Changeset 93109 in vbox for trunk/src/VBox/Main/src-server
- Timestamp:
- Dec 31, 2021 2:29:54 AM (3 years ago)
- svn:sync-xref-src-repo-rev:
- 149123
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Main/src-server/UnattendedOs2Installer.cpp
r93098 r93109 53 53 : UnattendedInstaller(pParent, 54 54 "os2_response_files.rsp", "os2_cid_install.cmd", 55 " OS2.RSP","VBOXCID.CMD",55 "os2_response_files.rsp", "VBOXCID.CMD", 56 56 DeviceType_Floppy) 57 57 { … … 327 327 return NULL; 328 328 } 329 330 #if 0 331 /** 332 * Patcher callback for TESTCFG.SYS. 333 * 334 * This is for debugging a mysterious DS corruption issue happening on an AMD 335 * 3990x host. 336 * 337 * @verbatim 338 dbgf event/0: xcpt_gp - #GP (general protection fault)! arg=0x1d8 339 VBoxDbg> r 340 eax=00000001 ebx=00dc0000 ecx=56d80000 edx=178b0000 esi=ffde0100 edi=feff44e4 341 eip=00000124 esp=00000f76 ebp=0000dbf3 iopl=3 nv up ei pl nz na po nc 342 cs=0763 ds=01db es=0130 fs=0000 gs=0000 ss=001f eflags=00003206 343 0763:00000124 cb retf 344 VBoxDbg> dw ss:sp 345 001f:00000f76: 0549 075b 03e4 0000-0fb8 04b9 44e4 0130 346 VBoxDbg> u cs:fc 347 0763:000000fc 55 push bp 348 0763:000000fd 8b ec mov bp, sp 349 0763:000000ff 53 push bx 350 0763:00000100 51 push cx 351 0763:00000101 52 push dx 352 0763:00000102 1e push DS 353 0763:00000103 33 c9 xor cx, cx 354 0763:00000105 b0 10 mov AL, 010h 355 0763:00000107 b2 24 mov DL, 024h 356 0763:00000109 ff 1e 22 00 call far [00022h] 357 0763:0000010d 72 0e jc +00eh (0011dh) 358 0763:0000010f 50 push ax 359 0763:00000110 1f pop DS 360 0763:00000111 f7 47 06 03 00 test word [bx+006h], 00003h 361 0763:00000116 74 05 je +005h (0011dh) 362 0763:00000118 b8 01 00 mov ax, 00001h 363 0763:0000011b eb 02 jmp +002h (0011fh) 364 0763:0000011d 33 c0 xor ax, ax 365 0763:0000011f 1f pop DS 366 0763:00000120 5a pop dx 367 0763:00000121 59 pop cx 368 0763:00000122 5b pop bx 369 0763:00000123 5d pop bp 370 0763:00000124 cb retf 371 VBoxDbg> dw ss:sp - 5*2 L8 372 001f:00000f6c: 0750 082a 220e 44e4-0f7e 0549 075b 03e4 373 * @endverbatim 374 * 375 * We end up with a \#GP on the RETF, but the stack frame is a valid 075b:0549 376 * return address (in TESTCFG's first code segment). The error code is 0x1d8, 377 * which makes no sense. DS contains 0x1db, which could be related, however it 378 * is the *wrong* value as seen by the stack restore frame above, it was just 379 * restored as 0750 (TESTCFG data segment). 380 * 381 * The patching here aim at modifying to code to try figure out what might 382 * trigger the bogus DS and \#GP(0x1d8). 383 * 384 * P.S. There are no exits or event injections taking place when DS gets 385 * corrupt, the last exit was a CR0 read in OS2KRNL's DOSSEG (0120:1798) 386 * probably related to we comming back to protected mode from real mode as we 387 * just made an APM BIOS call. 388 * 389 * Update: The values loaded off the stack aren't the ones ending up the 390 * registers, so that might explain why this goes south. 391 * 392 * @sa ticketref:20625 393 */ 394 /*static*/ 395 int UnattendedOs2Installer::patchTestCfg(uint8_t *pbFile, size_t cbFile, const char *pszFilename, UnattendedOs2Installer *pThis) 396 { 397 RT_NOREF(pThis, pszFilename); 398 399 static uint8_t const s_abVariant1[] = 400 { 401 /*0763:00fc*/ 0x55, /* push bp */ 402 /*0763:00fd*/ 0x8b, 0xec, /* mov bp, sp */ 403 /*0763:00ff*/ 0x53, /* push bx */ 404 /*0763:0100*/ 0x51, /* push cx */ 405 /*0763:0101*/ 0x52, /* push dx */ 406 /*0763:0102*/ 0x1e, /* push DS */ 407 /*0763:0103*/ 0x33, 0xc9, /* xor cx, cx */ 408 /*0763:0105*/ 0xb0, 0x10, /* mov AL, 010h */ 409 /*0763:0107*/ 0xb2, 0x24, /* mov DL, 024h */ 410 /*0763:0109*/ 0xff, 0x1e, 0x22, 0x00, /* call far [00022h] */ 411 /*0763:010d*/ 0x72, 0x0e, /* jc +00eh (0011dh) */ 412 /*0763:010f*/ 0x50, /* push ax */ 413 /*0763:0110*/ 0x1f, /* pop DS */ 414 /*0763:0111*/ 0xf7, 0x47, 0x06, 0x03, 0x00, /* test word [bx+006h], 00003h */ 415 /*0763:0116*/ 0x74, 0x05, /* je +005h (0011dh) */ 416 /*0763:0118*/ 0xb8, 0x01, 0x00, /* mov ax, 00001h */ 417 /*0763:011b*/ 0xeb, 0x02, /* jmp +002h (0011fh) */ 418 /*0763:011d*/ 0x33, 0xc0, /* xor ax, ax */ 419 /*0763:011f*/ 0x1f, /* pop DS */ 420 /*0763:0120*/ 0x5a, /* pop dx */ 421 /*0763:0121*/ 0x59, /* pop cx */ 422 /*0763:0122*/ 0x5b, /* pop bx */ 423 /*0763:0123*/ 0x5d, /* pop bp */ 424 /*0763:0124*/ 0xcb, /* retf */ 425 }; 426 static uint8_t const s_abVariant1Mask[] = 427 { 428 /*0763:00fc*/ 0xff, /* push bp */ 429 /*0763:00fd*/ 0xff, 0xec, /* mov bp, sp */ 430 /*0763:00ff*/ 0xff, /* push bx */ 431 /*0763:0100*/ 0xff, /* push cx */ 432 /*0763:0101*/ 0xff, /* push dx */ 433 /*0763:0102*/ 0xff, /* push DS */ 434 /*0763:0103*/ 0xff, 0xff, /* xor cx, cx */ 435 /*0763:0105*/ 0xff, 0xff, /* mov AL, 010h */ 436 /*0763:0107*/ 0xff, 0xff, /* mov DL, 024h */ 437 /*0763:0109*/ 0xff, 0xff, 0x00, 0x00, /* call far [00022h] */ 438 /*0763:010d*/ 0xff, 0xff, /* jc +00eh (0011dh) */ 439 /*0763:010f*/ 0xff, /* push ax */ 440 /*0763:0110*/ 0xff, /* pop DS */ 441 /*0763:0111*/ 0xff, 0xff, 0xff, 0xff, 0xff, /* test word [bx+006h], 00003h */ 442 /*0763:0116*/ 0xff, 0xff, /* je +005h (0011dh) */ 443 /*0763:0118*/ 0xff, 0xff, 0xff, /* mov ax, 00001h */ 444 /*0763:011b*/ 0xff, 0xff, /* jmp +002h (0011fh) */ 445 /*0763:011d*/ 0xff, 0xff, /* xor ax, ax */ 446 /*0763:011f*/ 0xff, /* pop DS */ 447 /*0763:0120*/ 0xff, /* pop dx */ 448 /*0763:0121*/ 0xff, /* pop cx */ 449 /*0763:0122*/ 0xff, /* pop bx */ 450 /*0763:0123*/ 0xff, /* pop bp */ 451 /*0763:0124*/ 0xff, /* retf */ 452 }; 453 AssertCompile(sizeof(s_abVariant1Mask) == sizeof(s_abVariant1)); 454 455 /* uUser1 = off to start modifying the code; */ 456 static const OS2CODEPATTERN s_aPatterns[] = 457 { 458 { s_abVariant1, s_abVariant1Mask, sizeof(s_abVariant1Mask), 0x010d - 0x00fc, 0, 0, 0, 0 }, 459 }; 460 461 PCOS2CODEPATTERN pPattern; 462 uint8_t *pbHit = findCodePattern(&s_aPatterns[0], RT_ELEMENTS(s_aPatterns), pbFile, cbFile, &pPattern); 463 if (pPattern) 464 { 465 /* We've got */ 466 uint8_t *pbPatch = &pbHit[pPattern->uUser1]; 467 #if 0 /* this seems to fix the issue */ 468 *pbPatch++ = 0xe6; /* out 78h, al - triggers an exit */ 469 *pbPatch++ = 0x78; 470 #elif 0 /* this seems to fix it too */ 471 *pbPatch++ = 0xf3; /* pause */ 472 *pbPatch++ = 0x90; 473 #elif 0 /* still reproducible with normal nops. */ 474 *pbPatch++ = 0x90; 475 *pbPatch++ = 0x90; 476 #else 477 # if 0 478 /*0763:010d*/ 0x72, 0x0e, /* jc +00eh (0011dh) */ 479 /*0763:010f*/ 0x50, /* push ax */ 480 /*0763:0110*/ 0x1f, /* pop DS */ 481 /*0763:0111*/ 0xf7, 0x47, 0x06, 0x03, 0x00, /* test word [bx+006h], 00003h */ 482 /*0763:0116*/ 0x74, 0x05, /* je +005h (0011dh) */ 483 /*0763:0118*/ 0xb8, 0x01, 0x00, /* mov ax, 00001h */ 484 /*0763:011b*/ 0xeb, 0x02, /* jmp +002h (0011fh) */ 485 /*0763:011d*/ 0x33, 0xc0, /* xor ax, ax */ 486 /*0763:011f*/ 0x1f, /* pop DS */ 487 /*0763:0120*/ 0x5a, /* pop dx */ 488 /*0763:0121*/ 0x59, /* pop cx */ 489 /*0763:0122*/ 0x5b, /* pop bx */ 490 /*0763:0123*/ 0x5d, /* pop bp */ 491 /*0763:0124*/ 0xcb, /* retf */ 492 # endif 493 /* Try straigthen out the code and mabye load DS into AX (we don't care about the return value) */ 494 *pbPatch++ = 0x50; /* push ax */ 495 *pbPatch++ = 0x1f; /* pop DS */ 496 497 *pbPatch++ = 0xf7; /* test word [bx+006h], 00003h */ 498 *pbPatch++ = 0x47; 499 *pbPatch++ = 0x06; 500 *pbPatch++ = 0x03; 501 *pbPatch++ = 0x00; 502 /* not je */ 503 *pbPatch++ = 0xb8; /* mov ax, 00001h */ 504 *pbPatch++ = 0x01; 505 *pbPatch++ = 0x00; 506 507 # if 0 /* try reload SS */ 508 *pbPatch++ = 0x8c; /* mov ax, ss */ 509 *pbPatch++ = 0xd0; 510 *pbPatch++ = 0x8e; /* mov ss, ax */ 511 *pbPatch++ = 0xd0; 512 # endif 513 # if 0 /* try reload CR3 to flush everything - not possible, we're in ring-3 */ 514 *pbPatch++ = 0x0f; /* mov eax, cr3 */ 515 *pbPatch++ = 0x20; 516 *pbPatch++ = 0xd8; 517 *pbPatch++ = 0x0f; /* mov cr3, eax */ 518 *pbPatch++ = 0x22; 519 *pbPatch++ = 0xd8; 520 # endif 521 522 *pbPatch++ = 0x1f; /* pop DS */ 523 # if 0 524 *pbPatch++ = 0x8c; /* mov ax, ds */ 525 *pbPatch++ = 0xd8; 526 # endif 527 *pbPatch++ = 0x5a; /* pop dx */ 528 *pbPatch++ = 0x59; /* pop cx */ 529 *pbPatch++ = 0x5b; /* pop bx */ 530 *pbPatch++ = 0x5d; /* pop bp */ 531 *pbPatch++ = 0xcb; /* retf */ 532 533 #endif 534 } 535 else 536 { 537 LogRelFunc(("No patch pattern match!\n")); 538 return VERR_NOT_FOUND; 539 } 540 541 return VINF_SUCCESS; 542 } 543 #endif 329 544 330 545 … … 587 802 { true, { "SCREEN01.SYS", NULL }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL }, 588 803 { true, { "SESMGR.DLL", NULL }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL }, 589 { true, { "TESTCFG.SYS", NULL }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL },804 { true, { "TESTCFG.SYS", NULL }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL, /*patchTestCfg*/ }, 590 805 { true, { "VIO437.DCP", "VTBL850.DCP" }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL }, 591 806 { true, { "VIOCALLS.DLL", NULL }, { "DISK_1", "DISK_2", NULL }, NULL, NULL, NULL },
Note:
See TracChangeset
for help on using the changeset viewer.
