Changeset 72254 in vbox for trunk/src/VBox/VMM

Timestamp:

May 18, 2018 7:28:30 AM (7 years ago)

Author:

vboxsync

Message:

Merged r122570 from 5.2. bugref:9171

Location:

trunk/src/VBox/VMM

Files:

• VMMRC/TRPMRCHandlers.cpp (modified) (1 diff)
• VMMRC/TRPMRCHandlersA.asm (modified) (3 diffs)
• VMMRZ/DBGFRZ.cpp (modified) (4 diffs)

trunk/src/VBox/VMM/VMMRC/TRPMRCHandlers.cpp

@@ -402 +402 @@
      */
     int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6, false /*fAltStepping*/);
-    AssertStmt(rc != VINF_EM_RAW_GUEST_TRAP, rc = VERR_TRPM_IPE_1);
     if (rc == VINF_EM_DBG_STEPPED)
         pRegFrame->eflags.Bits.u1TF = 0;

trunk/src/VBox/VMM/VMMRC/TRPMRCHandlersA.asm

@@ -156 +156 @@
 ALIGNCODE(16)
 BEGINPROC_EXPORTED TRPMGCHandlerGeneric
-%macro TRPMGenericEntry 1
+%macro TRPMGenericEntry 2
+EXPORTEDNAME_EX RT_CONCAT(TRPMRCHandlerAsmTrap,%2), function
     db 06ah, i                          ; push imm8 - note that this is a signextended value.
     jmp   %1
@@ -163 +164 @@
 %endmacro
 
-%assign i 0                             ; start counter.
-    TRPMGenericEntry GenericTrap        ; 0
-    TRPMGenericEntry GenericTrap        ; 1
-    TRPMGenericEntry GenericTrap        ; 2
-    TRPMGenericEntry GenericTrap        ; 3
-    TRPMGenericEntry GenericTrap        ; 4
-    TRPMGenericEntry GenericTrap        ; 5
-    TRPMGenericEntry GenericTrap        ; 6
-    TRPMGenericEntry GenericTrap        ; 7
-    TRPMGenericEntry GenericTrapErrCode ; 8
-    TRPMGenericEntry GenericTrap        ; 9
-    TRPMGenericEntry GenericTrapErrCode ; a
-    TRPMGenericEntry GenericTrapErrCode ; b
-    TRPMGenericEntry GenericTrapErrCode ; c
-    TRPMGenericEntry GenericTrapErrCode ; d
-    TRPMGenericEntry GenericTrapErrCode ; e
-    TRPMGenericEntry GenericTrap        ; f  (reserved)
-    TRPMGenericEntry GenericTrap        ; 10
-    TRPMGenericEntry GenericTrapErrCode ; 11
-    TRPMGenericEntry GenericTrap        ; 12
-    TRPMGenericEntry GenericTrap        ; 13
-    TRPMGenericEntry GenericTrap        ; 14 (reserved)
-    TRPMGenericEntry GenericTrap        ; 15 (reserved)
-    TRPMGenericEntry GenericTrap        ; 16 (reserved)
-    TRPMGenericEntry GenericTrap        ; 17 (reserved)
+%assign i 0                                     ; start counter.
+    TRPMGenericEntry GenericTrap       , 00     ; 0
+    TRPMGenericEntry GenericTrap       , 01     ; 1
+    TRPMGenericEntry GenericTrap       , 02     ; 2
+    TRPMGenericEntry GenericTrap       , 03     ; 3
+    TRPMGenericEntry GenericTrap       , 04     ; 4
+    TRPMGenericEntry GenericTrap       , 05     ; 5
+    TRPMGenericEntry GenericTrap       , 06     ; 6
+    TRPMGenericEntry GenericTrap       , 07     ; 7
+    TRPMGenericEntry GenericTrapErrCode, 08     ; 8
+    TRPMGenericEntry GenericTrap       , 09     ; 9
+    TRPMGenericEntry GenericTrapErrCode, 0a     ; a
+    TRPMGenericEntry GenericTrapErrCode, 0b     ; b
+    TRPMGenericEntry GenericTrapErrCode, 0c     ; c
+    TRPMGenericEntry GenericTrapErrCode, 0d     ; d
+    TRPMGenericEntry GenericTrapErrCode, 0e     ; e
+    TRPMGenericEntry GenericTrap       , 0f     ; f  (reserved)
+    TRPMGenericEntry GenericTrap       , 10     ; 10
+    TRPMGenericEntry GenericTrapErrCode, 11     ; 11
+    TRPMGenericEntry GenericTrap       , 12     ; 12
+    TRPMGenericEntry GenericTrap       , 13     ; 13
+    TRPMGenericEntry GenericTrap       , 14     ; 14 (reserved)
+    TRPMGenericEntry GenericTrap       , 15     ; 15 (reserved)
+    TRPMGenericEntry GenericTrap       , 16     ; 16 (reserved)
+    TRPMGenericEntry GenericTrap       , 17     ; 17 (reserved)
 %undef i
 %undef TRPMGenericEntry
@@ -614 +615 @@
     cmp     eax, VINF_EM_DBG_HYPER_ASSERTION
     je short .rc_to_host
+    cmp     eax, VINF_EM_RAW_GUEST_TRAP ; Special #DB case, see bugref:9171.
+    je short .rc_to_host
     jmp     .rc_abandon_ship
 

trunk/src/VBox/VMM/VMMRZ/DBGFRZ.cpp

@@ -23 +23 @@
 #include <VBox/vmm/dbgf.h>
 #include <VBox/vmm/selm.h>
+#ifdef IN_RC
+# include <VBox/vmm/trpm.h>
+#endif
 #include <VBox/log.h>
 #include "DBGFInternal.h"
@@ -29 +32 @@
 #include <iprt/assert.h>
 
+#ifdef IN_RC
+DECLASM(void) TRPMRCHandlerAsmTrap03(void);
+#endif
 
 
@@ -88 +94 @@
     }
 
+#ifdef IN_RC
     /*
      * Either an ICEBP in hypervisor code or a guest related debug exception
@@ -94 +101 @@
     if (RT_UNLIKELY(fInHyper))
     {
-        LogFlow(("DBGFRZTrap01Handler: unabled bp at %04x:%RGv\n", pRegFrame->cs.Sel, pRegFrame->rip));
+        /*
+         * Is this a guest debug event that was delayed past a ring transition?
+         *
+         * Since we do no allow sysenter/syscall in raw-mode, the  only
+         * non-trap/fault type transitions that can occur are thru interrupt gates.
+         * Of those, only INT3 (#BP) has a DPL other than 0 with a CS.RPL of 0.
+         * See bugref:9171 and bs3-cpu-weird-1 for more details.
+         *
+         * We need to reconstruct the guest register state from the hypervisor one
+         * here, so here is the layout of the IRET frame on the stack:
+         *    20:[8] GS          (V86 only)
+         *    1C:[7] FS          (V86 only)
+         *    18:[6] DS          (V86 only)
+         *    14:[5] ES          (V86 only)
+         *    10:[4] SS
+         *    0c:[3] ESP
+         *    08:[2] EFLAGS
+         *    04:[1] CS
+         *    00:[0] EIP
+         */
+        if (pRegFrame->rip == (uintptr_t)TRPMRCHandlerAsmTrap03)
+        {
+            uint32_t const *pu32Stack = (uint32_t const *)pRegFrame->esp;
+            if (   (pu32Stack[2] & X86_EFL_VM)
+                || (pu32Stack[1] & X86_SEL_RPL))
+            {
+                LogFlow(("DBGFRZTrap01Handler: Detected guest #DB delayed past ring transition %04x:%RX32 %#x\n",
+                         pu32Stack[1] & 0xffff, pu32Stack[0], pu32Stack[2]));
+                PCPUMCTX pGstCtx = CPUMQueryGuestCtxPtr(pVCpu);
+                pGstCtx->rip      = pu32Stack[0];
+                pGstCtx->cs.Sel   = pu32Stack[1];
+                pGstCtx->eflags.u = pu32Stack[2];
+                pGstCtx->rsp      = pu32Stack[3];
+                pGstCtx->ss.Sel   = pu32Stack[4];
+                if (pu32Stack[2] & X86_EFL_VM)
+                {
+                    pGstCtx->es.Sel = pu32Stack[5];
+                    pGstCtx->ds.Sel = pu32Stack[6];
+                    pGstCtx->fs.Sel = pu32Stack[7];
+                    pGstCtx->gs.Sel = pu32Stack[8];
+                }
+                else
+                {
+                    pGstCtx->es.Sel = pRegFrame->es.Sel;
+                    pGstCtx->ds.Sel = pRegFrame->ds.Sel;
+                    pGstCtx->fs.Sel = pRegFrame->fs.Sel;
+                    pGstCtx->gs.Sel = pRegFrame->gs.Sel;
+                }
+                pGstCtx->rax      = pRegFrame->rax;
+                pGstCtx->rcx      = pRegFrame->rcx;
+                pGstCtx->rdx      = pRegFrame->rdx;
+                pGstCtx->rbx      = pRegFrame->rbx;
+                pGstCtx->rsi      = pRegFrame->rsi;
+                pGstCtx->rdi      = pRegFrame->rdi;
+                pGstCtx->rbp      = pRegFrame->rbp;
+
+                /*
+                 * We should assert a #BP followed by a #DB here, but TRPM cannot
+                 * do that.  So, we'll just assert the #BP and ignore the #DB, even
+                 * if that isn't strictly correct.
+                 */
+                TRPMResetTrap(pVCpu);
+                TRPMAssertTrap(pVCpu, X86_XCPT_BP, TRPM_SOFTWARE_INT);
+                return VINF_EM_RAW_GUEST_TRAP;
+            }
+        }
+
+        LogFlow(("DBGFRZTrap01Handler: Unknown bp at %04x:%RGv\n", pRegFrame->cs.Sel, pRegFrame->rip));
         return VERR_DBGF_HYPER_DB_XCPT;
     }
+#endif
 
     LogFlow(("DBGFRZTrap01Handler: guest debug event %#x at %04x:%RGv!\n", (uint32_t)uDr6, pRegFrame->cs.Sel, pRegFrame->rip));