208     target_ulong ip = *pip;  in evaluate_tpr_instruction()  local
213     if ((ip & 0xf0000000ULL) != 0x80000000ULL &&  in evaluate_tpr_instruction()
214         (ip & 0xf0000000ULL) != 0xe0000000ULL) {  in evaluate_tpr_instruction()
233          * KVM without kernel-based TPR access reporting will pass an IP that  in evaluate_tpr_instruction()
242             if (cpu_memory_rw_debug(cs, ip - instr->length, opcode,  in evaluate_tpr_instruction()
247                 ip -= instr->length;  in evaluate_tpr_instruction()
253         if (cpu_memory_rw_debug(cs, ip, opcode, sizeof(opcode), 0) < 0) {  in evaluate_tpr_instruction()
270     if (cpu_memory_rw_debug(cs, ip + instr->addr_offset,  in evaluate_tpr_instruction()
282     *pip = ip;  in evaluate_tpr_instruction()
286 static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong ip)  in update_rom_mapping()  argument
304     rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);  in update_rom_mapping()
391 static void patch_call(X86CPU *cpu, target_ulong ip, uint32_t target)  in patch_call()  argument
395     offset = cpu_to_le32(target - ip - 5);  in patch_call()
396     patch_byte(cpu, ip, 0xe8); /* call near */  in patch_call()
397     cpu_memory_rw_debug(CPU(cpu), ip + 1, (void *)&offset, sizeof(offset), 1);  in patch_call()
402     target_ulong ip;  member
410     target_ulong ip = info->ip;  in do_patch_instruction()  local
414     cpu_memory_rw_debug(cs, ip, opcode, sizeof(opcode), 0);  in do_patch_instruction()
418         patch_byte(x86_cpu, ip, 0x50 + modrm_reg(opcode[1]));  /* push reg */  in do_patch_instruction()
419         patch_call(x86_cpu, ip + 1, handlers->set_tpr);  in do_patch_instruction()
422         patch_byte(x86_cpu, ip, 0x90);  in do_patch_instruction()
423         patch_call(x86_cpu, ip + 1, handlers->get_tpr[modrm_reg(opcode[1])]);  in do_patch_instruction()
426         patch_call(x86_cpu, ip, handlers->get_tpr[0]);  in do_patch_instruction()
429         patch_call(x86_cpu, ip, handlers->set_tpr_eax);  in do_patch_instruction()
432         patch_byte(x86_cpu, ip, 0x68);  /* push imm32 */  in do_patch_instruction()
433         cpu_memory_rw_debug(cs, ip + 6, (void *)&imm32, sizeof(imm32), 0);  in do_patch_instruction()
434         cpu_memory_rw_debug(cs, ip + 1, (void *)&imm32, sizeof(imm32), 1);  in do_patch_instruction()
435         patch_call(x86_cpu, ip + 5, handlers->set_tpr);  in do_patch_instruction()
438         patch_byte(x86_cpu, ip, 0x50); /* push eax */  in do_patch_instruction()
439         patch_call(x86_cpu, ip + 1, handlers->get_tpr_stack);  in do_patch_instruction()
448 static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)  in patch_instruction()  argument
463     info->ip = ip;  in patch_instruction()
468 void vapic_report_tpr_access(DeviceState *dev, CPUState *cs, target_ulong ip,  in vapic_report_tpr_access()  argument
477     if (evaluate_tpr_instruction(s, cpu, &ip, access) < 0) {  in vapic_report_tpr_access()
483     if (update_rom_mapping(s, env, ip) < 0) {  in vapic_report_tpr_access()
489     patch_instruction(s, cpu, ip);  in vapic_report_tpr_access()
567              * calls are miles away from the current IP. Under malicious  in patch_hypercalls()
685              * We cannot do this in TCG mode as the reported IP is not  in vapic_write()