Changeset 108529 in vbox for trunk/src/VBox/VMM/VMMAll/GICAll.cpp

Timestamp:

Mar 12, 2025 9:39:41 AM (6 weeks ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

167919

Message:

VMM/GIC: bugref:10404 Fixed illegal register access after re-enabling extended SPIs.

File:

• trunk/src/VBox/VMM/VMMAll/GICAll.cpp (modified) (7 diffs)

trunk/src/VBox/VMM/VMMAll/GICAll.cpp

@@ -703 +703 @@
     Assert(pGicDev->fAffRoutingEnabled);
 
-    /* Hardware does not map the first 32 registers (corresponding to SGIs and PPIs). */
-    idxReg += GIC_INTID_RANGE_SPI_START;
-    AssertReturn(idxReg < RT_ELEMENTS(pGicDev->au32IntrRouting), VERR_BUFFER_OVERFLOW);
+    AssertMsgReturn(idxReg < RT_ELEMENTS(pGicDev->au32IntrRouting), ("idxReg=%u\n", idxReg), VERR_BUFFER_OVERFLOW);
     Assert(idxReg < sizeof(pGicDev->bmIntrRoutingMode) * 8);
     if (!(idxReg % 2))
@@ -889 +887 @@
     {
         uint16_t const idxPriority = idxReg * sizeof(uint32_t);
-        AssertReturn(idxPriority < RT_ELEMENTS(pGicDev->abIntrPriority) - sizeof(uint32_t), VERR_BUFFER_OVERFLOW);
+        AssertReturn(idxPriority <= RT_ELEMENTS(pGicDev->abIntrPriority) - sizeof(uint32_t), VERR_BUFFER_OVERFLOW);
         AssertCompile(sizeof(*puValue) == sizeof(uint32_t));
         *puValue = *(uint32_t *)&pGicDev->abIntrPriority[idxPriority];
@@ -920 +918 @@
     {
         uint16_t const idxPriority = idxReg * sizeof(uint32_t);
-        AssertReturn(idxPriority < RT_ELEMENTS(pGicDev->abIntrPriority) - sizeof(uint32_t), VERR_BUFFER_OVERFLOW);
+        AssertReturn(idxPriority <= RT_ELEMENTS(pGicDev->abIntrPriority) - sizeof(uint32_t), VERR_BUFFER_OVERFLOW);
         AssertCompile(sizeof(uValue) == sizeof(uint32_t));
         *(uint32_t *)&pGicDev->abIntrPriority[idxPriority] = uValue;
@@ -1841 +1839 @@
         if (offReg - GIC_DIST_REG_IROUTERn_OFF_START < GIC_DIST_REG_IROUTERn_RANGE_SIZE)
         {
-            uint16_t const idxReg = (offReg - GIC_DIST_REG_IROUTERn_OFF_START) / cbReg;
+            /* Hardware does not map the first 32 registers (corresponding to SGIs and PPIs). */
+            uint16_t const idxExt = GIC_INTID_RANGE_SPI_START;
+            uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERn_OFF_START) / sizeof(uint64_t);
             return gicDistReadIntrRoutingReg(pGicDev, idxReg, puValue);
         }
@@ -1847 +1847 @@
         {
             uint16_t const idxExt = RT_ELEMENTS(pGicDev->au32IntrRouting) / 2;
-            uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERnE_OFF_START) / cbReg;
+            uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERnE_OFF_START) / sizeof(uint64_t);
             return gicDistReadIntrRoutingReg(pGicDev, idxReg, puValue);
         }
@@ -2080 +2080 @@
     if (offReg - GIC_DIST_REG_IROUTERn_OFF_START < GIC_DIST_REG_IROUTERn_RANGE_SIZE)
     {
-        uint16_t const idxReg = (offReg - GIC_DIST_REG_IROUTERn_OFF_START) / cbReg;
+        /* Hardware does not map the first 32 registers (corresponding to SGIs and PPIs). */
+        uint16_t const idxExt = GIC_INTID_RANGE_SPI_START;
+        uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERn_OFF_START) / sizeof(uint64_t);
         return gicDistWriteIntrRoutingReg(pGicDev, idxReg, uValue);
     }
@@ -2086 +2088 @@
     {
         uint16_t const idxExt = RT_ELEMENTS(pGicDev->au32IntrRouting) / 2;
-        uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERnE_OFF_START) / cbReg;
+        uint16_t const idxReg = idxExt + (offReg - GIC_DIST_REG_IROUTERnE_OFF_START) / sizeof(uint64_t);
         return gicDistWriteIntrRoutingReg(pGicDev, idxReg, uValue);
     }