csamCodePageWriteHandler(PVM pVM, PVMCPU pVCpu, RTGCPTR GCPtr, void *pvPtr, void *pvBuf, size_t cbBuf,
PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
{
Log(("csamCodePageWriteHandler: write to %RGv LB %zu\n", GCPtr, cbBuf));
Assert(enmAccessType == PGMACCESSTYPE_WRITE); NOREF(enmAccessType);
Assert(VMCPU_IS_EMT(pVCpu));
/*
* Check if it's a dummy write that doesn't change anything.
*/
if ( PAGE_ADDRESS(pvPtr) == PAGE_ADDRESS((uintptr_t)pvPtr + cbBuf - 1)
&& !memcmp(pvPtr, pvBuf, cbBuf))
{
Log(("csamCodePageWriteHandler: dummy write -> ignore\n"));
return VINF_PGM_HANDLER_DO_DEFAULT;
}
#ifdef IN_RING3
/*
* Ring-3: Do proper handling.
*/
int rc = PATMR3PatchWrite(pVM, GCPtr, (uint32_t)cbBuf);
AssertRC(rc);
return VINF_PGM_HANDLER_DO_DEFAULT;
#else
/*
* Raw-mode: Try avoid needing to go to ring-3 (same as csamRCCodePageWritePfHandler).
*/
uint32_t const cpl = CPUMGetGuestCPL(pVCpu);
bool const fPatchCode = PATMIsPatchGCAddr(pVM, CPUMGetGuestRIP(pVCpu));
PPATMGCSTATE pPATMGCState = PATMGetGCState(pVM);
Assert(pVM->csam.s.cDirtyPages < CSAM_MAX_DIRTY_PAGES);
Assert(pPATMGCState);
Assert(pPATMGCState->fPIF || fPatchCode);
# ifdef VBOX_WITH_REM
/* Flush the recompilers translation block cache as the guest seems to be modifying instructions. */
/** @todo a bit overkill?? */
REMFlushTBs(pVM);
# endif
/*
* When patch code is executing instructions that must complete, then we
* must *never* interrupt it.
*/
if (!pPATMGCState->fPIF && fPatchCode)
{
Log(("csamRCCodePageWriteHandler: fPIF=0 -> stack fault in patch generated code at %08RX32!\n", CPUMGetGuestRIP(pVCpu)));
return VINF_PGM_HANDLER_DO_DEFAULT;
}
Log(("csamRCCodePageWriteHandler: code page write at %RGv (cpl=%d)\n", GCPtr, cpl));
/*
* If user code is modifying one of our monitored pages, then we can safely
* write to it as it's no longer being used for supervisor code.
*/
if (cpl != 3)
{
VBOXSTRICTRC rcStrict = PATMRCHandleWriteToPatchPage(pVM, NULL /* pRegFrame = no interpret */, (RTRCPTR)GCPtr, cbBuf);
if ( rcStrict == VINF_PGM_HANDLER_DO_DEFAULT
|| rcStrict == VINF_SUCCESS)
return rcStrict;
if (rcStrict == VINF_EM_RAW_EMULATE_INSTR)
{
STAM_COUNTER_INC(&pVM->csam.s.StatDangerousWrite);
return VINF_EM_RAW_EMULATE_INSTR;
}
Assert(rcStrict == VERR_PATCH_NOT_FOUND);
}
/*
* Schedule ring-3 activity.
* Note that GCPtr might be a different address in case of aliases. So,
* take down both alternatives.
*/
VMCPU_FF_SET(pVCpu, VMCPU_FF_CSAM_PENDING_ACTION);
pVM->csam.s.pvDirtyBasePage[pVM->csam.s.cDirtyPages] = (RTRCPTR)GCPtr;
pVM->csam.s.pvDirtyFaultPage[pVM->csam.s.cDirtyPages] = (RTRCPTR)GCPtr;
if (++pVM->csam.s.cDirtyPages == CSAM_MAX_DIRTY_PAGES)
return VINF_CSAM_PENDING_ACTION;
/*
* Continue with the write. The VM_FF_CSAM_FLUSH_DIRTY_PAGE handler will reset it to readonly again.
*/
Log(("csamRCCodePageWriteHandler: enabled r/w for page %RGv (%RGv)\n", GCPtr, GCPtr));
STAM_COUNTER_INC(&pVM->csam.s.StatCodePageModified);
return VINF_PGM_HANDLER_DO_DEFAULT;
#endif
}
/**
* \#PF Handler callback for virtual access handler ranges. (CSAM self-modifying
* code monitor)
*
* Important to realize that a physical page in a range can have aliases, and
* for ALL and WRITE handlers these will also trigger.
*
* @returns VBox status code (appropriate for GC return).
* @param pVM Pointer to the VM.
* @param uErrorCode CPU Error code.
* @param pRegFrame Trap register frame.
* @param pvFault The fault address (cr2).
* @param pvRange The base address of the handled virtual range.
* @param offRange The offset of the access into this range.
* (If it's a EIP range this is the EIP, if not it's pvFault.)
*/
VMMRCDECL(int) CSAMGCCodePageWriteHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange)
{
PPATMGCSTATE pPATMGCState;
bool fPatchCode = PATMIsPatchGCAddr(pVM, pRegFrame->eip);
int rc;
PVMCPU pVCpu = VMMGetCpu0(pVM);
NOREF(uErrorCode);
Assert(pVM->csam.s.cDirtyPages < CSAM_MAX_DIRTY_PAGES);
#ifdef VBOX_WITH_REM
/* Flush the recompilers translation block cache as the guest seems to be modifying instructions. */
REMFlushTBs(pVM);
#endif
pPATMGCState = PATMGetGCState(pVM);
Assert(pPATMGCState);
Assert(pPATMGCState->fPIF || fPatchCode);
/** When patch code is executing instructions that must complete, then we must *never* interrupt it. */
if (!pPATMGCState->fPIF && fPatchCode)
{
Log(("CSAMGCCodePageWriteHandler: fPIF=0 -> stack fault in patch generated code at %08RX32!\n", pRegFrame->eip));
/** @note there are cases when pages previously used for code are now used for stack; patch generated code will fault (pushf))
* Just make the page r/w and continue.
*/
/*
* Make this particular page R/W.
*/
rc = PGMShwMakePageWritable(pVCpu, pvFault, PGM_MK_PG_IS_WRITE_FAULT);
AssertMsgRC(rc, ("PGMShwModifyPage -> rc=%Rrc\n", rc));
ASMInvalidatePage((void *)(uintptr_t)pvFault);
return VINF_SUCCESS;
}
uint32_t cpl;
if (pRegFrame->eflags.Bits.u1VM)
cpl = 3;
else
cpl = (pRegFrame->ss.Sel & X86_SEL_RPL);
Log(("CSAMGCCodePageWriteHandler: code page write at %RGv original address %RGv (cpl=%d)\n", pvFault, (RTGCUINTPTR)pvRange + offRange, cpl));
/* If user code is modifying one of our monitored pages, then we can safely make it r/w as it's no longer being used for supervisor code. */
if (cpl != 3)
{
rc = PATMRCHandleWriteToPatchPage(pVM, pRegFrame, (RTRCPTR)((RTRCUINTPTR)pvRange + offRange), 4 /** @todo */);
if (rc == VINF_SUCCESS)
return rc;
if (rc == VINF_EM_RAW_EMULATE_INSTR)
{
STAM_COUNTER_INC(&pVM->csam.s.StatDangerousWrite);
return VINF_EM_RAW_EMULATE_INSTR;
}
Assert(rc == VERR_PATCH_NOT_FOUND);
}
VMCPU_FF_SET(pVCpu, VMCPU_FF_CSAM_PENDING_ACTION);
/* Note that pvFault might be a different address in case of aliases. So use pvRange + offset instead!. */
pVM->csam.s.pvDirtyBasePage[pVM->csam.s.cDirtyPages] = (RTRCPTR)((RTRCUINTPTR)pvRange + offRange);
pVM->csam.s.pvDirtyFaultPage[pVM->csam.s.cDirtyPages] = (RTRCPTR)((RTRCUINTPTR)pvRange + offRange);
if (++pVM->csam.s.cDirtyPages == CSAM_MAX_DIRTY_PAGES)
return VINF_CSAM_PENDING_ACTION;
/*
* Make this particular page R/W. The VM_FF_CSAM_FLUSH_DIRTY_PAGE handler will reset it to readonly again.
*/
Log(("CSAMGCCodePageWriteHandler: enabled r/w for page %RGv\n", pvFault));
rc = PGMShwMakePageWritable(pVCpu, pvFault, PGM_MK_PG_IS_WRITE_FAULT);
AssertMsgRC(rc, ("PGMShwModifyPage -> rc=%Rrc\n", rc));
ASMInvalidatePage((void *)(uintptr_t)pvFault);
STAM_COUNTER_INC(&pVM->csam.s.StatCodePageModified);
return VINF_SUCCESS;
}
