VirtualBox

Changeset 76275 in vbox for trunk/src/VBox/VMM/VMMAll


Ignore:
Timestamp:
Dec 18, 2018 6:29:00 AM (6 years ago)
Author:
vboxsync
Message:

VMM/IEM: Nested VMX: bugref:9180 Fix to clobbering local variable when trying to execute instruction following sti/pop/mov-ss while in VMX nested-guest without processing MTF, preemption timer flags.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

    r76041 r76275  
    1400414004     *
    1400514005     * If any of these causes a VM-exit, we must skip executing the next
    14006      * instruction (so we set fExecuteInhibit to false).
     14006     * instruction (would run into stale page tables). A VM-exit makes sure
     14007     * there is no interrupt-inhibition, so that should ensure we don't go
     14008     * to try execute the next instruction. Clearing fExecuteInhibit is
     14009     * problematic because of the setjmp/longjmp clobbering above.
    1400714010     */
    1400814011    if (   rcStrict == VINF_SUCCESS
     
    1401314016        {
    1401414017            rcStrict = iemVmxApicWriteEmulation(pVCpu);
    14015             if (rcStrict != VINF_SUCCESS)
    14016                 fExecuteInhibit = false;
     14018            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
    1401714019            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_APIC_WRITE));
    1401814020        }
     
    1402114023        {
    1402214024            rcStrict = iemVmxVmexitMtf(pVCpu);
    14023             fExecuteInhibit = false;
     14025            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
    1402414026            Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_MTF));
    1402514027        }
     
    1403214034            else
    1403314035            {
     14036                Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS));
    1403414037                Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER));
    14035                 fExecuteInhibit = false;
    1403614038            }
    1403714039        }
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette