Changeset 91963 in vbox for trunk/src

Timestamp:

Oct 21, 2021 3:22:44 PM (3 years ago)

Author:

vboxsync

Message:

VMM/IEM: Nested VMX: bugref:10092 CR3 physical address mask check when EPT paging is enabled (ifdef'd), no functional changes to the old code.

File:

• trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -5940 +5940 @@
 
             /* Check / mask the value. */
-            if (uNewCrX & UINT64_C(0xfff0000000000000))
-            {
+#ifdef VBOX_WITH_NESTED_HWVIRT_VMX_EPT
+            /* See Intel spec. 27.2.2 "EPT Translation Mechanism" footnote. */
+            uint64_t const fInvPhysMask = !CPUMIsGuestVmxEptPagingEnabledEx(IEM_GET_CTX(pVCpu))
+                                        ? ~(RT_BIT_64(IEM_GET_GUEST_CPU_FEATURES(pVCpu)->cMaxPhysAddrWidth) - 1U)
+                                        : (X86_CR3_EPT_PAGE_MASK | X86_PAGE_4K_OFFSET_MASK);
+#else
+            uint64_t const fInvPhysMask = UINT64_C(0xfff0000000000000);
+#endif
+            if (uNewCrX & fInvPhysMask)
+            {
+                /** @todo Should we raise this only for 64-bit mode like Intel claims? AMD is
+                 *        very vague in this area. As mentioned above, need testcase on real
+                 *        hardware... Sigh. */
                 Log(("Trying to load CR3 with invalid high bits set: %#llx\n", uNewCrX));
                 return iemRaiseGeneralProtectionFault0(pVCpu);
@@ -5949 +5960 @@
             if (   (pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE)
                 && (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_LME))
+            {
+                /** @todo Redundant? This value has already been validated above. */
                 fValid = UINT64_C(0x000fffffffffffff);
+            }
             else
                 fValid = UINT64_C(0xffffffff);