VirtualBox

Changeset 82277 in vbox


Ignore:
Timestamp:
Nov 28, 2019 8:24:13 PM (5 years ago)
Author:
vboxsync
Message:

IOMR0: Table initialization bug in the two function growing the registration tables for MMIO and I/O ports. Would potentially corrupt kernel memory following the allocation. bugref:9218

Location:
trunk/src/VBox/VMM
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/VMM/VMMR0/IOMR0IoPort.cpp

    r81383 r82277  
    206206                paRing0[i].idxSelf  = (uint16_t)i;
    207207                paRing0[i].idxStats = UINT16_MAX;
     208            }
     209            i = cbRing3 / sizeof(*paRing3);
     210            while (i-- > cOldEntries)
     211            {
    208212                paRing3[i].idxSelf  = (uint16_t)i;
    209213                paRing3[i].idxStats = UINT16_MAX;

  • trunk/src/VBox/VMM/VMMR0/IOMR0Mmio.cpp

    r81383 r82277  
    203203                paRing0[i].idxSelf  = (uint16_t)i;
    204204                paRing0[i].idxStats = UINT16_MAX;
     205            }
     206            i = cbRing3 / sizeof(*paRing3);
     207            while (i-- > cOldEntries)
     208            {
    205209                paRing3[i].idxSelf  = (uint16_t)i;
    206210                paRing3[i].idxStats = UINT16_MAX;

  • trunk/src/VBox/VMM/VMMR3/IOMR3IoPort.cpp

    r81797 r82277  
    295295#endif
    296296    *phIoPorts = idx;
     297    LogFlow(("IOMR3IoPortCreate: idx=%#x cPorts=%u %s\n", idx, cPorts, pszDesc));
    297298    return VINF_SUCCESS;
    298299}
     
    316317    AssertReturn((uint32_t)uPort + cPorts <= _64K, VERR_OUT_OF_RANGE);
    317318    RTIOPORT const uLastPort = uPort + cPorts - 1;
     319    LogFlow(("IOMR3IoPortMap: hIoPorts=%#RX64 %RTiop..%RTiop (%u ports)\n", hIoPorts, uPort, uLastPort, cPorts));
    318320
    319321    /*
     
    411413            AssertMsg(paEntries[i].idx < pVM->iom.s.cIoPortRegs, ("%u: %#x %#x\n", i, paEntries[i].idx, pVM->iom.s.cIoPortRegs));
    412414            AssertMsg(uPortPrev < paEntries[i].uFirstPort, ("%u: %#x %#x\n", i, uPortPrev, paEntries[i].uFirstPort));
     415            AssertMsg(paEntries[i].uLastPort - paEntries[i].uFirstPort + 1 == pVM->iom.s.paIoPortRegs[paEntries[i].idx].cPorts,
     416                      ("%u: %#x %#x..%#x -> %u, expected %u\n", i, uPortPrev, paEntries[i].uFirstPort, paEntries[i].uLastPort,
     417                       paEntries[i].uLastPort - paEntries[i].uFirstPort + 1, pVM->iom.s.paIoPortRegs[paEntries[i].idx].cPorts));
    413418            uPortPrev = paEntries[i].uLastPort;
    414419        }
     
    452457        Assert(pVM->iom.s.cIoPortLookupEntries == cEntries);
    453458        Assert(cEntries > 0);
     459        LogFlow(("IOMR3IoPortUnmap: hIoPorts=%#RX64 %RTiop..%RTiop (%u ports)\n", hIoPorts, uPort, uLastPort, pRegEntry->cPorts));
    454460
    455461        PIOMIOPORTLOOKUPENTRY paEntries = pVM->iom.s.paIoPortLookup;
     
    521527            AssertMsg(paEntries[i].idx < pVM->iom.s.cIoPortRegs, ("%u: %#x %#x\n", i, paEntries[i].idx, pVM->iom.s.cIoPortRegs));
    522528            AssertMsg(uPortPrev < paEntries[i].uFirstPort, ("%u: %#x %#x\n", i, uPortPrev, paEntries[i].uFirstPort));
     529            AssertMsg(paEntries[i].uLastPort - paEntries[i].uFirstPort + 1 == pVM->iom.s.paIoPortRegs[paEntries[i].idx].cPorts,
     530                      ("%u: %#x %#x..%#x -> %u, expected %u\n", i, uPortPrev, paEntries[i].uFirstPort, paEntries[i].uLastPort,
     531                       paEntries[i].uLastPort - paEntries[i].uFirstPort + 1, pVM->iom.s.paIoPortRegs[paEntries[i].idx].cPorts));
    523532            uPortPrev = paEntries[i].uLastPort;
    524533        }
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette