Changeset 1089 in vbox for trunk/src/VBox/VMM

Timestamp:

Feb 28, 2007 8:42:35 AM (18 years ago)

Author:

vboxsync

Message:

Fixed broken return path in generic trap handler for v86 code

Location:

trunk/src/VBox/VMM/VMMGC

Files:

• TRPMGCHandlers.cpp (modified) (4 diffs)
• TRPMGCHandlersA.asm (modified) (3 diffs)

trunk/src/VBox/VMM/VMMGC/TRPMGCHandlers.cpp

@@ -223 +223 @@
     AssertMsg(     rc != VINF_SUCCESS
               ||   (   pRegFrame->eflags.Bits.u1IF
-                    && pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss & X86_SEL_RPL))
+                    && ( pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss & X86_SEL_RPL) || pRegFrame->eflags.Bits.u1VM))
               , ("rc = %VGv\neflags=%RX32 ss=%RTsel IOPL=%d\n", rc, pRegFrame->eflags.u32, pRegFrame->ss, pRegFrame->eflags.Bits.u2IOPL));
     return rc;
@@ -338 +338 @@
     PVM pVM = TRPM2VM(pTrpm);
 
-    LogFlow(("TRPMGCTrap06Handler %VGv\n", pRegFrame->eip));
+    LogFlow(("TRPMGCTrap06Handler %VGv eflags=%x\n", pRegFrame->eip, pRegFrame->eflags.u32));
 
     if (    (pRegFrame->ss & X86_SEL_RPL) == 1
@@ -696 +696 @@
 
     STAM_PROFILE_ADV_START(&pVM->trpm.s.StatTrap0dDisasm, a);
+
+    /* We always set IOPL to zero which makes e.g. pushf fault in V86 mode. The guest might use IOPL=3 and therefor not expect a #GP.
+     * Simply fall back to the recompiler to emulate this instruction.
+     */
+    if (pRegFrame->eflags.Bits.u1VM)
+    {
+        STAM_PROFILE_ADV_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
+        return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
+    }
+
     /*
      * Decode the instruction.
@@ -706 +716 @@
              pRegFrame->cs, pRegFrame->eip, pRegFrame->ss & X86_SEL_RPL, rc));
         STAM_PROFILE_ADV_STOP(&pVM->trpm.s.StatTrap0dDisasm, a);
-        return trpmGCExitTrap(pVM, VINF_EM_RAW_GUEST_TRAP, pRegFrame);
+        return trpmGCExitTrap(pVM, VINF_EM_RAW_EMULATE_INSTR, pRegFrame);
     }
 

trunk/src/VBox/VMM/VMMGC/TRPMGCHandlersA.asm

@@ -497 +497 @@
 
     mov     eax, dword [esp + CPUMCTXCORE.es]
-    mov     [esp + 0ch + ESPOFF], eax           ; es
+    mov     [esp + 1ch + ESPOFF], eax           ; es
     mov     eax, dword [esp + CPUMCTXCORE.ds]
-    mov     [esp + 10h + ESPOFF], eax           ; ds
+    mov     [esp + 20h + ESPOFF], eax           ; ds
     mov     eax, dword [esp + CPUMCTXCORE.fs]
-    mov     [esp + 14h + ESPOFF], eax           ; fs
+    mov     [esp + 24h + ESPOFF], eax           ; fs
     mov     eax, dword [esp + CPUMCTXCORE.gs]
-    mov     [esp + 18h + ESPOFF], eax           ; gs
+    mov     [esp + 28h + ESPOFF], eax           ; gs
 
     mov     eax, [esp + CPUMCTXCORE.eip]
@@ -914 +914 @@
     mov     edi, [esp + CPUMCTXCORE.edi]
 
+    ; In V86 mode DS, ES, FS & GS are restored by the iret
+    test    dword [esp + CPUMCTXCORE.eflags], X86_EFL_VM
+    jnz     short ti_SkipSelRegs
+
     mov     eax, [esp + CPUMCTXCORE.gs]
     TRPM_NP_GP_HANDLER NAME(trpmGCTrapInGeneric), TRPM_TRAP_IN_MOV_GS | TRPM_TRAP_IN_HYPER
@@ -927 +931 @@
     mov     ds, eax
 
+ti_SkipSelRegs:
     ; finally restore our scratch register eax
     mov     eax, [esp + CPUMCTXCORE.eax]