Changeset 48250 in vbox for trunk/src

Timestamp:

Sep 3, 2013 3:00:18 PM (11 years ago)

Author:

vboxsync

Message:

VMM/HMVMXR0: Undo injected event on premature returns to ring-3. Should fix longjmp disallowed ring-0 assertions on real-on-v86 event injection

File:

• trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp (modified) (10 diffs)

trunk/src/VBox/VMM/VMMR0/HMVMXR0.cpp

@@ -316 +316 @@
 static void               hmR0VmxFlushEpt(PVMCPU pVCpu, VMX_FLUSH_EPT enmFlush);
 static void               hmR0VmxFlushVpid(PVM pVM, PVMCPU pVCpu, VMX_FLUSH_VPID enmFlush, RTGCPTR GCPtr);
+static void               hmR0VmxClearEventVmcs(PVMCPU pVCpu, PCPUMCTX pMixedCtx);
 static int                hmR0VmxInjectEventVmcs(PVMCPU pVCpu, PCPUMCTX pMixedCtx, uint64_t u64IntrInfo, uint32_t cbInstr,
                                                  uint32_t u32ErrCode, RTGCUINTREG GCPtrFaultAddress, uint32_t *puIntrState);
@@ -6475 +6476 @@
  *                          out-of-sync. Make sure to update the required fields
  *                          before using them.
- *
- * @remarks No-long-jump zone!!!
  */
 static int hmR0VmxInjectPendingEvent(PVMCPU pVCpu, PCPUMCTX pMixedCtx)
 {
+    HMVMX_ASSERT_PREEMPT_SAFE();
+    Assert(VMMRZCallRing3IsEnabled(pVCpu));
+
     /* Get the current interruptibility-state of the guest and then figure out what can be injected. */
     uint32_t uIntrState = hmR0VmxGetGuestIntrState(pVCpu, pMixedCtx);
@@ -6515 +6517 @@
                                     pVCpu->hm.s.Event.u32ErrCode, pVCpu->hm.s.Event.GCPtrFaultAddress, &uIntrState);
         AssertRCReturn(rc, rc);
-
-        pVCpu->hm.s.Event.fPending = false;
 
         /* Update the interruptibility-state as it could have been changed by
@@ -6733 +6733 @@
  *                              necessary. This cannot not be NULL.
  *
+ * @remarks Requires CR0!
  * @remarks No-long-jump zone!!!
- * @remarks Requires CR0!
  */
 static int hmR0VmxInjectEventVmcs(PVMCPU pVCpu, PCPUMCTX pMixedCtx, uint64_t u64IntrInfo, uint32_t cbInstr,
@@ -6872 +6872 @@
                 }
                 Log4(("Injecting real-mode: u32IntrInfo=%#x u32ErrCode=%#x instrlen=%#x\n", u32IntrInfo, u32ErrCode, cbInstr));
+
+                /* The event has been truly dispatched. Mark it as no longer pending so we don't attempt to 'undo'
+                   it, if we are returning to ring-3 before executing guest code. */
+                pVCpu->hm.s.Event.fPending = false;
             }
             Assert(rc == VINF_SUCCESS || rc == VINF_EM_RESET);
@@ -6908 +6912 @@
     AssertRCReturn(rc, rc);
     return rc;
+}
+
+
+/**
+ * Clears the current event in the VMCS.
+ *
+ * @returns VBox status code.
+ * @param   pVCpu         Pointer to the VMCPU.
+ *
+ * @remarks Use this function only to clear events that have not yet been
+ *          delivered to the guest but are injected in the VMCS!
+ * @remarks No-long-jump zone!!!
+ */
+static void hmR0VmxClearEventVmcs(PVMCPU pVCpu)
+{
+    if (!pVCpu->hm.s.Event.fPending)
+        return;
+
+#ifdef VBOX_STRICT
+    uint32_t u32EntryInfo;
+    int rc2 = VMXReadVmcs32(VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, &u32EntryInfo);
+    AssertRC(rc2);
+    Assert(VMX_ENTRY_INTERRUPTION_INFO_VALID(u32EntryInfo));
+#endif
+
+    /* Clear the entry-interruption field (including the valid bit). */
+    int rc = VMXWriteVmcs32(VMX_VMCS32_CTRL_ENTRY_INTERRUPTION_INFO, 0);
+    AssertRC(rc);
+
+    /* Clear the pending debug exception field. */
+    rc = VMXWriteVmcs32(VMX_VMCS_GUEST_PENDING_DEBUG_EXCEPTIONS, 0);
+    AssertRC(rc);
 }
 
@@ -7350 +7386 @@
     else if (!pVCpu->hm.s.Event.fPending)
         hmR0VmxEvaluatePendingEvent(pVCpu, pMixedCtx);
+
+    /*
+     * Event injection may take locks (currently the PGM lock for real-on-v86 case) and thus needs to be done with
+     * longjmps or interrupts + preemption enabled. Event injection might also result in triple-faulting the VM.
+     */
+    rc = hmR0VmxInjectPendingEvent(pVCpu, pMixedCtx);
+    if (RT_UNLIKELY(rc != VINF_SUCCESS))
+    {
+        Assert(rc == VINF_EM_RESET);
+        return rc;
+    }
 
     /*
@@ -7372 +7419 @@
         || VMCPU_FF_IS_PENDING(pVCpu, VMCPU_FF_HM_TO_R3_MASK))
     {
+        hmR0VmxClearEventVmcs(pVCpu);
         ASMSetFlags(pVmxTransient->uEflags);
         VMMRZCallRing3Enable(pVCpu);
@@ -7379 +7427 @@
     if (RTThreadPreemptIsPending(NIL_RTTHREAD))
     {
+        hmR0VmxClearEventVmcs(pVCpu);
         ASMSetFlags(pVmxTransient->uEflags);
         VMMRZCallRing3Enable(pVCpu);
@@ -7385 +7434 @@
     }
 
-    /*
-     * Event injection might result in triple-faulting the VM (real-on-v86 case), which is why it's
-     * done here and not in hmR0VmxPreRunGuestCommitted() which doesn't expect failures.
-     */
-    rc = hmR0VmxInjectPendingEvent(pVCpu, pMixedCtx);
-    if (RT_UNLIKELY(rc != VINF_SUCCESS))
-    {
-        ASMSetFlags(pVmxTransient->uEflags);
-        VMMRZCallRing3Enable(pVCpu);
-        return rc;
-    }
+    /* We've injected any pending events. This is really the point of no return (to ring-3). */
+    pVCpu->hm.s.Event.fPending = false;
 
     return VINF_SUCCESS;