VirtualBox

Changeset 60787 in vbox for trunk


Ignore:
Timestamp:
May 2, 2016 1:07:27 PM (9 years ago)
Author:
vboxsync
Message:

IEM: Check load segment base in 64-bit mode and check that addresses are canonical.

Location:
trunk/src/VBox/VMM/VMMAll
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

    r60782 r60787  
    6969 *      - Level 6 (Log6): Enables/disables the lockstep comparison with REM.
    7070 *      - Level 7 (Log7): iret++ execution logging.
     71 *      - Level 8 (Log8): Memory writes.
     72 *      - Level 9 (Log9): Memory reads.
    7173 *
    7274 */
     
    63026304
    63036305        case IEMMODE_64BIT:
     6306        {
     6307            RTGCPTR GCPtrMem = *pGCPtrMem;
    63046308            if (iSegReg == X86_SREG_GS || iSegReg == X86_SREG_FS)
    6305                 *pGCPtrMem += pSel->u64Base;
    6306             return VINF_SUCCESS;
     6309                *pGCPtrMem = GCPtrMem + pSel->u64Base;
     6310
     6311            Assert(cbMem >= 1);
     6312            if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
     6313                return VINF_SUCCESS;
     6314            return iemRaiseGeneralProtectionFault0(pIemCpu);
     6315        }
    63076316
    63086317        default:
     
    70617070        return rcStrict;
    70627071
     7072    if (fAccess & IEM_ACCESS_TYPE_WRITE)
     7073        Log8(("IEM WR %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
     7074    if (fAccess & IEM_ACCESS_TYPE_READ)
     7075        Log9(("IEM RD %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
     7076
    70637077    void *pvMem;
    70647078    rcStrict = iemMemPageMap(pIemCpu, GCPhysFirst, fAccess, &pvMem, &pIemCpu->aMemMappingLocks[iMemMap].Lock);
     
    1086710881        LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x\n",
    1086810882                 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u));
     10883
     10884    uint8_t abTmp[16]; RT_ZERO(abTmp);
     10885    VBOXSTRICTRC rc2 = PGMPhysRead(pVCpu->CTX_SUFF(pVM), 0x2c370, abTmp, sizeof(abTmp), PGMACCESSORIGIN_IEM);
     10886    Log(("0x2c370: %.16Rhxs %Rrc\n", &abTmp[0], VBOXSTRICTRC_VAL(rc2)));
    1086910887}
    1087010888#endif

  • trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

    r60776 r60787  
    40244024    /* The base and limit. */
    40254025    uint32_t cbLimit = X86DESC_LIMIT_G(&Desc.Legacy);
    4026     uint64_t u64Base;
    4027     if (   pIemCpu->enmCpuMode == IEMMODE_64BIT
    4028         && iSegReg < X86_SREG_FS)
    4029         u64Base = 0;
    4030     else
    4031         u64Base = X86DESC_BASE(&Desc.Legacy);
     4026    uint64_t u64Base = X86DESC_BASE(&Desc.Legacy);
    40324027
    40334028    /*
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette