Changeset 76275 in vbox for trunk/src/VBox

Timestamp:

Dec 18, 2018 6:29:00 AM (6 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:9180 Fix to clobbering local variable when trying to execute instruction following sti/pop/mov-ss while in VMX nested-guest without processing MTF, preemption timer flags.

File:

• trunk/src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (4 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -14004 +14004 @@
      *
      * If any of these causes a VM-exit, we must skip executing the next
-     * instruction (so we set fExecuteInhibit to false).
+     * instruction (would run into stale page tables). A VM-exit makes sure
+     * there is no interrupt-inhibition, so that should ensure we don't go
+     * to try execute the next instruction. Clearing fExecuteInhibit is
+     * problematic because of the setjmp/longjmp clobbering above.
      */
     if (   rcStrict == VINF_SUCCESS
@@ -14013 +14016 @@
         {
             rcStrict = iemVmxApicWriteEmulation(pVCpu);
-            if (rcStrict != VINF_SUCCESS)
-                fExecuteInhibit = false;
+            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
             Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_APIC_WRITE));
         }
@@ -14021 +14023 @@
         {
             rcStrict = iemVmxVmexitMtf(pVCpu);
-            fExecuteInhibit = false;
+            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
             Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_MTF));
         }
@@ -14032 +14034 @@
             else
             {
+                Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
                 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER));
-                fExecuteInhibit = false;
             }
         }