Changeset 47690 in vbox

Timestamp:

Aug 13, 2013 12:53:48 PM (11 years ago)

Author:

vboxsync

Message:

TRPM: Don't underflow the stack when trapping in the world switcher.

File:

• trunk/src/VBox/VMM/VMMRC/TRPMRCHandlersA.asm (modified) (6 diffs)

trunk/src/VBox/VMM/VMMRC/TRPMRCHandlersA.asm

@@ -297 +297 @@
     mov     ebx, IMP(g_trpmGuestCtxCore)    ; Assume GC as the most common.
     test    byte [%$STK_CS], 3h             ; check RPL of the cs selector
-    ;; @todo check this for conforming segments.
-    jnz     .save_state
+    jnz     .save_guest_state
     test    dword [%$STK_EFLAGS], X86_EFL_VM; If in V86, then guest.
-    jnz     .save_state
+    jnz     .save_guest_state
     mov     ebx, IMP(g_trpmHyperCtxCore)    ; It's raw-mode context, actually.
 
@@ -306 +305 @@
     ; Save the state.
     ;
-    ;   ASSUMPTION: If trap in hypervisor, we assume that we can read two dword
-    ;               under the bottom of the stack. This is atm safe.
-    ;
-.save_state:
+.save_hyper_state:
+    mov     [ebx + CPUMCTXCORE.ecx], ecx
+    lea     eax, [%$STK_ESP]
+    mov     [ebx + CPUMCTXCORE.esp], eax
+    mov     cx, ss
+    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
+    jmp     .save_state_common
+
+.save_guest_state:
+    mov     [ebx + CPUMCTXCORE.ecx], ecx
+    mov     eax, [%$STK_ESP]
+    mov     [ebx + CPUMCTXCORE.esp], eax
+    mov     cx, [%$STK_SS]
+    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
+
+.save_state_common:
     mov     eax, [%$STK_SAVED_EAX]
     mov     [ebx + CPUMCTXCORE.eax], eax
-    mov     [ebx + CPUMCTXCORE.ecx], ecx
     mov     [ebx + CPUMCTXCORE.edx], edx
     mov     eax, [%$STK_SAVED_EBX]
@@ -319 +329 @@
     mov     [ebx + CPUMCTXCORE.edi], edi
     mov     [ebx + CPUMCTXCORE.ebp], ebp
-
-    mov     eax, [%$STK_ESP]
-    mov     [ebx + CPUMCTXCORE.esp], eax
-    mov     cx, [%$STK_SS]
-    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
 
     mov     cx, [%$STK_CS]
@@ -792 +797 @@
 
     mov     ebx, IMP(g_trpmGuestCtxCore)    ; Assume GC as the most common.
-    test    byte [%$STK_CS], 3h               ; check RPL of the cs selector
-    ;; @todo check this for conforming segments.
-    jnz     .save_state
-    test    dword [%$STK_EFLAGS], X86_EFL_VM  ; If in V86, then guest.
-    jnz     .save_state
+    test    byte [%$STK_CS], 3h             ; check RPL of the cs selector
+    jnz     .save_guest_state
+    test    dword [%$STK_EFLAGS], X86_EFL_VM ; If in V86, then guest.
+    jnz     .save_guest_state
     mov     ebx, IMP(g_trpmHyperCtxCore)    ; It's raw-mode context, actually.
 
@@ -802 +806 @@
     ; Save the state.
     ;
-    ;   ASSUMPTION: If trap in hypervisor, we assume that we can read two dword
-    ;               under the bottom of the stack. This is atm safe.
-    ;
-.save_state:
+.save_hyper_state:
+    mov     [ebx + CPUMCTXCORE.ecx], ecx
+    lea     eax, [%$STK_ESP]
+    mov     [ebx + CPUMCTXCORE.esp], eax
+    mov     cx, ss
+    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
+    jmp     .save_state_common
+
+.save_guest_state:
+    mov     [ebx + CPUMCTXCORE.ecx], ecx
+    mov     eax, [%$STK_ESP]
+    mov     [ebx + CPUMCTXCORE.esp], eax
+    mov     cx, [%$STK_SS]
+    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
+
+.save_state_common:
     mov     eax, [%$STK_SAVED_EAX]
     mov     [ebx + CPUMCTXCORE.eax], eax
-    mov     [ebx + CPUMCTXCORE.ecx], ecx
     mov     [ebx + CPUMCTXCORE.edx], edx
     mov     eax, [%$STK_SAVED_EBX]
@@ -815 +830 @@
     mov     [ebx + CPUMCTXCORE.edi], edi
     mov     [ebx + CPUMCTXCORE.ebp], ebp
-
-    mov     eax, [%$STK_ESP]
-    mov     [ebx + CPUMCTXCORE.esp], eax
-    mov     cx, [%$STK_SS]
-    mov     [ebx + CPUMCTXCORE.ss.Sel], cx
 
     mov     cx, [%$STK_CS]