Changeset 41072 in vbox

Timestamp:

Apr 26, 2012 4:35:04 PM (13 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

77640

Message:

VMM: fix VERR_PAGE_TABLE_NOT_PRESENT guru meditation caused by failing to disassemble an instruction because the guest's PDE/PTE is invalid, see #6043 for details.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/EMAll.cpp (modified) (2 diffs)
• VMMAll/IOMAllMMIO.cpp (modified) (1 diff)
• VMMR0/HWSVMR0.cpp (modified) (2 diffs)
• VMMR0/HWVMXR0.cpp (modified) (3 diffs)

trunk/src/VBox/VMM/VMMAll/EMAll.cpp

@@ -360 +360 @@
         if (PAGE_ADDRESS(InstrGC) == PAGE_ADDRESS(InstrGC + sizeof(State.aOpcode) - 1))
         {
-           if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
-              HWACCMInvalidatePage(pVCpu, InstrGC);
+            /*
+             * If we fail to find the page via the guest's page tables we invalidate the page
+             * in the host TLB (pertaining to the guest in the NestedPaging case). See #6043
+             */
+            if (rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT)
+                HWACCMInvalidatePage(pVCpu, InstrGC);
 
            Log(("emDisCoreOne: read failed with %d\n", rc));
@@ -449 +453 @@
         if (PAGE_ADDRESS(GCPtrInstr) == PAGE_ADDRESS(GCPtrInstr + sizeof(State.aOpcode) - 1))
         {
-           if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
-              HWACCMInvalidatePage(pVCpu, GCPtrInstr);
+            /*
+             * If we fail to find the page via the guest's page tables we invalidate the page
+             * in the host TLB (pertaining to the guest in the NestedPaging case). See #6043
+             */
+            if (rc == VERR_PAGE_TABLE_NOT_PRESENT || rc == VERR_PAGE_NOT_PRESENT)
+                HWACCMInvalidatePage(pVCpu, GCPtrInstr);
 
            Log(("EMInterpretDisasOneEx: read failed with %d\n", rc));

trunk/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp

@@ -1522 +1522 @@
     unsigned        cbOp;
     rc = EMInterpretDisasOne(pVM, pVCpu, pCtxCore, pDis, &cbOp);
-    AssertRC(rc);
     if (RT_FAILURE(rc))
     {

trunk/src/VBox/VMM/VMMR0/HWSVMR0.cpp

@@ -1919 +1919 @@
         {
             rc = PGMR0Trap0eHandlerNPMisconfig(pVM, pVCpu, enmShwPagingMode, CPUMCTX2CORE(pCtx), GCPhysFault, errCode);
-            if (rc == VINF_SUCCESS)
+
+            /*
+             * If we succeed, resume execution.
+             * Or, if fail in interpreting the instruction because we couldn't get the guest physical address
+             * of the page containing the instruction via the guest's page tables (we would invalidate the guest page
+             * in the host TLB), resume execution which would cause a guest page fault to let the guest handle this
+             * weird case. See #6043.
+             */
+            if (   rc == VINF_SUCCESS
+                || rc == VERR_PAGE_TABLE_NOT_PRESENT
+                || rc == VERR_PAGE_NOT_PRESENT)
             {
                 Log2(("PGMR0Trap0eHandlerNPMisconfig(,,,%RGp) at %RGv -> resume\n", GCPhysFault, (RTGCPTR)pCtx->rip));
@@ -1935 +1945 @@
         rc = PGMR0Trap0eHandlerNestedPaging(pVM, pVCpu, enmShwPagingMode, errCode, CPUMCTX2CORE(pCtx), GCPhysFault);
         Log2(("PGMR0Trap0eHandlerNestedPaging %RGv returned %Rrc\n", (RTGCPTR)pCtx->rip, VBOXSTRICTRC_VAL(rc)));
-        if (rc == VINF_SUCCESS)
+
+        /*
+         * Same case as PGMR0Trap0eHandlerNPMisconfig(). See comment above, #6043.
+         */
+        if (   rc == VINF_SUCCESS
+            || rc == VERR_PAGE_TABLE_NOT_PRESENT
+            || rc == VERR_PAGE_NOT_PRESENT)
         {   /* We've successfully synced our shadow pages, so let's just continue execution. */
             Log2(("Shadow page fault at %RGv cr2=%RGp error code %x\n", (RTGCPTR)pCtx->rip, GCPhysFault, errCode));

trunk/src/VBox/VMM/VMMR0/HWVMXR0.cpp

@@ -3496 +3496 @@
         rc = PGMR0Trap0eHandlerNestedPaging(pVM, pVCpu, PGMMODE_EPT, errCode, CPUMCTX2CORE(pCtx), GCPhys);
         Log2(("PGMR0Trap0eHandlerNestedPaging %RGv returned %Rrc\n", (RTGCPTR)pCtx->rip, VBOXSTRICTRC_VAL(rc)));
+
+        /*
+         * Note! We probably should handle failure to get the instruction page (VERR_PAGE_NOT_PRESENT,
+         * VERR_PAGE_TABLE_NOT_PRESENT). See #6043.
+         */
         if (rc == VINF_SUCCESS)
         {   /* We've successfully synced our shadow pages, so let's just continue execution. */
@@ -3542 +3547 @@
 
         rc = PGMR0Trap0eHandlerNPMisconfig(pVM, pVCpu, PGMMODE_EPT, CPUMCTX2CORE(pCtx), GCPhys, UINT32_MAX);
+
+        /*
+         * Note! We probably should handle failure to get the instruction page (VERR_PAGE_NOT_PRESENT,
+         * VERR_PAGE_TABLE_NOT_PRESENT). See #6043.
+         */
         if (rc == VINF_SUCCESS)
         {
@@ -4434 +4444 @@
     Log2(("VMXR0InvalidatePage %RGv\n", GCVirt));
 
-    /* Only relevant if we want to use VPID.
+    /* Only relevant if we want to use VPID as otherwise every VMX transition
+     * will flush the TLBs and paging-structure caches.
      * In the nested paging case we still see such calls, but
      * can safely ignore them. (e.g. after cr3 updates)