Changeset 72251 in vbox for trunk/src/VBox/VMM

Timestamp:

May 17, 2018 5:39:01 PM (7 years ago)

Author:

vboxsync

Message:

IEMAll: Must roll back memory changes after failed instruction fetch and exception injection too. The latter may fail non-fatally in ring-0 and raw-mode.

File:

• trunk/src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (15 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -9132 +9132 @@
     while (iMemMap-- > 0)
     {
-        uint32_t fAccess = pVCpu->iem.s.aMemMappings[iMemMap].fAccess;
+        uint32_t const fAccess = pVCpu->iem.s.aMemMappings[iMemMap].fAccess;
         if (fAccess != IEM_ACCESS_INVALID)
         {
@@ -9139 +9139 @@
             if (!(fAccess & IEM_ACCESS_BOUNCE_BUFFERED))
                 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
-            Assert(pVCpu->iem.s.cActiveMappings > 0);
+            AssertMsg(pVCpu->iem.s.cActiveMappings > 0,
+                      ("iMemMap=%u fAccess=%#x pv=%p GCPhysFirst=%RGp GCPhysSecond=%RGp\n",
+                       iMemMap, fAccess, pVCpu->iem.s.aMemMappings[iMemMap].pv,
+                       pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond));
             pVCpu->iem.s.cActiveMappings--;
         }
@@ -14955 +14958 @@
 DECLINLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, bool fExecuteInhibit)
 {
+    AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
+    AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
+    AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
+
 #ifdef IEM_WITH_SETJMP
     VBOXSTRICTRC rcStrict;
@@ -14979 +14986 @@
         iemMemRollback(pVCpu);
     }
+    AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
+    AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
+    AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
+
 //#ifdef DEBUG
 //    AssertMsg(IEM_GET_INSTR_LEN(pVCpu) == cbInstr || rcStrict != VINF_SUCCESS, ("%u %u\n", IEM_GET_INSTR_LEN(pVCpu), cbInstr));
@@ -15017 +15028 @@
                 iemMemRollback(pVCpu);
             }
+            AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
+            AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
+            AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
         }
+        else if (pVCpu->iem.s.cActiveMappings > 0)
+            iemMemRollback(pVCpu);
         EMSetInhibitInterruptsPC(pVCpu, UINT64_C(0x7777555533331111));
     }
@@ -15090 +15106 @@
     if (rcStrict == VINF_SUCCESS)
         rcStrict = iemExecOneInner(pVCpu, true);
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
@@ -15122 +15140 @@
             *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
     }
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #ifdef IN_RC
@@ -15156 +15176 @@
         rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
     if (rcStrict == VINF_SUCCESS)
-    {
         rcStrict = iemExecOneInner(pVCpu, true);
-    }
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #ifdef IN_RC
@@ -15180 +15200 @@
             *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
     }
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #ifdef IN_RC
@@ -15215 +15237 @@
     if (rcStrict == VINF_SUCCESS)
         rcStrict = iemExecOneInner(pVCpu, false);
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #ifdef IN_RC
@@ -15269 +15293 @@
             *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
     }
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
 #ifdef IN_RC
@@ -15330 +15356 @@
     if (rcStrict == VINF_SUCCESS)
         rcStrict = iemExecOneInner(pVCpu, true);
+    else if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
 
     /*
@@ -15479 +15507 @@
 # endif
     }
+    else
+    {
+        if (pVCpu->iem.s.cActiveMappings > 0)
+            iemMemRollback(pVCpu);
+
 # ifdef VBOX_WITH_NESTED_HWVIRT_SVM
-    else
-    {
         /*
          * When a nested-guest causes an exception intercept (e.g. #PF) when fetching
@@ -15487 +15518 @@
          */
         rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
-    }
 # endif
+    }
 
     /*
@@ -15571 +15602 @@
     }
 
-    return iemRaiseXcptOrInt(pVCpu, cbInstr, u8TrapNo, fFlags, uErrCode, uCr2);
+    VBOXSTRICTRC rcStrict = iemRaiseXcptOrInt(pVCpu, cbInstr, u8TrapNo, fFlags, uErrCode, uCr2);
+
+    if (pVCpu->iem.s.cActiveMappings > 0)
+        iemMemRollback(pVCpu);
+    return rcStrict;
 }