儲存庫 vbox 的更動 89924

時間撮記:

2021-6-28 上午08:16:29 (4 年 以前)

作者:

vboxsync

svn:sync-xref-src-repo-rev:

145382

訊息:

VMM/DBGFBp: Continue work on I/O breakpoints, bugref:9837

• Breakpoint owners now have a dedicated callback for I/O breakpoints which can convey information about the access like direction, size, address/port and value so the callback doesn't has to disassemble the instruction to get at those values.
• Port I/O breakpoints are now mostly complete on the DBGF side and need to be hooked up to IOM next.

位置:

trunk

檔案:

• include/VBox/vmm/dbgf.h (修改) (6 筆差異)
• src/VBox/VMM/VMMAll/DBGFAllBp.cpp (修改) (3 筆差異)
• src/VBox/VMM/VMMR0/DBGFR0Bp.cpp (修改) (1 筆差異)
• src/VBox/VMM/VMMR3/DBGFR3Bp.cpp (修改) (25 筆差異)
• src/VBox/VMM/VMMR3/DBGFR3FlowTrace.cpp (修改) (1 筆差異)
• src/VBox/VMM/include/DBGFInline.h (修改) (1 筆差異)
• src/VBox/VMM/include/DBGFInternal.h (修改) (5 筆差異)

trunk/include/VBox/vmm/dbgf.h

@@ -854 +854 @@
 /** All kind of access (read, write, all sizes). */
 #define DBGFBPIOACCESS_ALL                  UINT32_C(0x00001f1f)
+/** All kind of access for MMIO (read, write, all sizes). */
+#define DBGFBPIOACCESS_ALL_MMIO             DBGFBPIOACCESS_ALL
+/** All kind of access (read, write, all sizes). */
+#define DBGFBPIOACCESS_ALL_PORT_IO          UINT32_C(0x00000303)
 
 /** The acceptable mask for I/O ports.   */
@@ -970 +974 @@
  * after the instruction causing the breakpoint to hit was executed. */
 #define DBGF_BP_F_HIT_EXEC_AFTER            RT_BIT(2)
+/** The acceptable flags mask.   */
+#define DBGF_BP_F_VALID_MASK                UINT32_C(0x00000007)
 /** @} */
 
@@ -998 +1004 @@
 
 
+/**
+ * I/O breakpoint hit handler.
+ *
+ * @returns Strict VBox status code.
+ * @retval  VINF_SUCCESS if the breakpoint was handled and guest execution can resume.
+ * @retval  VINF_DBGF_BP_HALT if guest execution should be stopped and the debugger should be invoked.
+ * @retval  VINF_DBGF_R3_BP_OWNER_DEFER return to ring-3 and invoke the owner callback there again.
+ *
+ * @param   pVM         The cross-context VM structure pointer.
+ * @param   idCpu       ID of the vCPU triggering the breakpoint.
+ * @param   pvUserBp    User argument of the set breakpoint.
+ * @param   hBp         The breakpoint handle.
+ * @param   pBpPub      Pointer to the readonly public state of the breakpoint.
+ * @param   fFlags      Flags indicating when the handler was called (DBGF_BP_F_HIT_EXEC_BEFORE vs DBGF_BP_F_HIT_EXEC_AFTER).
+ * @param   fAccess     Access flags, see DBGFBPIOACCESS_XXX.
+ * @param   uAddr       The address of the access, for port I/O this will hold the port number.
+ * @param   uValue      The value read or written (the value for reads is only valid when DBGF_BP_F_HIT_EXEC_AFTER is set).
+ *
+ * @remarks The handler is called on the EMT of vCPU triggering the breakpoint and no locks are held.
+ * @remarks Any status code returned other than the ones mentioned will send the VM straight into a
+ *          guru meditation.
+ */
+typedef DECLCALLBACKTYPE(VBOXSTRICTRC, FNDBGFBPIOHIT,(PVM pVM, VMCPUID idCpu, void *pvUserBp, DBGFBP hBp, PCDBGFBPPUB pBpPub,
+                                                      uint16_t fFlags, uint32_t fAccess, uint64_t uAddr, uint64_t uValue));
+/** Pointer to a FNDBGFBPIOHIT(). */
+typedef FNDBGFBPIOHIT *PFNDBGFBPIOHIT;
+
+
 #ifdef IN_RING3
 /** @defgroup grp_dbgf_bp_r3    The DBGF Breakpoint Host Context Ring-3 API
  * @{ */
-VMMR3DECL(int) DBGFR3BpOwnerCreate(PUVM pUVM, PFNDBGFBPHIT pfnBpHit, PDBGFBPOWNER phBpOwner);
+VMMR3DECL(int) DBGFR3BpOwnerCreate(PUVM pUVM, PFNDBGFBPHIT pfnBpHit, PFNDBGFBPIOHIT pfnBpIoHit, PDBGFBPOWNER phBpOwner);
 VMMR3DECL(int) DBGFR3BpOwnerDestroy(PUVM pUVM, DBGFBPOWNER hBpOwner);
 
@@ -1026 +1060 @@
 VMMR3DECL(int) DBGFR3BpSetMmioEx(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
                                  RTGCPHYS GCPhys, uint32_t cb, uint32_t fAccess,
-                                 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp);
+                                 uint32_t fFlags, uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp);
 VMMR3DECL(int) DBGFR3BpClear(PUVM pUVM, DBGFBP hBp);
 VMMR3DECL(int) DBGFR3BpEnable(PUVM pUVM, DBGFBP hBp);
@@ -1058 +1092 @@
 VMMR0_INT_DECL(void) DBGFR0CleanupVM(PGVM pGVM);
 
-VMMR0_INT_DECL(int)  DBGFR0BpOwnerSetUpContext(PGVM pGVM, DBGFBPOWNER hBpOwner, PFNDBGFBPHIT pfnBpHit);
+VMMR0_INT_DECL(int)  DBGFR0BpOwnerSetUpContext(PGVM pGVM, DBGFBPOWNER hBpOwner, PFNDBGFBPHIT pfnBpHit, PFNDBGFBPIOHIT pfnBpIoHit);
 VMMR0_INT_DECL(int)  DBGFR0BpOwnerDestroyContext(PGVM pGVM, DBGFBPOWNER hBpOwner);
 
@@ -1076 +1110 @@
 VMM_INT_DECL(bool)          DBGFIsStepping(PVMCPU pVCpu);
 VMM_INT_DECL(VBOXSTRICTRC)  DBGFBpCheckIo(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, RTIOPORT uIoPort, uint8_t cbValue);
+VMM_INT_DECL(VBOXSTRICTRC)  DBGFBpCheckPortIo(PVMCC pVM, PVMCPU pVCpu, RTIOPORT uIoPort,
+                                              uint32_t fAccess, uint32_t uValue, bool fBefore);
 VMM_INT_DECL(VBOXSTRICTRC)  DBGFEventGenericWithArgs(PVM pVM, PVMCPU pVCpu, DBGFEVENTTYPE enmEvent, DBGFEVENTCTX enmCtx,
                                                      unsigned cArgs, ...);

trunk/src/VBox/VMM/VMMAll/DBGFAllBp.cpp

@@ -169 +169 @@
     if (pBpOwnerR0)
     {
+        AssertReturn(pBpOwnerR0->pfnBpIoHitR0, VERR_DBGF_BP_IPE_1);
+
         VBOXSTRICTRC rcStrict = VINF_SUCCESS;
 
@@ -234 +236 @@
 
 /**
+ * Executes the actions associated with the given port I/O breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   fBefore     Flag whether the check is done before the access is carried out,
+ *                      false if it is done after the access.
+ * @param   fAccess     Access flags, see DBGFBPIOACCESS_XXX.
+ * @param   uAddr       The address of the access, for port I/O this will hold the port number.
+ * @param   uValue      The value read or written (the value for reads is only valid when DBGF_BP_F_HIT_EXEC_AFTER is set).
+ * @param   hBp         The breakpoint handle which hit.
+ * @param   pBp         The shared breakpoint state.
+ * @param   pBpR0       The ring-0 only breakpoint state.
+ */
+#ifdef IN_RING0
+DECLINLINE(VBOXSTRICTRC) dbgfBpPortIoHit(PVMCC pVM, PVMCPU pVCpu, bool fBefore, uint32_t fAccess, uint64_t uAddr, uint64_t uValue,
+                                         DBGFBP hBp, PDBGFBPINT pBp, PDBGFBPINTR0 pBpR0)
+#else
+DECLINLINE(VBOXSTRICTRC) dbgfBpPortIoHit(PVMCC pVM, PVMCPU pVCpu, bool fBefore, uint32_t fAccess, uint64_t uAddr, uint64_t uValue,
+                                         DBGFBP hBp, PDBGFBPINT pBp)
+#endif
+{
+    ASMAtomicIncU64(&pBp->Pub.cHits);
+
+    VBOXSTRICTRC rcStrict = VINF_EM_DBG_BREAKPOINT;
+#ifdef IN_RING0
+    PCDBGFBPOWNERINTR0 pBpOwnerR0 = dbgfR0BpOwnerGetByHnd(pVM,
+                                                            pBpR0->fInUse
+                                                          ? pBpR0->hOwner
+                                                          : NIL_DBGFBPOWNER);
+    if (pBpOwnerR0)
+    {
+        AssertReturn(pBpOwnerR0->pfnBpIoHitR0, VERR_DBGF_BP_IPE_1);
+        rcStrict = pBpOwnerR0->pfnBpIoHitR0(pVM, pVCpu->idCpuUnsafe, pBpR0->pvUserR0, hBp, &pBp->Pub,
+                                              fBefore
+                                            ? DBGF_BP_F_HIT_EXEC_BEFORE
+                                            : DBGF_BP_F_HIT_EXEC_AFTER,
+                                            fAccess, uAddr, uValue);
+    }
+    else
+    {
+        pVCpu->dbgf.s.fBpInvokeOwnerCallback = true; /* Need to check this for ring-3 only owners. */
+        pVCpu->dbgf.s.hBpActive              = hBp;
+        pVCpu->dbgf.s.fBpIoActive            = true;
+        pVCpu->dbgf.s.fBpIoBefore            = fBefore;
+        pVCpu->dbgf.s.uBpIoAddress           = uAddr;
+        pVCpu->dbgf.s.fBpIoAccess            = fAccess;
+        pVCpu->dbgf.s.uBpIoValue             = uValue;
+    }
+#else
+    /* Resolve owner (can be NIL_DBGFBPOWNER) and invoke callback if there is one. */
+    if (pBp->Pub.hOwner != NIL_DBGFBPOWNER)
+    {
+        PCDBGFBPOWNERINT pBpOwner = dbgfR3BpOwnerGetByHnd(pVM->pUVM, pBp->Pub.hOwner);
+        if (pBpOwner)
+        {
+            AssertReturn(pBpOwner->pfnBpIoHitR3, VERR_DBGF_BP_IPE_1);
+            rcStrict = pBpOwner->pfnBpIoHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub,
+                                                fBefore
+                                              ? DBGF_BP_F_HIT_EXEC_BEFORE
+                                              : DBGF_BP_F_HIT_EXEC_AFTER,
+                                              fAccess, uAddr, uValue);
+        }
+    }
+#endif
+    if (   rcStrict == VINF_DBGF_BP_HALT
+        || rcStrict == VINF_DBGF_R3_BP_OWNER_DEFER)
+    {
+        pVCpu->dbgf.s.hBpActive = hBp;
+        if (rcStrict == VINF_DBGF_R3_BP_OWNER_DEFER)
+            pVCpu->dbgf.s.fBpInvokeOwnerCallback = true;
+        else
+            pVCpu->dbgf.s.fBpInvokeOwnerCallback = false;
+        rcStrict = VINF_EM_DBG_BREAKPOINT;
+    }
+    else if (   rcStrict != VINF_SUCCESS
+             && rcStrict != VINF_EM_DBG_BREAKPOINT)
+        rcStrict = VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS; /* Guru meditation. */
+
+    return rcStrict;
+}
+
+
+/**
  * Walks the L2 table starting at the given root index searching for the given key.
  *
@@ -294 +380 @@
 
     return VERR_DBGF_BP_L2_LOOKUP_FAILED;
+}
+
+
+/**
+ * Checks whether there is a port I/O breakpoint for the given range and access size.
+ *
+ * @returns VBox status code.
+ * @retval  VINF_EM_DBG_BREAKPOINT means there is a breakpoint pending.
+ * @retval  VINF_SUCCESS means everything is fine to continue.
+ * @retval  anything else means a fatal error causing a guru meditation.
+ *
+ * @param   pVM             The current context VM structure.
+ * @param   pVCpu           The cross context virtual CPU structure.
+ * @param   uIoPort         The I/O port being accessed.
+ * @param   fAccess         Appropriate DBGFBPIOACCESS_XXX.
+ * @param   uValue          The value being written to or read from the device
+ *                          (The value is only valid for a read when the
+ *                          call is made after the access, writes are always valid).
+ * @param   fBefore         Flag whether the check is done before the access is carried out,
+ *                          false if it is done after the access.
+ */
+VMM_INT_DECL(VBOXSTRICTRC) DBGFBpCheckPortIo(PVMCC pVM, PVMCPU pVCpu, RTIOPORT uIoPort,
+                                             uint32_t fAccess, uint32_t uValue, bool fBefore)
+{
+    RT_NOREF(uValue); /** @todo Trigger only on specific values. */
+
+    /* Don't trigger in single stepping mode. */
+    if (pVCpu->dbgf.s.fSingleSteppingRaw)
+        return VINF_SUCCESS;
+
+#if defined(IN_RING0)
+    uint32_t volatile *paBpLocPortIo = pVM->dbgfr0.s.CTX_SUFF(paBpLocPortIo);
+#elif defined(IN_RING3)
+    PUVM pUVM = pVM->pUVM;
+    uint32_t volatile *paBpLocPortIo = pUVM->dbgf.s.CTX_SUFF(paBpLocPortIo);
+#else
+# error "Unsupported host context"
+#endif
+    if (paBpLocPortIo)
+    {
+        const uint32_t u32Entry = ASMAtomicReadU32(&paBpLocPortIo[uIoPort]);
+        if (u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL)
+        {
+            uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
+            if (RT_LIKELY(u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND))
+            {
+                DBGFBP hBp = DBGF_BP_INT3_L1_ENTRY_GET_BP_HND(u32Entry);
+
+                /* Query the internal breakpoint state from the handle. */
+#ifdef IN_RING3
+                PDBGFBPINT   pBp = dbgfBpGetByHnd(pVM, hBp);
+#else
+                PDBGFBPINTR0 pBpR0 = NULL;
+                PDBGFBPINT   pBp = dbgfBpGetByHnd(pVM, hBp, &pBpR0);
+#endif
+                if (   pBp
+                    && DBGF_BP_PUB_GET_TYPE(&pBp->Pub) == DBGFBPTYPE_PORT_IO)
+                {
+                    if (   uIoPort >= pBp->Pub.u.PortIo.uPort
+                        && uIoPort < pBp->Pub.u.PortIo.uPort + pBp->Pub.u.PortIo.cPorts
+                        && pBp->Pub.u.PortIo.fAccess & fAccess
+                        && (   (   fBefore
+                                && DBGF_BP_PUB_IS_EXEC_BEFORE(&pBp->Pub))
+                            || (   !fBefore
+                                && DBGF_BP_PUB_IS_EXEC_AFTER(&pBp->Pub))))
+#ifdef IN_RING3
+                        return dbgfBpPortIoHit(pVM, pVCpu, fBefore, fAccess, uIoPort, uValue, hBp, pBp);
+#else
+                        return dbgfBpPortIoHit(pVM, pVCpu, fBefore, fAccess, uIoPort, uValue, hBp, pBp, pBpR0);
+#endif
+                    /* else: No matching port I/O breakpoint. */
+                }
+                else /* Invalid breakpoint handle or not an port I/O breakpoint. */
+                    return VERR_DBGF_BP_L1_LOOKUP_FAILED;
+            }
+            else /* Some invalid type. */
+                return VERR_DBGF_BP_L1_LOOKUP_FAILED;
+        }
+    }
+
+    return VINF_SUCCESS;
 }
 

trunk/src/VBox/VMM/VMMR0/DBGFR0Bp.cpp

@@ -496 +496 @@
     AssertRCReturn(rc, rc);
 
-    AssertReturn(!pGVM->dbgfr0.s.fInit, VERR_WRONG_ORDER);
+    AssertReturn(pGVM->dbgfr0.s.fInit, VERR_WRONG_ORDER);
     AssertReturn(!pGVM->dbgfr0.s.paBpLocPortIoR0, VERR_WRONG_ORDER);
 

trunk/src/VBox/VMM/VMMR3/DBGFR3Bp.cpp

@@ -91 +91 @@
  * |     .      |            |     .     |
  * +------------+            +-----------+
- *                            L2 idx AVL
+ *                            L2 idx BST
  * @endverbatim
  *
@@ -107 +107 @@
  *              matching the lowest 16bits and the search must continue in the L2 table with the
  *              remaining 28bits acting as an index into the L2 table indicating the search root.
- *     -# The L2 table consists of multiple index based AVL trees, there is one for each reference
+ *     -# The L2 table consists of multiple index based binary search trees, there is one for each reference
  *        from the L1 table. The key for the table are the upper 6 bytes of the breakpoint address
  *        used for searching. This tree is traversed until either a matching address is found and
@@ -133 +133 @@
  *   are always mapped into ring-0 and ring-3 with different base addresses.
  * - Efficent breakpoint allocation is done by having a global bitmap indicating free
- *   and occupied breakpoint entries. Same applies for the L2 AVL table.
+ *   and occupied breakpoint entries. Same applies for the L2 BST table.
  * - Special care must be taken when modifying the L1 and L2 tables as other EMTs
  *   might still access it (want to try a lockless approach first using
@@ -139 +139 @@
  * - Each BP entry is supposed to be 64 byte big and each chunk should contain 65536
  *   breakpoints which results in 4MiB for each chunk plus the allocation bitmap.
- * - ring-0 has to take special care when traversing the L2 AVL tree to not run into cycles
+ * - ring-0 has to take special care when traversing the L2 BST to not run into cycles
  *   and do strict bounds checking before accessing anything. The L1 and L2 table
  *   are written to from ring-3 only. Same goes for the breakpoint table with the
@@ -463 +463 @@
 
 /**
- * Returns the internal breakpoint owner state for the given handle.
- *
- * @returns Pointer to the internal breakpoint owner state or NULL if the handle is invalid.
- * @param   pUVM                The user mode VM handle.
- * @param   hBpOwner            The breakpoint owner handle to resolve.
- */
-DECLINLINE(PDBGFBPOWNERINT) dbgfR3BpOwnerGetByHnd(PUVM pUVM, DBGFBPOWNER hBpOwner)
-{
-    AssertReturn(hBpOwner < DBGF_BP_OWNER_COUNT_MAX, NULL);
-    AssertPtrReturn(pUVM->dbgf.s.pbmBpOwnersAllocR3, NULL);
-
-    AssertReturn(ASMBitTest(pUVM->dbgf.s.pbmBpOwnersAllocR3, hBpOwner), NULL);
-    return &pUVM->dbgf.s.paBpOwnersR3[hBpOwner];
-}
-
-
-/**
  * Retains the given breakpoint owner handle for use.
  *
@@ -486 +469 @@
  * @param   pUVM                The user mode VM handle.
  * @param   hBpOwner            The breakpoint owner handle to retain, NIL_DBGFOWNER is accepted without doing anything.
- */
-DECLINLINE(int) dbgfR3BpOwnerRetain(PUVM pUVM, DBGFBPOWNER hBpOwner)
+ * @param   fIo                 Flag whether the owner must have the I/O handler set because it used by an I/O breakpoint.
+ */
+DECLINLINE(int) dbgfR3BpOwnerRetain(PUVM pUVM, DBGFBPOWNER hBpOwner, bool fIo)
 {
     if (hBpOwner == NIL_DBGFBPOWNER)
@@ -495 +479 @@
     if (pBpOwner)
     {
+        AssertReturn (   (   fIo
+                          && pBpOwner->pfnBpIoHitR3)
+                      ||  (   !fIo
+                           && pBpOwner->pfnBpHitR3),
+                      VERR_INVALID_HANDLE);
         ASMAtomicIncU32(&pBpOwner->cRefs);
         return VINF_SUCCESS;
@@ -650 +639 @@
                          PDBGFBPINT *ppBp)
 {
-    int rc = dbgfR3BpOwnerRetain(pUVM, hOwner);
+    bool fIo =    enmType == DBGFBPTYPE_PORT_IO
+               || enmType == DBGFBPTYPE_MMIO;
+    int rc = dbgfR3BpOwnerRetain(pUVM, hOwner, fIo);
     if (RT_FAILURE(rc))
         return rc;
@@ -1682 +1673 @@
             AssertReturn(u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND, VERR_DBGF_BP_IPE_7);
 
-            bool fXchg = ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxPort], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry);
+            bool fXchg = ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocPortIoR3[idxPort], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry);
             Assert(fXchg); RT_NOREF(fXchg);
         }
@@ -1752 +1743 @@
 static int dbgfR3BpArm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
 {
-    int rc;
+    int rc = VINF_SUCCESS;
     PVM pVM = pUVM->pVM;
 
@@ -1802 +1793 @@
         }
         case DBGFBPTYPE_PORT_IO:
+        {
+            dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
+            ASMAtomicIncU32(&pUVM->dbgf.s.cPortIoBps);
+            IOMR3NotifyBreakpointCountChange(pVM, true /*fPortIo*/, false /*fMmio*/);
+            break;
+        }
         case DBGFBPTYPE_MMIO:
             rc = VERR_NOT_IMPLEMENTED;
@@ -1826 +1823 @@
 static int dbgfR3BpDisarm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
 {
-    int rc;
+    int rc = VINF_SUCCESS;
     PVM pVM = pUVM->pVM;
 
@@ -1870 +1867 @@
         }
         case DBGFBPTYPE_PORT_IO:
+        {
+            dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
+            uint32_t cPortIoBps = ASMAtomicDecU32(&pUVM->dbgf.s.cPortIoBps);
+            if (!cPortIoBps) /** @todo Need to gather all EMTs to not have a stray EMT accessing BP data when it might go away. */
+                IOMR3NotifyBreakpointCountChange(pVM, false /*fPortIo*/, false /*fMmio*/);
+            break;
+        }
         case DBGFBPTYPE_MMIO:
             rc = VERR_NOT_IMPLEMENTED;
@@ -1883 +1887 @@
 
 /**
+ * Worker for DBGFR3BpHit() differnetiating on the breakpoint type.
+ *
+ * @returns Strict VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pVCpu       The vCPU the breakpoint event happened on.
+ * @param   hBp         The breakpoint handle.
+ * @param   pBp         The breakpoint data.
+ * @param   pBpOwner    The breakpoint owner data.
+ *
+ * @thread EMT
+ */
+static VBOXSTRICTRC dbgfR3BpHit(PVM pVM, PVMCPU pVCpu, DBGFBP hBp, PDBGFBPINT pBp, PCDBGFBPOWNERINT pBpOwner)
+{
+    VBOXSTRICTRC rcStrict;
+
+    switch (DBGF_BP_PUB_GET_TYPE(&pBp->Pub))
+    {
+        case DBGFBPTYPE_REG:
+        case DBGFBPTYPE_INT3:
+        {
+            if (DBGF_BP_PUB_IS_EXEC_BEFORE(&pBp->Pub))
+                rcStrict = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_BEFORE);
+            if (rcStrict == VINF_SUCCESS)
+            {
+                uint8_t abInstr[DBGF_BP_INSN_MAX];
+                RTGCPTR const GCPtrInstr = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base;
+                int rc = PGMPhysSimpleReadGCPtr(pVCpu, &abInstr[0], GCPtrInstr, sizeof(abInstr));
+                AssertRC(rc);
+                if (RT_SUCCESS(rc))
+                {
+                    /* Replace the int3 with the original instruction byte. */
+                    abInstr[0] = pBp->Pub.u.Int3.bOrg;
+                    rcStrict = IEMExecOneWithPrefetchedByPC(pVCpu, CPUMCTX2CORE(&pVCpu->cpum.GstCtx), GCPtrInstr, &abInstr[0], sizeof(abInstr));
+                    if (   rcStrict == VINF_SUCCESS
+                        && DBGF_BP_PUB_IS_EXEC_AFTER(&pBp->Pub))
+                    {
+                        VBOXSTRICTRC rcStrict2 = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_AFTER);
+                        if (rcStrict2 == VINF_SUCCESS)
+                            return VBOXSTRICTRC_VAL(rcStrict);
+                        else if (rcStrict2 != VINF_DBGF_BP_HALT)
+                            return VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS;
+                    }
+                    else
+                        return VBOXSTRICTRC_VAL(rcStrict);
+                }
+            }
+            break;
+        }
+        case DBGFBPTYPE_PORT_IO:
+        case DBGFBPTYPE_MMIO:
+        {
+            pVCpu->dbgf.s.fBpIoActive = false;
+            rcStrict = pBpOwner->pfnBpIoHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub,
+                                                pVCpu->dbgf.s.fBpIoBefore
+                                              ? DBGF_BP_F_HIT_EXEC_BEFORE
+                                              : DBGF_BP_F_HIT_EXEC_AFTER,
+                                              pVCpu->dbgf.s.fBpIoAccess, pVCpu->dbgf.s.uBpIoAddress,
+                                              pVCpu->dbgf.s.uBpIoValue);
+
+            break;
+        }
+        default:
+            AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(&pBp->Pub)),
+                                  VERR_IPE_NOT_REACHED_DEFAULT_CASE);
+    }
+
+    return rcStrict;
+}
+
+
+/**
  * Creates a new breakpoint owner returning a handle which can be used when setting breakpoints.
  *
@@ -1889 +1964 @@
  * @param   pUVM                The user mode VM handle.
  * @param   pfnBpHit            The R3 callback which is called when a breakpoint with the owner handle is hit.
+ * @param   pfnBpIoHit          The R3 callback which is called when a I/O breakpoint with the owner handle is hit.
  * @param   phBpOwner           Where to store the owner handle on success.
  *
  * @thread Any thread but might defer work to EMT on the first call.
  */
-VMMR3DECL(int) DBGFR3BpOwnerCreate(PUVM pUVM, PFNDBGFBPHIT pfnBpHit, PDBGFBPOWNER phBpOwner)
+VMMR3DECL(int) DBGFR3BpOwnerCreate(PUVM pUVM, PFNDBGFBPHIT pfnBpHit, PFNDBGFBPIOHIT pfnBpIoHit, PDBGFBPOWNER phBpOwner)
 {
     /*
@@ -1899 +1975 @@
      */
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertPtrReturn(pfnBpHit, VERR_INVALID_PARAMETER);
+    AssertReturn(pfnBpHit || pfnBpIoHit, VERR_INVALID_PARAMETER);
     AssertPtrReturn(phBpOwner, VERR_INVALID_POINTER);
 
@@ -1919 +1995 @@
             {
                 PDBGFBPOWNERINT pBpOwner = &pUVM->dbgf.s.paBpOwnersR3[iClr];
-                pBpOwner->cRefs      = 1;
-                pBpOwner->pfnBpHitR3 = pfnBpHit;
+                pBpOwner->cRefs        = 1;
+                pBpOwner->pfnBpHitR3   = pfnBpHit;
+                pBpOwner->pfnBpIoHitR3 = pfnBpIoHit;
 
                 *phBpOwner = (DBGFBPOWNER)iClr;
@@ -2253 +2330 @@
                                  uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
 {
-    return DBGFR3BpSetPortIoEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, uPort, cPorts,
-                               DBGF_BP_F_DEFAULT, fAccess, iHitTrigger, iHitDisable, phBp);
+    return DBGFR3BpSetPortIoEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, uPort, cPorts, fAccess,
+                               DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, phBp);
 }
 
@@ -2286 +2363 @@
     AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_PORT_IO), VERR_INVALID_FLAGS);
     AssertReturn(fAccess, VERR_INVALID_FLAGS);
+    AssertReturn(!(fFlags & ~DBGF_BP_F_VALID_MASK), VERR_INVALID_FLAGS);
+    AssertReturn(fFlags, VERR_INVALID_FLAGS);
     AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
     AssertPtrReturn(phBp, VERR_INVALID_POINTER);
     AssertReturn(cPorts > 0, VERR_OUT_OF_RANGE);
-    AssertReturn((RTIOPORT)(uPort + cPorts) < uPort, VERR_OUT_OF_RANGE);
+    AssertReturn((RTIOPORT)(uPort + (cPorts - 1)) >= uPort, VERR_OUT_OF_RANGE);
 
     int rc = dbgfR3BpPortIoEnsureInit(pUVM);
@@ -2364 +2443 @@
 {
     return DBGFR3BpSetMmioEx(pUVM, NIL_DBGFBPOWNER, NULL /*pvUser*/, GCPhys, cb, fAccess,
-                             iHitTrigger, iHitDisable, phBp);
+                             DBGF_BP_F_DEFAULT, iHitTrigger, iHitDisable, phBp);
 }
 
@@ -2378 +2457 @@
  * @param   cb              The size of the MMIO range to break on.
  * @param   fAccess         The access we want to break on.
+ * @param   fFlags          Combination of DBGF_BP_F_XXX.
  * @param   iHitTrigger     The hit count at which the breakpoint start
  *                          triggering. Use 0 (or 1) if it's gonna trigger at
@@ -2389 +2469 @@
 VMMR3DECL(int) DBGFR3BpSetMmioEx(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser,
                                  RTGCPHYS GCPhys, uint32_t cb, uint32_t fAccess,
-                                 uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
+                                 uint32_t fFlags, uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp)
 {
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
@@ -2395 +2475 @@
     AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_MMIO), VERR_INVALID_FLAGS);
     AssertReturn(fAccess, VERR_INVALID_FLAGS);
+    AssertReturn(!(fFlags & ~DBGF_BP_F_VALID_MASK), VERR_INVALID_FLAGS);
+    AssertReturn(fFlags, VERR_INVALID_FLAGS);
     AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
     AssertPtrReturn(phBp, VERR_INVALID_POINTER);
@@ -2595 +2677 @@
     {
         DBGFBP hBp = pVCpu->dbgf.s.hBpActive;
-        PDBGFBPINT pBp = dbgfR3BpGetByHnd(pVM->pUVM, pVCpu->dbgf.s.hBpActive);
+        pVCpu->dbgf.s.hBpActive              = NIL_DBGFBP;
+        pVCpu->dbgf.s.fBpInvokeOwnerCallback = false;
+
+        PDBGFBPINT pBp = dbgfR3BpGetByHnd(pVM->pUVM, hBp);
         AssertReturn(pBp, VERR_DBGF_BP_IPE_9);
 
@@ -2604 +2689 @@
             if (pBpOwner)
             {
-                VBOXSTRICTRC rcStrict = VINF_SUCCESS;
-
-                if (DBGF_BP_PUB_IS_EXEC_BEFORE(&pBp->Pub))
-                    rcStrict = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_BEFORE);
-                if (rcStrict == VINF_SUCCESS)
-                {
-                    uint8_t abInstr[DBGF_BP_INSN_MAX];
-                    RTGCPTR const GCPtrInstr = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base;
-                    int rc = PGMPhysSimpleReadGCPtr(pVCpu, &abInstr[0], GCPtrInstr, sizeof(abInstr));
-                    AssertRC(rc);
-                    if (RT_SUCCESS(rc))
-                    {
-                        /* Replace the int3 with the original instruction byte. */
-                        abInstr[0] = pBp->Pub.u.Int3.bOrg;
-                        rcStrict = IEMExecOneWithPrefetchedByPC(pVCpu, CPUMCTX2CORE(&pVCpu->cpum.GstCtx), GCPtrInstr, &abInstr[0], sizeof(abInstr));
-                        if (   rcStrict == VINF_SUCCESS
-                            && DBGF_BP_PUB_IS_EXEC_AFTER(&pBp->Pub))
-                        {
-                            VBOXSTRICTRC rcStrict2 = pBpOwner->pfnBpHitR3(pVM, pVCpu->idCpu, pBp->pvUserR3, hBp, &pBp->Pub, DBGF_BP_F_HIT_EXEC_AFTER);
-                            if (rcStrict2 == VINF_SUCCESS)
-                                return VBOXSTRICTRC_VAL(rcStrict);
-                            else if (rcStrict2 != VINF_DBGF_BP_HALT)
-                                return VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS;
-                        }
-                        else
-                            return VBOXSTRICTRC_VAL(rcStrict);
-                    }
-                }
-                else if (rcStrict != VINF_DBGF_BP_HALT) /* Guru meditation. */
+                VBOXSTRICTRC rcStrict = dbgfR3BpHit(pVM, pVCpu, hBp, pBp, pBpOwner);
+                if (VBOXSTRICTRC_VAL(rcStrict) == VINF_SUCCESS)
+                    return VINF_SUCCESS;
+                else if (VBOXSTRICTRC_VAL(rcStrict) != VINF_DBGF_BP_HALT) /* Guru meditation. */
                     return VERR_DBGF_BP_OWNER_CALLBACK_WRONG_STATUS;
                 /* else: Halt in the debugger. */

trunk/src/VBox/VMM/VMMR3/DBGFR3FlowTrace.cpp

@@ -1209 +1209 @@
         if (RT_SUCCESS(rc))
         {
-            rc = DBGFR3BpOwnerCreate(pUVM, dbgfR3FlowTraceModProbeFiredWorker, &pThis->hBpOwner);
+            rc = DBGFR3BpOwnerCreate(pUVM, dbgfR3FlowTraceModProbeFiredWorker, NULL /*pfnBpIoHit*/, &pThis->hBpOwner);
             if (RT_SUCCESS(rc))
             {

trunk/src/VBox/VMM/include/DBGFInline.h

@@ -109 +109 @@
 }
 
+#ifdef IN_RING3
+/**
+ * Returns the internal breakpoint owner state for the given handle.
+ *
+ * @returns Pointer to the internal breakpoint owner state or NULL if the handle is invalid.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hBpOwner            The breakpoint owner handle to resolve.
+ */
+DECLINLINE(PDBGFBPOWNERINT) dbgfR3BpOwnerGetByHnd(PUVM pUVM, DBGFBPOWNER hBpOwner)
+{
+    AssertReturn(hBpOwner < DBGF_BP_OWNER_COUNT_MAX, NULL);
+    AssertPtrReturn(pUVM->dbgf.s.pbmBpOwnersAllocR3, NULL);
+
+    AssertReturn(ASMBitTest(pUVM->dbgf.s.pbmBpOwnersAllocR3, hBpOwner), NULL);
+    return &pUVM->dbgf.s.paBpOwnersR3[hBpOwner];
+}
+#endif
+
 #endif /* !VMM_INCLUDED_SRC_include_DBGFInline_h */

trunk/src/VBox/VMM/include/DBGFInternal.h

@@ -824 +824 @@
     /** Callback to call when a breakpoint has hit, Ring-3 Ptr. */
     R3PTRTYPE(PFNDBGFBPHIT)     pfnBpHitR3;
+    /** Callback to call when a I/O breakpoint has hit, Ring-3 Ptr. */
+    R3PTRTYPE(PFNDBGFBPIOHIT)   pfnBpIoHitR3;
+    /** Padding. */
+    uint64_t                    u64Pad1;
 } DBGFBPOWNERINT;
-AssertCompileSize(DBGFBPOWNERINT, 16);
+AssertCompileSize(DBGFBPOWNERINT, 32);
 /** Pointer to an internal breakpoint owner state, shared part. */
 typedef DBGFBPOWNERINT *PDBGFBPOWNERINT;
@@ -843 +847 @@
     /** Callback to call when a breakpoint has hit, Ring-0 Ptr. */
     R0PTRTYPE(PFNDBGFBPHIT)     pfnBpHitR0;
+    /** Callback to call when a I/O breakpoint has hit, Ring-0 Ptr. */
+    R0PTRTYPE(PFNDBGFBPIOHIT)   pfnBpIoHitR0;
+    /** Padding. */
+    uint64_t                    u64Pad1;
 } DBGFBPOWNERINTR0;
-AssertCompileSize(DBGFBPOWNERINTR0, 16);
+AssertCompileSize(DBGFBPOWNERINTR0, 32);
 /** Pointer to an internal breakpoint owner state, shared part. */
 typedef DBGFBPOWNERINTR0 *PDBGFBPOWNERINTR0;
@@ -1211 +1219 @@
      * This is checked and cleared in the \#DB handler. */
     bool                    fSingleSteppingRaw;
-    /** Alignment padding. */
-    bool                    afPadding[2];
+    /** Flag whether an I/O breakpoint is pending. */
+    bool                    fBpIoActive;
+    /** Flagh whether the I/O breakpoint hit before the access or after. */
+    bool                    fBpIoBefore;
     /** Current active breakpoint handle.
      * This is NIL_DBGFBP if not active. It is set when a execution engine
@@ -1219 +1229 @@
      * @todo drop this in favor of aEvents!  */
     DBGFBP                  hBpActive;
+    /** The access mask for a pending I/O breakpoint. */
+    uint32_t                fBpIoAccess;
+    /** The address of the access. */
+    uint64_t                uBpIoAddress;
+    /** The value of the access. */
+    uint64_t                uBpIoValue;
 
     /** The number of events on the stack (aEvents).
@@ -1391 +1407 @@
      * can still do read accesses without holding it while traversing the trees). */
     RTSEMFASTMUTEX                  hMtxBpL2Wr;
+    /** Number of armed port I/O breakpoints. */
+    volatile uint32_t               cPortIoBps;
     /** @} */