Changeset 61371 in vbox for trunk/src/VBox/VMM

Timestamp:

Jun 1, 2016 12:58:24 PM (9 years ago)

Author:

vboxsync

Message:

iomMmioHandler: Gracefully deal with large MMIO writes and read (FXSAVE and such) in ring-0 and raw-mode by deflecting them to ring-3. These things shouldn't normally happen.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IOMAllMMIO.cpp (modified) (1 diff)
• include/IOMInternal.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp

@@ -754 +754 @@
     STAM_COUNTER_INC(&pVM->iom.s.StatR3MMIOHandler);
 
-    AssertMsg(cbBuf >= 1 && cbBuf <= 16, ("%zu\n", cbBuf));
+    NOREF(pvPhys); NOREF(enmOrigin);
     AssertPtr(pRange);
-    NOREF(pvPhys); NOREF(enmOrigin);
+    AssertMsg(cbBuf >= 1, ("%zu\n", cbBuf));
+
+
+#ifndef IN_RING3
+    /*
+     * If someone is doing FXSAVE, FXRSTOR, XSAVE, XRSTOR or other stuff dealing with
+     * large amounts of data, just go to ring-3 where we don't need to deal with partial
+     * successes.  No chance any of these will be problematic read-modify-write stuff.
+     */
+    if (cbBuf > sizeof(pVCpu->iom.s.PendingMmioWrite.abValue))
+        return enmAccessType == PGMACCESSTYPE_WRITE ? VINF_IOM_R3_MMIO_WRITE : VINF_IOM_R3_MMIO_READ;
+#endif
 
     /*

trunk/src/VBox/VMM/include/IOMInternal.h

@@ -418 +418 @@
         RTGCPHYS                        GCPhys;
         /** The value to write. */
-        uint8_t                         abValue[24];
+        uint8_t                         abValue[128];
         /** The number of bytes to write (0 if nothing pending). */
         uint32_t                        cbValue;