Changeset 103734 in vbox

Timestamp:

Mar 8, 2024 12:36:00 AM (11 months ago)

Author:

vboxsync

Message:

VMM/IEM: Fixed bug in sysret when targeting intel CPUs where SS.ATTR/LIMIT/BASE are all reloaded unlike what AMD does and IEM did. This would cause the init process to #GP on 64-bit knoppix 8.6 (based on linux 5.3). bugref:8109

File:

: 1 edited

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp

-              r103333
+              r103734
     pVCpu->cpum.GstCtx.cs.fFlags     = CPUMSELREG_FLAGS_VALID;
+    /* The SS hidden bits remains unchanged says AMD, we presume they set DPL to 3.
+       Intel (and presuably VIA) OTOH sets loads valid ring-3 values it seems, see
+       X86_BUG_SYSRET_SS_ATTRS in linux 5.3. */
+    if (IEM_IS_GUEST_CPU_AMD(pVCpu))
+    {
+        Log(("sysret: ss:rsp=%04x:%08RX64 attr=%x -> %04x:%08RX64 attr=%#x\n", pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.ss.Attr.u, uNewSs | 3, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.ss.Attr.u | (3 << X86DESCATTR_DPL_SHIFT) ));
+        pVCpu->cpum.GstCtx.ss.Attr.u     |= (3 << X86DESCATTR_DPL_SHIFT);
+    }
+    else
+    {
+        Log(("sysret: ss:rsp=%04x:%08RX64 attr=%x -> %04x:%08RX64 attr=%#x\n", pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.ss.Attr.u, uNewSs | 3, pVCpu->cpum.GstCtx.rsp, X86DESCATTR_P | X86DESCATTR_G | X86DESCATTR_D | X86DESCATTR_DT | X86_SEL_TYPE_RW_ACC | (3 << X86DESCATTR_DPL_SHIFT) ));
+        pVCpu->cpum.GstCtx.ss.Attr.u      = X86DESCATTR_P | X86DESCATTR_G | X86DESCATTR_D | X86DESCATTR_DT | X86_SEL_TYPE_RW_ACC
+                                          | (3 << X86DESCATTR_DPL_SHIFT);
+        pVCpu->cpum.GstCtx.ss.u64Base     = 0;
+        pVCpu->cpum.GstCtx.ss.u32Limit    = UINT32_MAX;
+    }
     pVCpu->cpum.GstCtx.ss.Sel        = uNewSs | 3;
     pVCpu->cpum.GstCtx.ss.ValidSel   = uNewSs | 3;
     pVCpu->cpum.GstCtx.ss.fFlags     = CPUMSELREG_FLAGS_VALID;
-    /* The SS hidden bits remains unchanged says AMD. To that I say "Yeah, right!". */
-    pVCpu->cpum.GstCtx.ss.Attr.u    |= (3 << X86DESCATTR_DPL_SHIFT);
     /** @todo Testcase: verify that SS.u1Long and SS.u1DefBig are left unchanged
+     *        on sysret. */
+    /** @todo intel documents SS.BASE and SS.LIMIT as being set as well as the
+     *        TYPE, S, DPL, P, B and G flag bits. */
+     *        on sysret on AMD and not on intel. */
     if (!f32Bit)

Note: See TracChangeset for help on using the changeset viewer.

Changeset 103734 in vbox

Legend:

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp

Download in other formats: