Changeset 66868 in vbox

Timestamp:

May 10, 2017 2:44:26 PM (8 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

115349

Message:

SVM: Attempt to fix CR2 corruption (bugref:7243).

File:

• trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp (modified) (3 diffs)

trunk/src/VBox/VMM/VMMR0/HMSVMR0.cpp

@@ -4043 +4043 @@
         IEMXCPTRAISEINFO fRaiseInfo;
         bool const       fExitIsHwXcpt  = pSvmTransient->u64ExitCode - SVM_EXIT_EXCEPTION_0 <= SVM_EXIT_EXCEPTION_31;
+        uint8_t const    uIdtVector     = pVmcb->ctrl.ExitIntInfo.n.u8Vector;
         if (fExitIsHwXcpt)
         {
-            uint8_t  const uIdtVector       = pVmcb->ctrl.ExitIntInfo.n.u8Vector;
             uint8_t  const uExitVector      = pSvmTransient->u64ExitCode - SVM_EXIT_EXCEPTION_0;
             uint32_t const fIdtVectorFlags  = hmR0SvmGetIemXcptFlags(&pVmcb->ctrl.ExitIntInfo);
@@ -4069 +4069 @@
                 if (!(fRaiseInfo & IEMXCPTRAISEINFO_SOFT_INT_XCPT))
                 {
+                    RTGCUINTPTR GCPtrFaultAddress = 0;
+
                     /* Determine a vectoring #PF condition, see comment in hmR0SvmExitXcptPF(). */
                     if (fRaiseInfo & (IEMXCPTRAISEINFO_EXT_INT_PF | IEMXCPTRAISEINFO_NMI_PF))
@@ -4076 +4078 @@
                         if (fRaiseInfo & IEMXCPTRAISEINFO_NMI_XCPT)
                             VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_BLOCK_NMIS);
+                    } else if (uIdtVector == X86_XCPT_PF) {
+                        /* If the previous exception was a #PF, we need to recover the CR2 value.
+                         * This can't happen with shadow paging.
+                         */
+                        GCPtrFaultAddress = pCtx->cr2;
                     }
 
                     Assert(pVmcb->ctrl.ExitIntInfo.n.u3Type != SVM_EVENT_SOFTWARE_INT);
                     STAM_COUNTER_INC(&pVCpu->hm.s.StatInjectPendingReflect);
-                    hmR0SvmSetPendingEvent(pVCpu, &pVmcb->ctrl.ExitIntInfo, 0 /* GCPtrFaultAddress */);
-
+                    hmR0SvmSetPendingEvent(pVCpu, &pVmcb->ctrl.ExitIntInfo, GCPtrFaultAddress);
+
+                    /** @todo r=michaln: The comment makes no sense with nested paging on! */
                     /* If uExitVector is #PF, CR2 value will be updated from the VMCB if it's a guest #PF. See hmR0SvmExitXcptPF(). */
-                    Log4(("IDT: Pending vectoring event %#RX64 ErrValid=%RTbool Err=%#RX32\n", pVmcb->ctrl.ExitIntInfo.u,
-                          !!pVmcb->ctrl.ExitIntInfo.n.u1ErrorCodeValid, pVmcb->ctrl.ExitIntInfo.n.u32ErrorCode));
+                    Log4(("IDT: Pending vectoring event %#RX64 ErrValid=%RTbool Err=%#RX32 GCPtrFaultAddress=%#RX64\n", pVmcb->ctrl.ExitIntInfo.u,
+                          !!pVmcb->ctrl.ExitIntInfo.n.u1ErrorCodeValid, pVmcb->ctrl.ExitIntInfo.n.u32ErrorCode, GCPtrFaultAddress));
                 }
                 break;