Changeset 74695 in vbox for trunk

Timestamp:

Oct 9, 2018 5:56:37 AM (6 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:9180 Fix the I/O port wrap-around detection case.

Location:

trunk

Files:

• include/VBox/vmm/hm.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/HMVMXAll.cpp (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h (modified) (4 diffs)

trunk/include/VBox/vmm/hm.h

@@ -152 +152 @@
 VMM_INT_DECL(int)               HMVmxGetMsrPermission(void const *pvMsrBitmap, uint32_t idMsr, PVMXMSREXITREAD penmRead,
                                                       PVMXMSREXITWRITE penmWrite);
-VMM_INT_DECL(bool)              HMVmxGetIoBitmapPermission(void const *pvIoBitmapA, void const *pvIoBitmapB, uint16_t uPort);
+VMM_INT_DECL(bool)              HMVmxGetIoBitmapPermission(void const *pvIoBitmapA, void const *pvIoBitmapB, uint16_t uPort,
+                                                           uint8_t cbAccess);
 /** @} */
 

trunk/src/VBox/VMM/VMMAll/HMVMXAll.cpp

@@ -963 +963 @@
  * @param   pvIoBitmapB     Pointer to I/O bitmap B.
  * @param   uPort           The I/O port being accessed.
- */
-VMM_INT_DECL(bool) HMVmxGetIoBitmapPermission(void const *pvIoBitmapA, void const *pvIoBitmapB, uint16_t uPort)
-{
-    /* If the port is 0 or ffff ("wrap around"), we cause a VM-exit. */
-    if (   uPort == 0x0000
-        || uPort == 0xffff)
+ * @param   cbAccess        The size of the I/O access in bytes (1, 2 or 4 bytes).
+ */
+VMM_INT_DECL(bool) HMVmxGetIoBitmapPermission(void const *pvIoBitmapA, void const *pvIoBitmapB, uint16_t uPort, uint8_t cbAccess)
+{
+    Assert(cbAccess == 1 || cbAccess == 2 || cbAccess == 4);
+
+    /*
+     * If the I/O port accecss wraps around the 16-bit port I/O space,
+     * we must cause a VM-exit.
+     *
+     * See Intel spec. 25.1.3 "Instructions That Cause VM Exits Conditionally".
+     */
+    /** @todo r=ramshankar: Reading 1, 2, 4 bytes at ports 0xffff, 0xfffe and 0xfffc
+     *        respectively are valid and do not constitute a wrap around from what I
+     *        understand. Verify this later. */
+    uint32_t const uPortLast = uPort + cbAccess;
+    if (uPortLast > 0x10000)
         return true;
 

trunk/src/VBox/VMM/VMMAll/IEMAllCImplVmxInstr.cpp.h

@@ -2863 +2863 @@
  *
  * @returns @c true if the instruction is intercepted, @c false otherwise.
- * @param   pVCpu           The cross context virtual CPU structure.
- * @param   u16Port         The I/O port being accessed by the instruction.
- */
-IEM_STATIC bool iemVmxIsIoInterceptSet(PVMCPU pVCpu, uint16_t u16Port)
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   u16Port     The I/O port being accessed by the instruction.
+ * @param   cbAccess    The size of the I/O access in bytes (1, 2 or 4 bytes).
+ */
+IEM_STATIC bool iemVmxIsIoInterceptSet(PVMCPU pVCpu, uint16_t u16Port, uint8_t cbAccess)
 {
     PCVMXVVMCS pVmcs = pVCpu->cpum.GstCtx.hwvirt.vmx.CTX_SUFF(pVmcs);
@@ -2884 +2885 @@
         Assert(pbIoBitmapA);
         Assert(pbIoBitmapB);
-        return HMVmxGetIoBitmapPermission(pbIoBitmapA, pbIoBitmapB, u16Port);
+        return HMVmxGetIoBitmapPermission(pbIoBitmapA, pbIoBitmapB, u16Port, cbAccess);
     }
 
@@ -3349 +3350 @@
     Assert(cbAccess == 1 || cbAccess == 2 || cbAccess == 4);
 
-    bool const fIntercept = iemVmxIsIoInterceptSet(pVCpu, u16Port);
+    bool const fIntercept = iemVmxIsIoInterceptSet(pVCpu, u16Port, cbAccess);
     if (fIntercept)
     {
@@ -3391 +3392 @@
     Assert(uInstrId != VMXINSTRID_IO_INS || ExitInstrInfo.StrIo.iSegReg == X86_SREG_ES);
 
-    bool const fIntercept = iemVmxIsIoInterceptSet(pVCpu, u16Port);
+    bool const fIntercept = iemVmxIsIoInterceptSet(pVCpu, u16Port, cbAccess);
     if (fIntercept)
     {