediate
attention, such as pending hardware interrupts. */
else if ( VM_FF_ISPENDING(pVM, VM_FF_REQUEST)
|| VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_REQUEST))
rc = VINF_EM_PENDING_REQUEST;
/* Pending interrupt: dispatch it. */
else if ( VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC)
&& !VMCPU_FF_ISSET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
&& PATMAreInterruptsEnabledByCtxCore(pVM, pRegFrame)
)
{
uint8_t u8Interrupt;
rc = PDMGetInterrupt(pVCpu, &u8Interrupt);
Log(("trpmGCExitTrap: u8Interrupt=%d (%#x) rc=%Rrc\n", u8Interrupt, u8Interrupt, rc));
AssertFatalMsgRC(rc, ("PDMGetInterrupt failed with %Rrc\n", rc));
rc = TRPMForwardTrap(pVCpu, pRegFrame, (uint32_t)u8Interrupt, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_HARDWARE_INT, uOldActiveVector);
/* can't return if successful */
Assert(rc != VINF_SUCCESS);
/* Stop the profile counter that was started in TRPMGCHandlersA.asm */
Assert(uOldActiveVector <= 16);
STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
/* Assert the trap and go to the recompiler to dispatch it. */
TRPMAssertTrap(pVCpu, u8Interrupt, TRPM_HARDWARE_INT);
STAM_PROFILE_ADV_START(&pVM->trpm.s.aStatGCTraps[uOldActiveVector], a);
rc = VINF_EM_RAW_INTERRUPT_PENDING;
}
/*
* Try sync CR3?
*/
else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
{
#if 1
PGMRZDynMapReleaseAutoSet(pVCpu);
PGMRZDynMapStartAutoSet(pVCpu);
rc = PGMSyncCR3(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR3(pVCpu), CPUMGetGuestCR4(pVCpu), VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
#else
rc = VINF_PGM_SYNC_CR3;
#endif
}
}
AssertMsg( rc != VINF_SUCCESS
|| ( pRegFrame->eflags.Bits.u1IF
&& ( pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss.Sel & X86_SEL_RPL) || pRegFrame->eflags.Bits.u1VM))
, ("rc=%Rrc\neflags=%RX32 ss=%RTsel IOPL=%d\n", rc, pRegFrame->eflags.u32, pRegFrame->ss.Sel, pRegFrame->eflags.Bits.u2IOPL));
PGMRZDynMapReleaseAutoSet(pVCpu);
return rc;
}
/* execute the switch. */
VMMR3DECL(int) VMMDoHwAccmTest(PVM pVM)
{
uint32_t i;
int rc;
PCPUMCTX pHyperCtx, pGuestCtx;
RTGCPHYS CR3Phys = 0x0; /* fake address */
PVMCPU pVCpu = &pVM->aCpus[0];
if (!HWACCMR3IsAllowed(pVM))
{
RTPrintf("VMM: Hardware accelerated test not available!\n");
return VERR_ACCESS_DENIED;
}
/*
* These forced actions are not necessary for the test and trigger breakpoints too.
*/
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TRPM_SYNC_IDT);
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
/* Enable mapping of the hypervisor into the shadow page table. */
uint32_t cb;
rc = PGMR3MappingsSize(pVM, &cb);
AssertRCReturn(rc, rc);
/* Pretend the mappings are now fixed; to force a refresh of the reserved PDEs. */
rc = PGMR3MappingsFix(pVM, MM_HYPER_AREA_ADDRESS, cb);
AssertRCReturn(rc, rc);
pHyperCtx = CPUMGetHyperCtxPtr(pVCpu);
pHyperCtx->cr0 = X86_CR0_PE | X86_CR0_WP | X86_CR0_PG | X86_CR0_TS | X86_CR0_ET | X86_CR0_NE | X86_CR0_MP;
pHyperCtx->cr4 = X86_CR4_PGE | X86_CR4_OSFSXR | X86_CR4_OSXMMEEXCPT;
PGMChangeMode(pVCpu, pHyperCtx->cr0, pHyperCtx->cr4, pHyperCtx->msrEFER);
PGMSyncCR3(pVCpu, pHyperCtx->cr0, CR3Phys, pHyperCtx->cr4, true);
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TIMER);
VM_FF_CLEAR(pVM, VM_FF_TM_VIRTUAL_SYNC);
VM_FF_CLEAR(pVM, VM_FF_REQUEST);
/*
* Setup stack for calling VMMGCEntry().
*/
RTRCPTR RCPtrEP;
rc = PDMR3LdrGetSymbolRC(pVM, VMMGC_MAIN_MODULE_NAME, "VMMGCEntry", &RCPtrEP);
if (RT_SUCCESS(rc))
{
RTPrintf("VMM: VMMGCEntry=%RRv\n", RCPtrEP);
pHyperCtx = CPUMGetHyperCtxPtr(pVCpu);
/* Fill in hidden selector registers for the hypervisor state. */
SYNC_SEL(pHyperCtx, cs);
SYNC_SEL(pHyperCtx, ds);
SYNC_SEL(pHyperCtx, es);
SYNC_SEL(pHyperCtx, fs);
SYNC_SEL(pHyperCtx, gs);
SYNC_SEL(pHyperCtx, ss);
SYNC_SEL(pHyperCtx, tr);
/*
* Profile switching.
*/
RTPrintf("VMM: profiling switcher...\n");
Log(("VMM: profiling switcher...\n"));
uint64_t TickMin = ~0;
uint64_t tsBegin = RTTimeNanoTS();
uint64_t TickStart = ASMReadTSC();
for (i = 0; i < 1000000; i++)
{
CPUMSetHyperState(pVCpu, pVM->vmm.s.pfnCallTrampolineRC, pVCpu->vmm.s.pbEMTStackBottomRC, 0, 0);
CPUMPushHyper(pVCpu, 0);
CPUMPushHyper(pVCpu, VMMGC_DO_TESTCASE_HWACCM_NOP);
CPUMPushHyper(pVCpu, pVM->pVMRC);
CPUMPushHyper(pVCpu, 3 * sizeof(RTRCPTR)); /* stack frame size */
CPUMPushHyper(pVCpu, RCPtrEP); /* what to call */
pHyperCtx = CPUMGetHyperCtxPtr(pVCpu);
pGuestCtx = CPUMQueryGuestCtxPtr(pVCpu);
/* Copy the hypervisor context to make sure we have a valid guest context. */
*pGuestCtx = *pHyperCtx;
pGuestCtx->cr3 = CR3Phys;
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TO_R3);
VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_TIMER);
VM_FF_CLEAR(pVM, VM_FF_TM_VIRTUAL_SYNC);
uint64_t TickThisStart = ASMReadTSC();
rc = SUPR3CallVMMR0Fast(pVM->pVMR0, VMMR0_DO_HWACC_RUN, 0);
uint64_t TickThisElapsed = ASMReadTSC() - TickThisStart;
if (RT_FAILURE(rc))
{
Log(("VMM: R0 returned fatal %Rrc in iteration %d\n", rc, i));
VMMR3FatalDump(pVM, pVCpu, rc);
return rc;
}
if (TickThisElapsed < TickMin)
TickMin = TickThisElapsed;
}
uint64_t TickEnd = ASMReadTSC();
uint64_t tsEnd = RTTimeNanoTS();
uint64_t Elapsed = tsEnd - tsBegin;
uint64_t PerIteration = Elapsed / (uint64_t)i;
uint64_t cTicksElapsed = TickEnd - TickStart;
uint64_t cTicksPerIteration = cTicksElapsed / (uint64_t)i;
RTPrintf("VMM: %8d cycles in %11llu ns (%11lld ticks), %10llu ns/iteration (%11lld ticks) Min %11lld ticks\n",
i, Elapsed, cTicksElapsed, PerIteration, cTicksPerIteration, TickMin);
Log(("VMM: %8d cycles in %11llu ns (%11lld ticks), %10llu ns/iteration (%11lld ticks) Min %11lld ticks\n",
i, Elapsed, cTicksElapsed, PerIteration, cTicksPerIteration, TickMin));
rc = VINF_SUCCESS;
}
else
AssertMsgFailed(("Failed to resolved VMMGC.gc::VMMGCEntry(), rc=%Rrc\n", rc));
return rc;
}
