Changeset 57229 in vbox for trunk/src/VBox/HostDrivers/Support

Timestamp:

Aug 6, 2015 11:34:04 PM (10 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

101982

Message:

SUPDrv,VMMR0: Added SUPR0BadContext for reporting AC=0 and (on darwin with VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV defined) refuse further I/O control calls. That way we'll sit up and pay attention, hopefully. VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV is currently enabled for all non-release builds (odd build numbers), and we check EFLAGS.AC at the end of each ioctrl call.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPDrv.cpp (modified) (18 diffs)
• SUPDrvIOC.h (modified) (1 diff)
• SUPDrvInternal.h (modified) (2 diffs)
• SUPLib.cpp (modified) (1 diff)
• darwin/SUPDrv-darwin.cpp (modified) (5 diffs)

trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp

@@ -107 +107 @@
 #if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
 # define SUPDRV_CHECK_SMAP_SETUP() uint32_t const fKernelFeatures = SUPR0GetKernelFeatures()
-# define SUPDRV_CHECK_SMAP_CHECK(a_BadExpr) \
+# define SUPDRV_CHECK_SMAP_CHECK(a_pDevExt, a_BadExpr) \
     do { \
         if (fKernelFeatures & SUPKERNELFEATURES_SMAP) \
         { \
-            RTCCUINTREG uEFlags = ASMGetFlags(); \
-            if (RT_LIKELY(uEFlags & X86_EFL_AC)) \
+            RTCCUINTREG fEfl = ASMGetFlags(); \
+            if (RT_LIKELY(fEfl & X86_EFL_AC)) \
             { /* likely */ } \
             else \
             { \
-                SUPR0Printf("%s, line %d: EFLAGS.AC is clear! (%#x)\n", __FUNCTION__, __LINE__, (uint32_t)uEFlags); \
+                supdrvBadContext(a_pDevExt, "SUPDrv.cpp", __LINE__, "EFLAGS.AC is 0!"); \
                 a_BadExpr; \
             } \
@@ -122 +122 @@
     } while (0)
 #else
-# define SUPDRV_CHECK_SMAP_SETUP()          uint32_t const fKernelFeatures = 0
-# define SUPDRV_CHECK_SMAP_CHECK(a_BadExpr) NOREF(fKernelFeatures)
+# define SUPDRV_CHECK_SMAP_SETUP()                      uint32_t const fKernelFeatures = 0
+# define SUPDRV_CHECK_SMAP_CHECK(a_pDevExt, a_BadExpr)  NOREF(fKernelFeatures)
 #endif
 
@@ -189 +189 @@
     { "SUPIsTscFreqCompatible",                 (void *)SUPIsTscFreqCompatible },
     { "SUPIsTscFreqCompatibleEx",               (void *)SUPIsTscFreqCompatibleEx },
+    { "SUPR0BadContext",                        (void *)SUPR0BadContext },
     { "SUPR0ComponentDeregisterFactory",        (void *)SUPR0ComponentDeregisterFactory },
     { "SUPR0ComponentQueryFactory",             (void *)SUPR0ComponentQueryFactory },
@@ -3642 +3643 @@
 
 /**
+ * Reports a bad context, currenctly that means EFLAGS.AC is 0 instead of 1.
+ *
+ * @param   pSession        The session of the caller.
+ * @param   pszFile         The source file where the caller detected the bad
+ *                          context.
+ * @param   uLine           The line number in @a pszFile.
+ * @param   pszExtra        Optional additional message to give further hints.
+ */
+void VBOXCALL supdrvBadContext(PSUPDRVDEVEXT pDevExt, const char *pszFile, uint32_t uLine, const char *pszExtra)
+{
+    uint32_t cCalls;
+
+    /*
+     * Shorten the filename before displaying the message.
+     */
+    for (;;)
+    {
+        const char *pszTmp = strchr(pszFile, '/');
+        if (!pszTmp)
+            pszTmp = strchr(pszFile, '\\');
+        if (!pszTmp)
+            break;
+        pszFile = pszTmp + 1;
+    }
+    if (RT_VALID_PTR(pszExtra) && *pszExtra)
+        SUPR0Printf("vboxdrv: Bad CPU context error at line %u in %s: %s\n", uLine, pszFile, pszExtra);
+    else
+        SUPR0Printf("vboxdrv: Bad CPU context error at line %u in %s!\n", uLine, pszFile);
+
+    /*
+     * Record the incident so that we stand a chance of blocking I/O controls
+     * before panicing the system.
+     */
+    cCalls = ASMAtomicIncU32(&pDevExt->cBadContextCalls);
+    if (cCalls > UINT32_MAX - _1K)
+        ASMAtomicWriteU32(&pDevExt->cBadContextCalls, UINT32_MAX - _1K);
+}
+
+
+/**
+ * Reports a bad context, currenctly that means EFLAGS.AC is 0 instead of 1.
+ *
+ * @param   pSession        The session of the caller.
+ * @param   pszFile         The source file where the caller detected the bad
+ *                          context.
+ * @param   uLine           The line number in @a pszFile.
+ * @param   pszExtra        Optional additional message to give further hints.
+ */
+SUPR0DECL(void) SUPR0BadContext(PSUPDRVSESSION pSession, const char *pszFile, uint32_t uLine, const char *pszExtra)
+{
+    PSUPDRVDEVEXT pDevExt;
+
+    AssertReturnVoid(SUP_IS_SESSION_VALID(pSession));
+    pDevExt = pSession->pDevExt;
+
+    supdrvBadContext(pDevExt, pszFile, uLine, pszExtra);
+}
+
+
+/**
  * Gets the paging mode of the current CPU.
  *
@@ -4475 +4536 @@
     size_t          cchName = strlen(pReq->u.In.szName); /* (caller checked < 32). */
     SUPDRV_CHECK_SMAP_SETUP();
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithTabs=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithTabs));
 
@@ -4482 +4543 @@
      */
     supdrvLdrLock(pDevExt);
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     for (pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext)
     {
@@ -4497 +4558 @@
                 supdrvLdrAddUsage(pSession, pImage);
                 supdrvLdrUnlock(pDevExt);
-                SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+                SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
                 return VINF_SUCCESS;
             }
@@ -4526 +4587 @@
         return /*VERR_NO_MEMORY*/ VERR_INTERNAL_ERROR_2;
     }
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     /*
@@ -4560 +4621 @@
         pImage->fNative     = false;
         rc = pImage->pvImageAlloc ? VINF_SUCCESS : VERR_NO_EXEC_MEMORY;
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     }
     if (RT_FAILURE(rc))
@@ -4585 +4646 @@
 
     supdrvLdrUnlock(pDevExt);
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     return VINF_SUCCESS;
 }
@@ -4647 +4708 @@
     SUPDRV_CHECK_SMAP_SETUP();
     LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithBits=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithTabs));
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     /*
@@ -4653 +4714 @@
      */
     supdrvLdrLock(pDevExt);
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     pUsage = pSession->pLdrUsage;
@@ -4742 +4803 @@
     if (RT_FAILURE(rc))
         return rc;
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     /*
@@ -4756 +4817 @@
         else
             rc = /*VERR_NO_MEMORY*/ VERR_INTERNAL_ERROR_3;
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     }
 
@@ -4768 +4829 @@
         else
             rc = /*VERR_NO_MEMORY*/ VERR_INTERNAL_ERROR_4;
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     }
 
@@ -4787 +4848 @@
             Log(("vboxdrv: Loaded '%s' at %p\n", pImage->szName, pImage->pvImage));
         }
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     }
 
@@ -4821 +4882 @@
         pDevExt->pLdrInitImage  = pImage;
         pDevExt->hLdrInitThread = RTThreadNativeSelf();
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
         rc = pImage->pfnModuleInit(pImage);
-        SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
         pDevExt->pLdrInitImage  = NULL;
         pDevExt->hLdrInitThread = NIL_RTNATIVETHREAD;
@@ -4849 +4910 @@
 
     supdrvLdrUnlock(pDevExt);
-    SUPDRV_CHECK_SMAP_CHECK(RT_NOTHING);
+    SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     return rc;
 }

trunk/src/VBox/HostDrivers/Support/SUPDrvIOC.h

@@ -215 +215 @@
  *          - nothing.
  */
-#define SUPDRV_IOC_VERSION                              0x00230002
+#define SUPDRV_IOC_VERSION                              0x00230003
 
 /** SUP_IOCTL_COOKIE. */

trunk/src/VBox/HostDrivers/Support/SUPDrvInternal.h

@@ -625 +625 @@
     /** @} */
 
+    /** Number of times someone reported bad execution context via SUPR0BadContext.
+     * (This is times EFLAGS.AC is zero when we expected it to be 1.) */
+    uint32_t volatile               cBadContextCalls;
 
     /** GIP mutex.
@@ -952 +955 @@
 uint32_t VBOXCALL supdrvSessionRetain(PSUPDRVSESSION pSession);
 uint32_t VBOXCALL supdrvSessionRelease(PSUPDRVSESSION pSession);
+void VBOXCALL   supdrvBadContext(PSUPDRVDEVEXT pDevExt, const char *pszFile, uint32_t uLine, const char *pszExtra);
 int VBOXCALL    supdrvQueryVTCapsInternal(uint32_t *pfCaps);
 

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

@@ -280 +280 @@
         CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
         const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x00230000
-                                   ? 0x00230000
+                                   ? 0x00230003
                                    : SUPDRV_IOC_VERSION & 0xffff0000;
         CookieReq.u.In.u32MinVersion = uMinVersion;

trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

@@ -79 +79 @@
 #endif
 
-/* Temporary debugging. */
+/* The following macros are duplicated in the-darwin-kernel.h. */
+#define IPRT_DARWIN_SAVE_EFL_AC()           RTCCUINTREG const fSavedEfl = ASMGetFlags();
+#define IPRT_DARWIN_RESTORE_EFL_AC()        ASMSetFlags(fSavedEfl)
+#define IPRT_DARWIN_RESTORE_EFL_ONLY_AC()   ASMChangeFlags(~X86_EFL_AC, fSavedEfl & X86_EFL_AC)
+
+
+/* Temporary debugging - very temporary... */
 #define VBOX_PROC_SELFNAME_LEN  (20)
-#define VBOX_RETRIEVE_CUR_PROC_NAME(_name)    char _name[VBOX_PROC_SELFNAME_LEN]; \
-                                              proc_selfname(pszProcName, VBOX_PROC_SELFNAME_LEN)
+#define VBOX_RETRIEVE_CUR_PROC_NAME(_name)  char _name[VBOX_PROC_SELFNAME_LEN]; \
+                                            proc_selfname(pszProcName, VBOX_PROC_SELFNAME_LEN)
 
 
@@ -586 +592 @@
     PSUPDRVSESSION      pSession;
 
+#ifdef VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV
+    /*
+     * Refuse all I/O control calls if we've ever detected EFLAGS.AC being cleared.
+     *
+     * This isn't a problem, as there is absolutely nothing in the kernel context that
+     * depend on user context triggering cleanups.  That would be pretty wild, right?
+     */
+    if (RT_UNLIKELY(g_DevExt.cBadContextCalls > 0))
+    {
+        SUPR0Printf("VBoxDrvDarwinIOCtl: EFLAGS.AC=0 detected %u times, refusing all I/O controls!\n", g_DevExt.cBadContextCalls);
+        return EDEVERR;
+    }
+#endif
+
     /*
      * Find the session.
@@ -651 +671 @@
 #if defined(VBOX_STRICT) || defined(VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV)
     if (RT_UNLIKELY(!(ASMGetFlags() & X86_EFL_AC)))
-        SUPR0Printf("VBoxDrvDarwinIOCtlSMAP: someone cleared AC handling iCmd=%#lx\n", iCmd);
+        supdrvBadContext(&g_DevExt, "SUPDrv-darwin.cpp",  __LINE__, "VBoxDrvDarwinIOCtlSMAP");
 #endif
     ASMSetFlags(fSavedEfl);
@@ -1435 +1455 @@
 RTDECL(int) SUPR0Printf(const char *pszFormat, ...)
 {
+    IPRT_DARWIN_SAVE_EFL_AC();
     va_list     va;
     char        szMsg[512];
@@ -1444 +1465 @@
 
     printf("%s", szMsg);
+
+    IPRT_DARWIN_RESTORE_EFL_AC();
     return 0;
 }