refactoring of port_e9_hack configuration options
do not allow port e9 access for all rings if port_e9_hack is not enabled
Co-authored-by: Stanislav Shwartsman <sshwarts@users.sourceforge.net>
Made all devices pass USB 2.0 Compliance on WinXP (old version of the
compliance test).
USB Hub still needs a little work to be in complete compliance.
Fixed potential bug in EHCI to UHCI hand-off.
Fixed compilation error with Floppy CB/CBI emulation.
Minor syntax fixes (tabulation, old irrelevant comments)
MSD serial numbers must be 12 chars.
Added to CHANGES file
This changes a BX_INFO to a BX_DEBUG. It does not needed to be a
BX_INFO.
Second, this adds (very) minimal support for SCSI command 0xAC.
When emulating a .iso image via USB CD-ROM on Win10, without this
command, the emulation freezes when trying to access the CD-ROM. I don't
know if it is Bochs or Win10. I think Win10 expects the command to work,
or Bochs is not failing correctly.
This PR simply adds code to acknowledge the command and returns a zero
length report. This SCSI (MMC) specification states that a zero length
report is allowed.
The 8 byte header is returned, but the header indicates a zero byte
return: No report segments returned.
This seems to keep Win10 from freezing at USB CD-ROM device access time.
The code also BX_DEBUG's the command sent to the "controller", for
future use when adding the actual support of the command.
This PR allows larger VHD image files. The size in question doesn't
necessarily mean the size of the VHD file on disk. The size is the total
size of the image emulated. This total size is in question.
Without this patch, the total size allowed is 65535 * 16 * 255, or
roughly 32gig.
With this patch, the total size is calculated by who the creator of the
image is, what the CHS values are, and possibly a total size of up to a
limit of 2TB.
Since the original code was ported from QEMU, I ported an updated QEMU
code snippet.
https://gitlab.com/qemu-project/qemu/-/blob/master/block/vpc.c?ref_type=heads#L305
This PR now allows VHD image files with a total size emulated less than
or equal to 2TB.
This improves the detection of the default speed of a device when given
in bochsrc.
It will first get the max speed of the port given. For example, uhci and
ohci will return FULL, ehci will return HIGH.
xHCI will return SUPER if the port is a super-speed port, else it will
return HIGH.
Then it will compare this with the max speed allowed for that device,
returning the highest common speed.
Of course, if the speed option is given, the above is overwritten by the
specified speed.
Both checks are still performed on the result.
1) does device allow the result speed?
2) does the controller allow the result speed?
This catches (possible) errors in the Bochrc file when declaring USB
port options.
The first catches when the user defines a port twice. This will PANIC.
```
usb_ohci: port1=mouse, options1="speed:low, model:m228"
usb_ohci: port1=keyboard, options1="speed:low"
```
The second catches a possible error if the user copy/pastes a line and
forgets to update the options# part as in the example below.
```
usb_ohci: port1=tablet, options1="speed:low"
usb_ohci: port2=disk, options1="speed:full, path:hdd.img"
```
However, this will not PANIC since the following is completely legal:
```
usb_ohci: port2=disk
usb_ohci: options2="speed:full"
usb_ohci: options2="path:hdd.img"
```
This will simply display an error on the Bochs console window.
This adds three additional checks to make sure the Guest is working
correctly.
- checks that the guest allocated the Scratchpad Area. If left zero
(NULL) the controller may access low memory.
- checks that the guest uses correct segment sizes in the interrupter
ring(s)
- checks the burst size value given to be within normal range
This also adds an internal register value for the HcCrcr (Command Ring
Control) register. Since this register reads zero by the Guest, we keep
an internal value so that the emulation can read the value, internally.
This is for features soon to be released.
Minor other syntax/comment changes (misspelled word, etc)
Checked with WinXP, Win7, and Win10
This fixes zero length packet handling.
See the following example that requests 128 bytes:
```
SETUP(8)
IN(64)
IN(64)
STATUS(0)
```
The current code erroneously assumes that there are no more IN packets
after the first two 64-byte packets.
However, what happens with the following:
```
SETUP(8)
IN(64)
IN(64)
IN(64) <--- current code assumes this will be, and expects a STATUS packet
STATUS(0)
```
Currently, the third IN(64) above will result in a coding error because
the code is expecting the STATUS packet, not another IN packet.
The "controller" must allow for more packets than expected, returning a
short packet detect on the third IN(64) packet shown above, actually
returning zero bytes, hence the Short Packet Detect.
This patch was tested on WinXP, Win7, and Win10.
The check for the amount of byte transferred in one frame time was done
before the update of the vertical pointer in the current Queue of the
last executed TD. Therefore, on the next frame time, the last executed
TD was being "executed" again. The check has now been moved to the top
of the loop.
This PR is for "I/O Interface to Bochs Debugger" from ring3 (port range:
**0x8A00 - 0x8A01**)
PR #64 was for E9 HACK (port **0xE9**)
By enabling the iodebug's 'all_rings' option, you can utilize the port
I/O Interface to Bochs Debugger from ring3. This PR allows the code
running inside Bochs (ring3) to monitor memory ranges, trace individual
instructions, and observe register values during execution.
https://bochs.sourceforge.io/doc/docbook/development/debugger-advanced.html
IMO very useful for:
- user-mode sandbox (ex Cuckoo)
- malware analysis
- API/SYSCALL hook/monitor from ring3
- automation + instrumentation from user mode code
...
A complement for PR #64
**This PR is 100% backward compatibility**
btw, @stlintel I'm not certain about:
- if misc is the ideal location for this.. should I create a new
iodebug-option for this?
- should I remove the #if in 'new bx_param_bool_c'?
- the new .bochsrc entry makes sense for you?
By enabling the 'all_rings' option, you can utilize the port e9 hack
from ring3
IMO very useful for:
- user-mode sandbox (ex Cuckoo)
- malware analysis
- API/SYSCALL logger with a simple hook from ring3
- automation + instrumentation from user mode code
- ...
So yes, from this PR a user-mode-sandbox can display on the console of
the system running Bochs anything that is written to 0xE9 port
**This PR is 100% backward compatibility**
btw, @stlintel I'm not certain if **bochs/config.cc** is the ideal
location to define **bool port_e9_hack_all_rings** (unmapped io/dev is
better?)
from Fixes in VM Entry Checks for Guest Segment Registers #51
Correction in checks for Code Segment (CS):
Previously, the DPL of CS was incorrectly compared with its own RPL.
According to Intel SDM, Vol. 3C, Chapter 27.3.1.2, for non-conforming code segments (type 9 or 11), the DPL of CS should be equal to the DPL of SS.
And for conforming code segments (type 13 or 15), the DPL of CS cannot be greater than the DPL of SS.
This way VMCS is not accessed multiple times which is important for some usages
