儲存庫 vbox 的更動 17035

時間撮記:

2009-2-23 下午10:26:39 (16 年 以前)

作者:

vboxsync

訊息:

VMM,REM: Brushed up the TR/TSS shadowing. We're now relying on the hidden TR registers in SELM and CPUM/REM will make sure these are always in sync. Joined CPUMGetGuestTRHid and CPUMGetGuestTR. Kicked out sync_tr (unused now) and SELMGCGetRing1Stack.

位置:

trunk

檔案:

• include/VBox/cpum.h (修改) (2 筆差異)
• include/VBox/selm.h (修改) (1 筆差異)
• src/VBox/VMM/SELM.cpp (修改) (4 筆差異)
• src/VBox/VMM/SELMInternal.h (修改) (1 筆差異)
• src/VBox/VMM/VMMAll/CPUMAllRegs.cpp (修改) (3 筆差異)
• src/VBox/VMM/VMMAll/SELMAll.cpp (修改) (6 筆差異)
• src/VBox/VMM/VMMGC/SELMGC.cpp (修改) (3 筆差異)
• src/recompiler_new/VBoxRecompiler.c (修改) (7 筆差異)
• src/recompiler_new/target-i386/helper.h (修改) (4 筆差異)
• src/recompiler_new/target-i386/op_helper.c (修改) (1 筆差異)

trunk/include/VBox/cpum.h

@@ -622 +622 @@
 VMMDECL(void)       CPUMGetGuestGDTR(PVM pVM, PVBOXGDTR pGDTR);
 VMMDECL(RTGCPTR)    CPUMGetGuestIDTR(PVM pVM, uint16_t *pcbLimit);
-VMMDECL(RTSEL)      CPUMGetGuestTR(PVM pVM);
+VMMDECL(RTSEL)      CPUMGetGuestTR(PVM pVM, PCPUMSELREGHID pHidden);
 VMMDECL(RTSEL)      CPUMGetGuestLDTR(PVM pVM);
 VMMDECL(uint64_t)   CPUMGetGuestCR0(PVM pVM);
@@ -661 +661 @@
 VMMDECL(uint32_t)   CPUMGetGuestCpuIdExtMax(PVM pVM);
 VMMDECL(uint32_t)   CPUMGetGuestCpuIdCentaurMax(PVM pVM);
-VMMDECL(CPUMSELREGHID *) CPUMGetGuestTRHid(PVM pVM);
 VMMDECL(uint64_t)   CPUMGetGuestEFER(PVM pVM);
 VMMDECL(uint64_t)   CPUMGetGuestMsr(PVM pVM, unsigned idMsr);

trunk/include/VBox/selm.h

@@ -45 +45 @@
 VMMDECL(RTSEL)      SELMGetTrap8Selector(PVM pVM);
 VMMDECL(void)       SELMSetTrap8EIP(PVM pVM, uint32_t u32EIP);
-VMMDECL(void)       SELMSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
 VMMDECL(int)        SELMGetRing1Stack(PVM pVM, uint32_t *pSS, PRTGCPTR32 pEsp);
 VMMDECL(RTGCPTR)    SELMGetGuestTSS(PVM pVM);

trunk/src/VBox/VMM/SELM.cpp

@@ -1430 +1430 @@
 
 /**
- * Check if the TSS ring 0 stack selector and pointer were updated (for now)
+ * Synchronize the shadowed fields in the TSS.
+ *
+ * At present we're shadowing the ring-0 stack selector & pointer, and the
+ * interrupt redirection bitmap (if present). We take the lazy approach wrt to
+ * REM and this function is called both if REM made any changes to the TSS or
+ * loaded TR.
  *
  * @returns VBox status code.
@@ -1445 +1450 @@
     }
 
-/** @todo r=bird: SELMR3SyncTSS should be VMMAll code.
- * All the base, size, flags and stuff must be kept up to date in the CPUM tr register.
- */
     STAM_PROFILE_START(&pVM->selm.s.StatTSSSync, a);
-
-    Assert(!VM_FF_ISSET(pVM, VM_FF_SELM_SYNC_GDT));
     Assert(VM_FF_ISSET(pVM, VM_FF_SELM_SYNC_TSS));
 
     /*
-     * TSS sync
-     */
-    RTSEL SelTss = CPUMGetGuestTR(pVM);
+     * Get TR and extract and store the basic info.
+     *
+     * Note! The TSS limit is not checked by the LTR code, so we
+     *       have to be a bit careful with it. We make sure cbTss
+     *       won't be zero if TR is valid and if it's NULL we'll
+     *       make sure cbTss is 0.
+     */
+    CPUMSELREGHID   trHid;
+    RTSEL           SelTss   = CPUMGetGuestTR(pVM, &trHid);
+    RTGCPTR         GCPtrTss = trHid.u64Base;
+    uint32_t        cbTss    = trHid.u32Limit;
+    Assert(     (SelTss & X86_SEL_MASK)
+           ||   (cbTss == 0 && GCPtrTss == 0 && trHid.Attr.u == 0 /* TR=0 */)
+           ||   (cbTss == 0xffff && GCPtrTss == 0 && trHid.Attr.n.u1Present && trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY /* RESET */));
     if (SelTss & X86_SEL_MASK)
     {
-        /** @todo r=bird: strictly speaking, this is wrong as we shouldn't bother with changes to
-         * the TSS selector once its loaded. There are a bunch of this kind of problems (see Sander's
-         * comment in the unzip defect)
-         * The first part here should only be done when we're loading TR. The latter part which is
-         * updating of the ss0:esp0 pair can be done by the access handler now since we can trap all
-         * accesses, also REM ones. */
-
-        /*
-         * Guest TR is not NULL.
-         */
-        PX86DESC    pDesc = &pVM->selm.s.paGdtR3[SelTss >> X86_SEL_SHIFT];
-        RTGCPTR     GCPtrTss = X86DESC_BASE(*pDesc);
-        unsigned    cbTss = X86DESC_LIMIT(*pDesc);
-        if (pDesc->Gen.u1Granularity)
-            cbTss = (cbTss << PAGE_SHIFT) | PAGE_OFFSET_MASK;
-        cbTss++;
-        pVM->selm.s.cbGuestTss = cbTss;
-        pVM->selm.s.fGuestTss32Bit = pDesc->Gen.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
-                                  || pDesc->Gen.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY;
-
-        /*
-         * Presently we monitor the TSS and the interrupt redirection bitmap if it's present.
-         * We're assuming the guest is playing nice and that the bits we're monitoring won't
-         * cross page boundraries. (The TSS core must be on a single page, while the bitmap
-         * probably doesn't need to be.)
-         */
-        if (cbTss > sizeof(VBOXTSS))
-            cbTss = sizeof(VBOXTSS);
-        AssertMsg((GCPtrTss >> PAGE_SHIFT) == ((GCPtrTss + cbTss - 1) >> PAGE_SHIFT),
-                  ("GCPtrTss=%RGv cbTss=%#x - We assume everything is inside one page!\n", GCPtrTss, cbTss));
-
-        // All system GDTs are marked not present above. That explains why this check fails.
-        //if (pDesc->Gen.u1Present)
-        /** @todo Handle only present TSS segments. */
-        {
+        Assert(!(SelTss & X86_SEL_LDT));
+        Assert(trHid.Attr.n.u1DescType == 0);
+        Assert(   trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY
+               || trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY);
+        if (++cbTss)
+            cbTss = UINT32_MAX;
+    }
+    else
+    {
+        Assert(   (cbTss == 0 && GCPtrTss == 0 && trHid.Attr.u == 0 /* TR=0 */)
+               || (cbTss == 0xffff && GCPtrTss == 0 && trHid.Attr.n.u1Present && trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY /* RESET */));
+        cbTss = 0; /* the reset case. */
+    }
+    pVM->selm.s.cbGuestTss     = cbTss;
+    pVM->selm.s.fGuestTss32Bit = trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
+                              || trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY;
+
+    /*
+     * Presently we monitor the TSS and the interrupt redirection bitmap if it's present.
+     * We're assuming the guest is playing nice and that the bits we're monitoring won't
+     * cross page boundraries. (The TSS core must be on a single page, while the bitmap
+     * probably doesn't need to be.)
+     */
+    uint32_t cbMonitoredTss = cbTss > sizeof(VBOXTSS) ? sizeof(VBOXTSS) : cbTss;
+
+    /*
+     * We're also completely uninterested in a 16-bit TSS.
+     */
+    if (    trHid.Attr.n.u4Type != X86_SEL_TYPE_SYS_386_TSS_AVAIL
+        &&  trHid.Attr.n.u4Type != X86_SEL_TYPE_SYS_386_TSS_BUSY)
+        cbMonitoredTss = 0;
+    AssertMsg((GCPtrTss >> PAGE_SHIFT) == ((GCPtrTss + cbMonitoredTss - 1) >> PAGE_SHIFT) || !cbMonitoredTss,
+              ("GCPtrTss=%RGv cbMonitoredTss=%#x - We assume everything is inside one page!\n", GCPtrTss, cbMonitoredTss));
+
+    /*
+     * Check for monitor changes and apply them.
+     */
+    if (    GCPtrTss        != pVM->selm.s.GCPtrGuestTss
+        ||  cbMonitoredTss  != pVM->selm.s.cbMonitoredGuestTss)
+    {
+        Log(("SELMR3SyncTSS: Guest's TSS is changed to pTss=%RGv cbMonitoredTss=%08X cbGuestTss=%#08x\n",
+             GCPtrTss, cbMonitoredTss, pVM->selm.s.cbGuestTss));
+
+        /* Release the old range first. */
+        if (pVM->selm.s.GCPtrGuestTss != RTRCPTR_MAX)
+        {
+            rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestTss);
+            AssertRC(rc);
+        }
+
+        /* Register the write handler if TS != 0. */
+        if (cbMonitoredTss != 0)
+        {
+            rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE, GCPtrTss, GCPtrTss + cbMonitoredTss - 1,
+                                             0, selmR3GuestTSSWriteHandler,
+                                             "selmRCGuestTSSWriteHandler", 0, "Guest TSS write access handler");
+            if (RT_FAILURE(rc))
+            {
+                STAM_PROFILE_STOP(&pVM->selm.s.StatUpdateFromCPUM, a);
+                return rc;
+            }
+
+            /* Update saved Guest TSS info. */
+            pVM->selm.s.GCPtrGuestTss       = GCPtrTss;
+            pVM->selm.s.cbMonitoredGuestTss = cbMonitoredTss;
+            pVM->selm.s.GCSelTss            = SelTss;
+        }
+        else
+        {
+            pVM->selm.s.GCPtrGuestTss       = RTRCPTR_MAX;
+            pVM->selm.s.cbMonitoredGuestTss = 0;
+            pVM->selm.s.GCSelTss            = 0;
+        }
+    }
+
+    /*
+     * Update the ring 0 stack selector and base address.
+     * (Reading up to and including offIoBitmap to save effort in the VME case.)
+     */
+    bool fNoRing1Stack = true;
+    if (cbMonitoredTss)
+    {
+        VBOXTSS Tss;
+        rc = PGMPhysSimpleReadGCPtr(pVM, &Tss, GCPtrTss, RT_OFFSETOF(VBOXTSS, offIoBitmap) + sizeof(Tss.offIoBitmap));
+        if (RT_SUCCESS(rc))
+        {
+#ifdef LOG_ENABLED
+            if (LogIsEnabled())
+            {
+                uint32_t ssr0, espr0;
+                SELMGetRing1Stack(pVM, &ssr0, &espr0);
+                if ((ssr0 & ~1) != Tss.ss0 || espr0 != Tss.esp0)
+                {
+                    RTGCPHYS GCPhys = NIL_RTGCPHYS;
+                    rc = PGMGstGetPage(pVM, GCPtrTss, NULL, &GCPhys); AssertRC(rc);
+                    Log(("SELMR3SyncTSS: Updating TSS ring 0 stack to %04X:%08X from %04X:%08X; TSS Phys=%VGp)\n",
+                         Tss.ss0, Tss.esp0, (ssr0 & ~1), espr0,  GCPhys));
+                    AssertMsg(ssr0 != Tss.ss0,
+                              ("ring-1 leak into TSS.SS0! %04X:%08X from %04X:%08X; TSS Phys=%VGp)\n",
+                               Tss.ss0, Tss.esp0, (ssr0 & ~1), espr0,  GCPhys));
+                }
+                Log(("offIoBitmap=%#x\n", Tss.offIoBitmap));
+            }
+#endif /* LOG_ENABLED */
+            AssertMsg(!(Tss.ss0 & 3), ("ring-1 leak into TSS.SS0? %04X:%08X\n", Tss.ss0, Tss.esp0));
+
+
+            /* Update our TSS structure for the guest's ring 1 stack */
+            selmSetRing1Stack(pVM, Tss.ss0 | 1, Tss.esp0);
+            pVM->selm.s.fSyncTSSRing0Stack = fNoRing1Stack = false;
+
             /*
-             * Check if Guest's TSS is changed.
+             * Should we sync the virtual interrupt redirection bitmap as well?
              */
-            if (    GCPtrTss != pVM->selm.s.GCPtrGuestTss
-                ||  cbTss != pVM->selm.s.cbMonitoredGuestTss)
+            if (CPUMGetGuestCR4(pVM) & X86_CR4_VME)
             {
-                Log(("SELMR3UpdateFromCPUM: Guest's TSS is changed to pTss=%08X cbTss=%08X cbGuestTss\n", GCPtrTss, cbTss, pVM->selm.s.cbGuestTss));
-
-                /*
-                 * Validate it.
-                 */
-                if (    SelTss & X86_SEL_LDT
-                    ||  !cbTss
-                    ||  SelTss >= pVM->selm.s.GuestGdtr.cbGdt
-                    ||  pDesc->Gen.u1DescType
-                    ||  (    pDesc->Gen.u4Type != X86_SEL_TYPE_SYS_286_TSS_AVAIL
-                         &&  pDesc->Gen.u4Type != X86_SEL_TYPE_SYS_286_TSS_BUSY
-                         &&  pDesc->Gen.u4Type != X86_SEL_TYPE_SYS_386_TSS_AVAIL
-                         &&  pDesc->Gen.u4Type != X86_SEL_TYPE_SYS_386_TSS_BUSY) )
+                /* Make sure the io bitmap offset is valid; anything less than sizeof(VBOXTSS) means there's none. */
+                if (Tss.offIoBitmap < RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(Tss.IntRedirBitmap))
                 {
-                    AssertMsgFailed(("Invalid Guest TSS %04x!\n", SelTss));
+                    Log(("Invalid io bitmap offset detected (%x)!\n", Tss.offIoBitmap));
+                    Tss.offIoBitmap = RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(Tss.IntRedirBitmap);
                 }
-                else
+
+                uint32_t offRedirBitmap = Tss.offIoBitmap - sizeof(Tss.IntRedirBitmap);
+
+                /** @todo not sure how the partial case is handled; probably not allowed */
+                if (offRedirBitmap + sizeof(Tss.IntRedirBitmap) <= pVM->selm.s.cbGuestTss)
                 {
-                    /*
-                     * [Re]Register write virtual handler for guest's TSS.
-                     */
-                    if (pVM->selm.s.GCPtrGuestTss != RTRCPTR_MAX)
-                    {
-                        rc = PGMHandlerVirtualDeregister(pVM, pVM->selm.s.GCPtrGuestTss);
-                        AssertRC(rc);
-                    }
-
-                    rc = PGMR3HandlerVirtualRegister(pVM, PGMVIRTHANDLERTYPE_WRITE, GCPtrTss, GCPtrTss + cbTss - 1,
-                                                     0, selmR3GuestTSSWriteHandler, "selmRCGuestTSSWriteHandler", 0, "Guest TSS write access handler");
-                    if (RT_FAILURE(rc))
-                    {
-                        STAM_PROFILE_STOP(&pVM->selm.s.StatUpdateFromCPUM, a);
-                        return rc;
-                    }
-
-                    /* Update saved Guest TSS info. */
-                    pVM->selm.s.GCPtrGuestTss       = GCPtrTss;
-                    pVM->selm.s.cbMonitoredGuestTss = cbTss;
-                    pVM->selm.s.GCSelTss            = SelTss;
+                    rc = PGMPhysSimpleReadGCPtr(pVM, &pVM->selm.s.Tss.IntRedirBitmap, GCPtrTss + offRedirBitmap, sizeof(Tss.IntRedirBitmap));
+                    AssertRC(rc);
+                    Log2(("Redirection bitmap:\n"));
+                    Log2(("%.*Rhxd\n", sizeof(Tss.IntRedirBitmap), &pVM->selm.s.Tss.IntRedirBitmap));
                 }
             }
-
-            /*
-             * Update the ring 0 stack selector and base address.
-             * (Reading up to and including offIoBitmap to save effort in the VME case.)
-             */
-            VBOXTSS Tss;
-            rc = PGMPhysSimpleReadGCPtr(pVM, &Tss, GCPtrTss, RT_OFFSETOF(VBOXTSS, offIoBitmap) + sizeof(Tss.offIoBitmap));
-            if (RT_SUCCESS(rc))
-            {
-#ifdef LOG_ENABLED
-                if (LogIsEnabled())
-                {
-                    uint32_t ssr0, espr0;
-                    SELMGetRing1Stack(pVM, &ssr0, &espr0);
-                    if ((ssr0 & ~1) != Tss.ss0 || espr0 != Tss.esp0)
-                    {
-                        RTGCPHYS GCPhys = NIL_RTGCPHYS;
-                        rc = PGMGstGetPage(pVM, GCPtrTss, NULL, &GCPhys); AssertRC(rc);
-                        Log(("SELMR3SyncTSS: Updating TSS ring 0 stack to %04X:%08X from %04X:%08X; TSS Phys=%VGp)\n",
-                             Tss.ss0, Tss.esp0, (ssr0 & ~1), espr0,  GCPhys));
-                        AssertMsg(ssr0 != Tss.ss0,
-                                  ("ring-1 leak into TSS.SS0! %04X:%08X from %04X:%08X; TSS Phys=%VGp)\n",
-                                   Tss.ss0, Tss.esp0, (ssr0 & ~1), espr0,  GCPhys));
-                    }
-                    Log(("offIoBitmap=%#x\n", Tss.offIoBitmap));
-                }
-#endif /* LOG_ENABLED */
-                AssertMsg(!(Tss.ss0 & 3), ("ring-1 leak into TSS.SS0? %04X:%08X\n", Tss.ss0, Tss.esp0));
-
-
-                /* Update our TSS structure for the guest's ring 1 stack */
-                SELMSetRing1Stack(pVM, Tss.ss0 | 1, Tss.esp0);
-
-                /*
-                 * Should we sync the virtual interrupt redirection bitmap as well?
-                 */
-                if (CPUMGetGuestCR4(pVM) & X86_CR4_VME)
-                {
-                    /* Make sure the io bitmap offset is valid; anything less than sizeof(VBOXTSS) means there's none. */
-                    if (Tss.offIoBitmap < RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(Tss.IntRedirBitmap))
-                    {
-                        Log(("Invalid io bitmap offset detected (%x)!\n", Tss.offIoBitmap));
-                        Tss.offIoBitmap = RT_OFFSETOF(VBOXTSS, IntRedirBitmap) + sizeof(Tss.IntRedirBitmap);
-                    }
-
-                    uint32_t offRedirBitmap = Tss.offIoBitmap - sizeof(Tss.IntRedirBitmap);
-
-                    /** @todo not sure how the partial case is handled; probably not allowed */
-                    if (offRedirBitmap + sizeof(Tss.IntRedirBitmap) <= pVM->selm.s.cbGuestTss)
-                    {
-                        rc = PGMPhysSimpleReadGCPtr(pVM, &pVM->selm.s.Tss.IntRedirBitmap, GCPtrTss + offRedirBitmap, sizeof(Tss.IntRedirBitmap));
-                        AssertRC(rc);
-                        Log2(("Redirection bitmap:\n"));
-                        Log2(("%.*Rhxd\n", sizeof(Tss.IntRedirBitmap), &pVM->selm.s.Tss.IntRedirBitmap));
-                    }
-                }
-            }
-            else
-            {
-                /* Note: the ring 0 stack selector and base address are updated on demand in this case. */
-
-                /** @todo handle these dependencies better! */
-                TRPMR3SetGuestTrapHandler(pVM, 0x2E, TRPM_INVALID_HANDLER);
-                TRPMR3SetGuestTrapHandler(pVM, 0x80, TRPM_INVALID_HANDLER);
-                pVM->selm.s.fSyncTSSRing0Stack = true;
-            }
-            VM_FF_CLEAR(pVM, VM_FF_SELM_SYNC_TSS);
-        }
-    }
-    else /* Null TR means there's no TSS, has to be reloaded first, so clear the forced action. */
-        VM_FF_CLEAR(pVM, VM_FF_SELM_SYNC_TSS);
+        }
+    }
+
+    /*
+     * Flush the ring-1 stack and the direct syscall dispatching if we cannot obtain SS0:ESP0.
+     */
+    if (fNoRing1Stack)
+    {
+        selmSetRing1Stack(pVM, 0 /* invalid SS */, 0);
+        pVM->selm.s.fSyncTSSRing0Stack = cbMonitoredTss != 0;
+
+        /** @todo handle these dependencies better! */
+        TRPMR3SetGuestTrapHandler(pVM, 0x2E, TRPM_INVALID_HANDLER);
+        TRPMR3SetGuestTrapHandler(pVM, 0x80, TRPM_INVALID_HANDLER);
+    }
+
+    VM_FF_CLEAR(pVM, VM_FF_SELM_SYNC_TSS);
 
     STAM_PROFILE_STOP(&pVM->selm.s.StatTSSSync, a);
@@ -1646 +1655 @@
      */
     RTGCPTR     GCPtrGDTEGuest = GDTR.pGdt;
-    PX86DESC   pGDTE = pVM->selm.s.paGdtR3;
-    PX86DESC   pGDTEEnd = (PX86DESC)((uintptr_t)pGDTE + GDTR.cbGdt);
+    PX86DESC    pGDTE = pVM->selm.s.paGdtR3;
+    PX86DESC    pGDTEEnd = (PX86DESC)((uintptr_t)pGDTE + GDTR.cbGdt);
     while (pGDTE < pGDTEEnd)
     {
@@ -1767 +1776 @@
         return true;
 
-    RTSEL SelTss = CPUMGetGuestTR(pVM);
+    /*
+     * Get TR and extract the basic info.
+     */
+    CPUMSELREGHID   trHid;
+    RTSEL           SelTss   = CPUMGetGuestTR(pVM, &trHid);
+    RTGCPTR         GCPtrTss = trHid.u64Base;
+    uint32_t        cbTss    = trHid.u32Limit;
+    Assert(     (SelTss & X86_SEL_MASK)
+           ||   (cbTss == 0 && GCPtrTss == 0 && trHid.Attr.u == 0 /* TR=0 */)
+           ||   (cbTss == 0xffff && GCPtrTss == 0 && trHid.Attr.n.u1Present && trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY /* RESET */));
     if (SelTss & X86_SEL_MASK)
     {
-        AssertMsg((SelTss & X86_SEL_MASK) == (pVM->selm.s.GCSelTss & X86_SEL_MASK), ("New TSS selector = %04X, old TSS selector = %04X\n", SelTss, pVM->selm.s.GCSelTss));
-
-        /*
-         * Guest TR is not NULL.
-         */
-        PX86DESC    pDesc = &pVM->selm.s.paGdtR3[SelTss >> X86_SEL_SHIFT];
-        RTGCPTR     GCPtrTss = X86DESC_BASE(*pDesc);
-        unsigned    cbTss = X86DESC_LIMIT(*pDesc);
-        if (pDesc->Gen.u1Granularity)
-            cbTss = (cbTss << PAGE_SHIFT) | PAGE_OFFSET_MASK;
-        cbTss++;
-
-        /*
-         * We only care about the Ring-0 ESP and SS values and the interrupt redirection bitmap.
-         * See SELMR3SyncTSS for details.
-         */
-        if (cbTss > sizeof(VBOXTSS))
-            cbTss = sizeof(VBOXTSS);
-        AssertMsg((GCPtrTss >> PAGE_SHIFT) == ((GCPtrTss + cbTss - 1) >> PAGE_SHIFT),
-                  ("GCPtrTss=%RGv cbTss=%#x - We assume everything is inside one page!\n", GCPtrTss, cbTss));
-
-        // All system GDTs are marked not present above. That explains why this check fails.
-        //if (pDesc->Gen.u1Present)
-        /** @todo Handle only present TSS segments. */
-        {
-            /*
-             * Check if Guest's TSS was changed.
-             */
-            if (    GCPtrTss != pVM->selm.s.GCPtrGuestTss
-                ||  cbTss    != pVM->selm.s.cbMonitoredGuestTss)
+        AssertReturn(!(SelTss & X86_SEL_LDT), false);
+        AssertReturn(trHid.Attr.n.u1DescType == 0, false);
+        AssertReturn(   trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY
+                     || trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY,
+                     false);
+        if (++cbTss)
+            cbTss = UINT32_MAX;
+    }
+    else
+    {
+        AssertReturn(   (cbTss == 0 && GCPtrTss == 0 && trHid.Attr.u == 0 /* TR=0 */)
+                     || (cbTss == 0xffff && GCPtrTss == 0 && trHid.Attr.n.u1Present && trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_286_TSS_BUSY /* RESET */),
+                     false);
+        cbTss = 0; /* the reset case. */
+    }
+    AssertMsgReturn(pVM->selm.s.cbGuestTss == cbTss, ("%#x %#x\n", pVM->selm.s.cbGuestTss, cbTss), false);
+    AssertMsgReturn(pVM->selm.s.fGuestTss32Bit == (   trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
+                                                   || trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY),
+                    ("%RTbool u4Type=%d\n", pVM->selm.s.fGuestTss32Bit, trHid.Attr.n.u4Type),
+                    false);
+    AssertMsgReturn(    pVM->selm.s.GCSelTss == SelTss
+                    ||  (!pVM->selm.s.GCSelTss && !(SelTss & X86_SEL_LDT)),
+                    ("%#x %#x\n", pVM->selm.s.GCSelTss, SelTss),
+                    false);
+    AssertMsgReturn(    pVM->selm.s.GCPtrGuestTss == GCPtrTss
+                    ||  (pVM->selm.s.GCPtrGuestTss == RTRCPTR_MAX && !GCPtrTss),
+                    ("%#RGv %#RGv\n", pVM->selm.s.GCPtrGuestTss, GCPtrTss),
+                    false);
+
+    /*
+     * Cap the TSS size, see SELMR3SyncTSS for details.
+     */
+    uint32_t cbMonitoredTss = cbTss > sizeof(VBOXTSS) ? sizeof(VBOXTSS) : cbTss;
+    AssertMsg((GCPtrTss >> PAGE_SHIFT) == ((GCPtrTss + cbMonitoredTss - 1) >> PAGE_SHIFT) || !cbMonitoredTss,
+              ("GCPtrTss=%RGv cbMonitoredTss=%#x - We assume everything is inside one page!\n", GCPtrTss, cbMonitoredTss));
+    AssertMsgReturn(pVM->selm.s.cbMonitoredGuestTss == cbMonitoredTss, ("%#x %#x\n", pVM->selm.s.cbMonitoredGuestTss, cbMonitoredTss), false);
+
+    /*
+     * Check SS0 and ESP0.
+     */
+    if (    cbMonitoredTss
+        &&  !pVM->selm.s.fSyncTSSRing0Stack)
+    {
+        RTGCPTR     GCPtrGuestTSS = pVM->selm.s.GCPtrGuestTss;
+        uint32_t    ESPR0;
+        int rc = PGMPhysSimpleReadGCPtr(pVM, &ESPR0, GCPtrGuestTSS + RT_OFFSETOF(VBOXTSS, esp0), sizeof(ESPR0));
+        if (RT_SUCCESS(rc))
+        {
+            RTSEL   SelSS0;
+            rc = PGMPhysSimpleReadGCPtr(pVM, &SelSS0, GCPtrGuestTSS + RT_OFFSETOF(VBOXTSS, ss0), sizeof(SelSS0));
+            AssertRCReturn(rc, false);
+
+            if (    ESPR0 != pVM->selm.s.Tss.esp1
+                ||  SelSS0 != (pVM->selm.s.Tss.ss1 & ~1))
             {
-                AssertMsgFailed(("Guest's TSS (Sel 0x%X) is changed from %RGv:%04x to %RGv:%04x\n",
-                                 SelTss, pVM->selm.s.GCPtrGuestTss, pVM->selm.s.cbMonitoredGuestTss,
-                                 GCPtrTss, cbTss));
+                RTGCPHYS GCPhys;
+                rc = PGMGstGetPage(pVM, GCPtrGuestTSS, NULL, &GCPhys); AssertRC(rc);
+                AssertMsgFailed(("TSS out of sync!! (%04X:%08X vs %04X:%08X (guest)) Tss=%RGv Phys=%RGp\n",
+                                 (pVM->selm.s.Tss.ss1 & ~1), pVM->selm.s.Tss.esp1, SelSS0, ESPR0, GCPtrGuestTSS, GCPhys));
+                return false;
             }
         }
-
-        if (!pVM->selm.s.fSyncTSSRing0Stack)
-        {
-            RTGCPTR     GCPtrGuestTSS = pVM->selm.s.GCPtrGuestTss;
-            uint32_t    ESPR0;
-            int rc = PGMPhysSimpleReadGCPtr(pVM, &ESPR0, GCPtrGuestTSS + RT_OFFSETOF(VBOXTSS, esp0), sizeof(ESPR0));
-            if (RT_SUCCESS(rc))
-            {
-                RTSEL   SelSS0;
-                rc = PGMPhysSimpleReadGCPtr(pVM, &SelSS0, GCPtrGuestTSS + RT_OFFSETOF(VBOXTSS, ss0), sizeof(SelSS0));
-                if (RT_SUCCESS(rc))
-                {
-                    if (    ESPR0 == pVM->selm.s.Tss.esp1
-                        &&  SelSS0 == (pVM->selm.s.Tss.ss1 & ~1))
-                        return true;
-
-                    RTGCPHYS GCPhys;
-                    rc = PGMGstGetPage(pVM, GCPtrGuestTSS, NULL, &GCPhys); AssertRC(rc);
-                    AssertMsgFailed(("TSS out of sync!! (%04X:%08X vs %04X:%08X (guest)) Tss=%RGv Phys=%RGp\n",
-                                     (pVM->selm.s.Tss.ss1 & ~1), pVM->selm.s.Tss.esp1, SelSS0, ESPR0, GCPtrGuestTSS, GCPhys));
-                }
-                else
-                    AssertRC(rc);
-            }
-            else
-                /* Happens during early Windows XP boot when it is switching page tables. */
-                Assert(rc == VINF_SUCCESS || ((rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT) && !(CPUMGetGuestEFlags(pVM) & X86_EFL_IF)));
-        }
-    }
-    return false;
+        else
+            /* Happens during early Windows XP boot when it is switching page tables. */
+            AssertReturn(rc == VINF_SUCCESS || ((rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT) && !(CPUMGetGuestEFlags(pVM) & X86_EFL_IF)),
+                         false);
+    }
+    else if (!cbMonitoredTss)
+    {
+        AssertMsgReturn(pVM->selm.s.Tss.ss1 == 0 && pVM->selm.s.Tss.esp1 == 0, ("%04x:%08x\n", pVM->selm.s.Tss.ss1, pVM->selm.s.Tss.esp1), false);
+        AssertReturn(!pVM->selm.s.fSyncTSSRing0Stack, false);
+    }
+    return true;
+
 #else  /* !VBOX_STRICT */
     NOREF(pVM);

trunk/src/VBox/VMM/SELMInternal.h

@@ -187 +187 @@
 VMMRCDECL(int) selmRCShadowTSSWriteHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPTR pvRange, uintptr_t offRange);
 
+void           selmSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp);
+
 __END_DECLS
-
-#ifdef IN_RING3
-
-#endif
 
 /** @} */

trunk/src/VBox/VMM/VMMAll/CPUMAllRegs.cpp

@@ -520 +520 @@
 {
     PCPUMCPU pCpumCpu = cpumGetCpumCpu(pVM);
+    AssertMsgFailed(("Need to load the hidden bits too!\n"));
 
     pCpumCpu->Guest.tr  = tr;
@@ -888 +889 @@
 
 
-VMMDECL(RTSEL) CPUMGetGuestTR(PVM pVM)
-{
-    PCPUMCPU pCpumCpu = cpumGetCpumCpu(pVM);
-
+VMMDECL(RTSEL) CPUMGetGuestTR(PVM pVM, PCPUMSELREGHID pHidden)
+{
+    PCPUMCPU pCpumCpu = cpumGetCpumCpu(pVM);
+    if (pHidden)
+        *pHidden = pCpumCpu->Guest.trHid;
     return pCpumCpu->Guest.tr;
 }
@@ -1077 +1079 @@
 
     return pCpumCpu->Guest.eflags.u32;
-}
-
-
-VMMDECL(CPUMSELREGHID *) CPUMGetGuestTRHid(PVM pVM)
-{
-    PCPUMCPU pCpumCpu = cpumGetCpumCpu(pVM);
-
-    return &pCpumCpu->Guest.trHid;
 }
 

trunk/src/VBox/VMM/VMMAll/SELMAll.cpp

@@ -929 +929 @@
     /* Else compatibility or 32 bits mode. */
     return (pHiddenSel->Attr.n.u1DefBig) ? CPUMODE_32BIT : CPUMODE_16BIT;
-
 }
 
@@ -961 +960 @@
  *
  * @param   pVM     VM Handle.
- * @param   ss      Ring1 SS register value.
+ * @param   ss      Ring1 SS register value. Pass 0 if invalid.
  * @param   esp     Ring1 ESP register value.
  */
-VMMDECL(void) SELMSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp)
-{
+void selmSetRing1Stack(PVM pVM, uint32_t ss, RTGCPTR32 esp)
+{
+    Assert((ss & 1) || esp == 0);
     pVM->selm.s.Tss.ss1  = ss;
     pVM->selm.s.Tss.esp1 = (uint32_t)esp;
@@ -974 +974 @@
 /**
  * Gets ss:esp for ring1 in main Hypervisor's TSS.
+ *
+ * Returns SS=0 if the ring-1 stack isn't valid.
  *
  * @returns VBox status code.
@@ -979 +981 @@
  * @param   pSS     Ring1 SS register value.
  * @param   pEsp    Ring1 ESP register value.
- *
- * @todo Merge in the GC version of this, eliminating it - or move this to
- *       SELM.cpp, making it SELMR3GetRing1Stack.
  */
 VMMDECL(int) SELMGetRing1Stack(PVM pVM, uint32_t *pSS, PRTGCPTR32 pEsp)
@@ -1040 +1039 @@
 # endif
         /* Update our TSS structure for the guest's ring 1 stack */
-        SELMSetRing1Stack(pVM, tss.ss0 | 1, (RTGCPTR32)tss.esp0);
+        selmSetRing1Stack(pVM, tss.ss0 | 1, (RTGCPTR32)tss.esp0);
         pVM->selm.s.fSyncTSSRing0Stack = false;
     }
@@ -1190 +1189 @@
 VMMDECL(int) SELMGetTSSInfo(PVM pVM, PRTGCUINTPTR pGCPtrTss, PRTGCUINTPTR pcbTss, bool *pfCanHaveIOBitmap)
 {
-    if (!CPUMAreHiddenSelRegsValid(pVM))
-    {
-        /*
-         * Do we have a valid TSS?
-         */
-        if (    pVM->selm.s.GCSelTss == RTSEL_MAX
-            || !pVM->selm.s.fGuestTss32Bit)
-            return VERR_SELM_NO_TSS;
-
-        /*
-         * Fill in return values.
-         */
-        *pGCPtrTss = (RTGCUINTPTR)pVM->selm.s.GCPtrGuestTss;
-        *pcbTss = pVM->selm.s.cbGuestTss;
-        if (pfCanHaveIOBitmap)
-            *pfCanHaveIOBitmap = pVM->selm.s.fGuestTss32Bit;
-    }
-    else
-    {
-        CPUMSELREGHID *pHiddenTRReg;
-
-        pHiddenTRReg = CPUMGetGuestTRHid(pVM);
-
-        *pGCPtrTss = pHiddenTRReg->u64Base;
-        *pcbTss    = pHiddenTRReg->u32Limit;
-
-        if (pfCanHaveIOBitmap)
-            *pfCanHaveIOBitmap =  pHiddenTRReg->Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
-                               || pHiddenTRReg->Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY;
-    }
+    /*
+     * The TR hidden register is always valid.
+     */
+    CPUMSELREGHID trHid;
+    RTSEL tr = CPUMGetGuestTR(pVM, &trHid);
+    if (!(tr & X86_SEL_MASK))
+        return VERR_SELM_NO_TSS;
+
+    *pGCPtrTss = trHid.u64Base;
+    *pcbTss    = trHid.u32Limit + (trHid.u32Limit != UINT32_MAX); /* be careful. */
+    if (pfCanHaveIOBitmap)
+        *pfCanHaveIOBitmap = trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL
+                          || trHid.Attr.n.u4Type == X86_SEL_TYPE_SYS_386_TSS_BUSY;
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/VMMGC/SELMGC.cpp

@@ -134 +134 @@
 
     /* Check if we change the LDT selector */
-    if (Sel == CPUMGetGuestLDTR(pVM))
+    if (Sel == CPUMGetGuestLDTR(pVM)) /** @todo this isn't correct in two(+) ways! 1. It shouldn't be done until the LDTR is reloaded. 2. It caused the next instruction to be emulated.  */
     {
         VM_FF_SET(pVM, VM_FF_SELM_SYNC_LDT);
@@ -140 +140 @@
     }
 
-    /* Or the TR selector */
-    if (Sel == CPUMGetGuestTR(pVM))
-    {
-        VM_FF_SET(pVM, VM_FF_SELM_SYNC_TSS);
-        return VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT;
-    }
-
-#ifdef VBOX_STRICT
+#ifdef LOG_ENABLED
     if (Sel == (pRegFrame->cs & X86_SEL_MASK))
         Log(("GDT write to selector in CS register %04X\n", pRegFrame->cs));
@@ -400 +393 @@
 }
 
-
-/**
- * Gets ss:esp for ring1 in main Hypervisor's TSS.
- *
- * @returns VBox status code.
- * @param   pVM     VM Handle.
- * @param   pSS     Ring1 SS register value.
- * @param   pEsp    Ring1 ESP register value.
- */
-VMMRCDECL(int) SELMGCGetRing1Stack(PVM pVM, uint32_t *pSS, uint32_t *pEsp)
-{
-    if (pVM->selm.s.fSyncTSSRing0Stack)
-    {
-        uint8_t *   GCPtrGuestTss = (uint8_t *)(uintptr_t)pVM->selm.s.GCPtrGuestTss;
-        bool        fTriedAlready = false;
-        int         rc;
-        VBOXTSS     tss;
-
-        Assert(pVM->selm.s.GCPtrGuestTss && pVM->selm.s.cbMonitoredGuestTss);
-
-l_tryagain:
-        rc  = MMGCRamRead(pVM, &tss.ss0,  GCPtrGuestTss + RT_OFFSETOF(VBOXTSS, ss0), sizeof(tss.ss0));
-        rc |= MMGCRamRead(pVM, &tss.esp0, GCPtrGuestTss + RT_OFFSETOF(VBOXTSS, esp0), sizeof(tss.esp0));
-#ifdef DEBUG
-        rc |= MMGCRamRead(pVM, &tss.offIoBitmap, GCPtrGuestTss + RT_OFFSETOF(VBOXTSS, offIoBitmap), sizeof(tss.offIoBitmap));
-#endif
-
-        if (RT_FAILURE(rc))
-        {
-            if (!fTriedAlready)
-            {
-                /* Shadow page might be out of sync. Sync and try again */
-                /** @todo might cross page boundary */
-                fTriedAlready = true;
-                rc = PGMPrefetchPage(pVM, (RTGCPTR)(uintptr_t)GCPtrGuestTss);
-                if (rc != VINF_SUCCESS)
-                    return rc;
-                goto l_tryagain;
-            }
-            AssertMsgFailed(("Unable to read TSS structure at %RRv\n", GCPtrGuestTss));
-            return rc;
-        }
-
-#ifdef LOG_ENABLED
-        uint32_t ssr0  = pVM->selm.s.Tss.ss1;
-        uint32_t espr0 = pVM->selm.s.Tss.esp1;
-        ssr0 &= ~1;
-
-        if (ssr0 != tss.ss0 || espr0 != tss.esp0)
-            Log(("SELMGetRing1Stack: Updating TSS ring 0 stack to %04X:%08X\n", tss.ss0, tss.esp0));
-
-        Log(("offIoBitmap=%#x\n", tss.offIoBitmap));
-#endif
-        /* Update our TSS structure for the guest's ring 1 stack */
-        SELMSetRing1Stack(pVM, tss.ss0 | 1, (RTGCPTR32)tss.esp0);
-        pVM->selm.s.fSyncTSSRing0Stack = false;
-    }
-
-    *pSS  = pVM->selm.s.Tss.ss1;
-    *pEsp = pVM->selm.s.Tss.esp1;
-
-    return VINF_SUCCESS;
-}

trunk/src/recompiler_new/VBoxRecompiler.c

@@ -68 +68 @@
 extern void sync_seg(CPUX86State *env1, int seg_reg, int selector);
 extern void sync_ldtr(CPUX86State *env1, int selector);
-extern int  sync_tr(CPUX86State *env1, int selector);
 
 #ifdef VBOX_STRICT
@@ -1721 +1720 @@
     LogFlow(("CPUMGetAndClearChangedFlagsREM %x\n", fFlags));
     if (fFlags & (  CPUM_CHANGED_CR4  | CPUM_CHANGED_CR3  | CPUM_CHANGED_CR0
-                  | CPUM_CHANGED_GDTR | CPUM_CHANGED_IDTR | CPUM_CHANGED_LDTR | CPUM_CHANGED_TR
+                  | CPUM_CHANGED_GDTR | CPUM_CHANGED_IDTR | CPUM_CHANGED_LDTR
                   | CPUM_CHANGED_FPU_REM | CPUM_CHANGED_SYSENTER_MSR | CPUM_CHANGED_CPUID))
     {
@@ -1783 +1782 @@
                 pVM->rem.s.Env.ldt.base     = pCtx->ldtrHid.u64Base;
                 pVM->rem.s.Env.ldt.limit    = pCtx->ldtrHid.u32Limit;
-                pVM->rem.s.Env.ldt.flags    = (pCtx->ldtrHid.Attr.u << 8) & 0xFFFFFF;;
+                pVM->rem.s.Env.ldt.flags    = (pCtx->ldtrHid.Attr.u << 8) & 0xFFFFFF;
             }
             else
                 sync_ldtr(&pVM->rem.s.Env, pCtx->ldtr);
-        }
-
-        if (fFlags & CPUM_CHANGED_TR)
-        {
-            if (fHiddenSelRegsValid)
-            {
-                pVM->rem.s.Env.tr.selector = pCtx->tr;
-                pVM->rem.s.Env.tr.base     = pCtx->trHid.u64Base;
-                pVM->rem.s.Env.tr.limit    = pCtx->trHid.u32Limit;
-                pVM->rem.s.Env.tr.flags    = (pCtx->trHid.Attr.u << 8) & 0xFFFFFF;;
-            }
-            else
-                sync_tr(&pVM->rem.s.Env, pCtx->tr);
-
-            /** @note do_interrupt will fault if the busy flag is still set.... */
-            pVM->rem.s.Env.tr.flags &= ~DESC_TSS_BUSY_MASK;
         }
 
@@ -1820 +1803 @@
             save_raw_fp_state(&pVM->rem.s.Env, (uint8_t *)&pCtx->fpu); /* 'save' is an excellent name. */
     }
+
+    /*
+     * Sync TR unconditionally to make life simpler.
+     */
+    pVM->rem.s.Env.tr.selector = pCtx->tr;
+    pVM->rem.s.Env.tr.base     = pCtx->trHid.u64Base;
+    pVM->rem.s.Env.tr.limit    = pCtx->trHid.u32Limit;
+    pVM->rem.s.Env.tr.flags    = (pCtx->trHid.Attr.u << 8) & 0xFFFFFF;
+    /* Note! do_interrupt will fault if the busy flag is still set... */
+    pVM->rem.s.Env.tr.flags &= ~DESC_TSS_BUSY_MASK;
 
     /*
@@ -2161 +2154 @@
     }
 
-    if (pCtx->ldtr != pVM->rem.s.Env.ldt.selector)
-    {
-        pCtx->ldtr      = pVM->rem.s.Env.ldt.selector;
+    if (    pCtx->ldtr             != pVM->rem.s.Env.ldt.selector
+        ||  pCtx->ldtrHid.u64Base  != pVM->rem.s.Env.ldt.base
+        ||  pCtx->ldtrHid.u32Limit != pVM->rem.s.Env.ldt.limit
+        ||  pCtx->ldtrHid.Attr.u   != ((pVM->rem.s.Env.ldt.flags >> 8) & 0xF0FF))
+    {
+        pCtx->ldtr              = pVM->rem.s.Env.ldt.selector;
+        pCtx->ldtrHid.u64Base   = pVM->rem.s.Env.ldt.base;
+        pCtx->ldtrHid.u32Limit  = pVM->rem.s.Env.ldt.limit;
+        pCtx->ldtrHid.Attr.u    = (pVM->rem.s.Env.ldt.flags >> 8) & 0xF0FF;
         STAM_COUNTER_INC(&gStatREMLDTRChange);
         VM_FF_SET(pVM, VM_FF_SELM_SYNC_LDT);
     }
-    if (pCtx->tr != pVM->rem.s.Env.tr.selector)
-    {
-        pCtx->tr        = pVM->rem.s.Env.tr.selector;
+
+    if (    pCtx->tr             != pVM->rem.s.Env.tr.selector
+        ||  pCtx->trHid.u64Base  != pVM->rem.s.Env.tr.base
+        ||  pCtx->trHid.u32Limit != pVM->rem.s.Env.tr.limit
+            /* Qemu and AMD/Intel have different ideas about the busy flag ... */
+        ||  pCtx->trHid.Attr.u   != (  (pVM->rem.s.Env.tr.flags >> 8) & 0xF0FF
+                                     ? (pVM->rem.s.Env.tr.flags | DESC_TSS_BUSY_MASK) >> 8
+                                     : 0) )
+    {
+        Log(("REM: TR changed! %#x{%#llx,%#x,%#x} -> %#x{%llx,%#x,%#x}\n",
+             pCtx->tr, pCtx->trHid.u64Base, pCtx->trHid.u32Limit, pCtx->trHid.Attr.u,
+             pVM->rem.s.Env.tr.selector, (uint64_t)pVM->rem.s.Env.tr.base, pVM->rem.s.Env.tr.limit,
+             (pVM->rem.s.Env.tr.flags >> 8) & 0xF0FF ? (pVM->rem.s.Env.tr.flags | DESC_TSS_BUSY_MASK) >> 8 : 0));
+        pCtx->tr                = pVM->rem.s.Env.tr.selector;
+        pCtx->trHid.u64Base     = pVM->rem.s.Env.tr.base;
+        pCtx->trHid.u32Limit    = pVM->rem.s.Env.tr.limit;
+        pCtx->trHid.Attr.u      = (pVM->rem.s.Env.tr.flags >> 8) & 0xF0FF;
+        if (pCtx->trHid.Attr.u)
+            pCtx->trHid.Attr.u |= DESC_TSS_BUSY_MASK >> 8;
         STAM_COUNTER_INC(&gStatREMTRChange);
         VM_FF_SET(pVM, VM_FF_SELM_SYNC_TSS);
@@ -2177 +2192 @@
     pCtx->csHid.u64Base    = pVM->rem.s.Env.segs[R_CS].base;
     pCtx->csHid.u32Limit   = pVM->rem.s.Env.segs[R_CS].limit;
-    /** @note QEmu saves the 2nd dword of the descriptor; we should store the attribute word only! */
+    /* Note! QEmu saves the 2nd dword of the descriptor; we should store the attribute word only! */
     pCtx->csHid.Attr.u     = (pVM->rem.s.Env.segs[R_CS].flags >> 8) & 0xF0FF;
 
@@ -2199 +2214 @@
     pCtx->ssHid.u32Limit   = pVM->rem.s.Env.segs[R_SS].limit;
     pCtx->ssHid.Attr.u     = (pVM->rem.s.Env.segs[R_SS].flags >> 8) & 0xF0FF;
-
-    pCtx->ldtrHid.u64Base  = pVM->rem.s.Env.ldt.base;
-    pCtx->ldtrHid.u32Limit = pVM->rem.s.Env.ldt.limit;
-    pCtx->ldtrHid.Attr.u   = (pVM->rem.s.Env.ldt.flags >> 8) & 0xF0FF;
-
-    pCtx->trHid.u64Base    = pVM->rem.s.Env.tr.base;
-    pCtx->trHid.u32Limit   = pVM->rem.s.Env.tr.limit;
-    pCtx->trHid.Attr.u     = (pVM->rem.s.Env.tr.flags >> 8) & 0xF0FF;
 
     /* Sysenter MSR */

trunk/src/recompiler_new/target-i386/helper.h

@@ -43 +43 @@
 DEF_HELPER(void, helper_lcall_real, (int new_cs, target_ulong new_eip1,
                        int shift, int next_eip))
-DEF_HELPER(void, helper_lcall_protected, (int new_cs, target_ulong new_eip, 
+DEF_HELPER(void, helper_lcall_protected, (int new_cs, target_ulong new_eip,
                             int shift, int next_eip_addend))
 DEF_HELPER(void, helper_iret_real, (int shift))
@@ -114 +114 @@
 DEF_HELPER(void, helper_svm_check_intercept_param, (uint32_t type, uint64_t param))
 DEF_HELPER(void, helper_vmexit, (uint32_t exit_code, uint64_t exit_info_1))
-DEF_HELPER(void, helper_svm_check_io, (uint32_t port, uint32_t param, 
+DEF_HELPER(void, helper_svm_check_io, (uint32_t port, uint32_t param,
                          uint32_t next_eip_addend))
 DEF_HELPER(void, helper_vmrun, (int aflag, int next_eip_addend))
@@ -134 +134 @@
 DEF_HELPER(void, helper_fildl_ST0, (int32_t val))
 DEF_HELPER(void, helper_fildll_ST0, (int64_t val))
-#ifndef VBOX 
+#ifndef VBOX
 DEF_HELPER(uint32_t, helper_fsts_ST0, (void))
 DEF_HELPER(uint64_t, helper_fstl_ST0, (void))
@@ -257 +257 @@
 void sync_seg(CPUX86State *env1, int seg_reg, int selector);
 void sync_ldtr(CPUX86State *env1, int selector);
-int  sync_tr(CPUX86State *env1, int selector);
 
 #endif

trunk/src/recompiler_new/target-i386/op_helper.c

@@ -5861 +5861 @@
 }
 
-/**
- * Correctly loads a new tr selector.
- *
- * @param   env1        CPU environment.
- * @param   selector    Selector to load.
- */
-int sync_tr(CPUX86State *env1, int selector)
-{
-    /* ARG! this was going to call helper_ltr_T0 but that won't work because of busy flag. */
-    SegmentCache *dt;
-    uint32_t e1, e2;
-    int index, type, entry_limit;
-    target_ulong ptr;
-    CPUX86State *saved_env = env;
-    env = env1;
-
-    selector &= 0xffff;
-    if ((selector & 0xfffc) == 0) {
-        /* NULL selector case: invalid TR */
-        env->tr.base = 0;
-        env->tr.limit = 0;
-        env->tr.flags = 0;
-    } else {
-        if (selector & 0x4)
-            goto l_failure;
-        dt = &env->gdt;
-        index = selector & ~7;
-#ifdef TARGET_X86_64
-        if (env->hflags & HF_LMA_MASK)
-            entry_limit = 15;
-        else
-#endif
-            entry_limit = 7;
-        if ((index + entry_limit) > dt->limit)
-            goto l_failure;
-        ptr = dt->base + index;
-        e1 = ldl_kernel(ptr);
-        e2 = ldl_kernel(ptr + 4);
-        type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
-        if ((e2 & DESC_S_MASK) /*||
-            (type != 1 && type != 9)*/)
-            goto l_failure;
-        if (!(e2 & DESC_P_MASK))
-            goto l_failure;
-#ifdef TARGET_X86_64
-        if (env->hflags & HF_LMA_MASK) {
-            uint32_t e3;
-            e3 = ldl_kernel(ptr + 8);
-            load_seg_cache_raw_dt(&env->tr, e1, e2);
-            env->tr.base |= (target_ulong)e3 << 32;
-        } else
-#endif
-        {
-            load_seg_cache_raw_dt(&env->tr, e1, e2);
-        }
-        e2 |= DESC_TSS_BUSY_MASK;
-        stl_kernel(ptr + 4, e2);
-    }
-    env->tr.selector = selector;
-
-    env = saved_env;
-    return 0;
-l_failure:
-    AssertMsgFailed(("selector=%d\n", selector));
-    return -1;
-}
-
-
 int get_ss_esp_from_tss_raw(CPUX86State *env1, uint32_t *ss_ptr,
                              uint32_t *esp_ptr, int dpl)