VirtualBox

Changeset 97517 in vbox for trunk/src/VBox/VMM/VMMAll


Ignore:
Timestamp:
Nov 11, 2022 10:56:02 PM (2 years ago)
Author:
vboxsync
Message:

VMM/IEM: Fixed indirect far calls in 64-bit mode where we would get the base address wrong when the target wasn't a 64-bit CS (L=1). bugref:9898

Location:
trunk/src/VBox/VMM/VMMAll
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp

    r97506 r97517  
    21562156    uint64_t u64Base;
    21572157    uint32_t cbLimit = X86DESC_LIMIT_G(&Desc.Legacy);
    2158     if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
    2159     {
    2160         if (!IEM_IS_CANONICAL(offSeg))
    2161         {
    2162             Log(("callf %04x:%016RX64 - not canonical -> #GP\n", uSel, offSeg));
    2163             return iemRaiseNotCanonical(pVCpu);
    2164         }
    2165         u64Base = 0;
    2166     }
    2167     else
    2168     {
    2169         if (offSeg > cbLimit)
    2170         {
    2171             Log(("callf %04x:%08RX64 -> out of bounds (%#x)\n", uSel, offSeg, cbLimit));
     2158    if (   !Desc.Legacy.Gen.u1Long
     2159        || !IEM_IS_LONG_MODE(pVCpu))
     2160    {
     2161        if (RT_LIKELY(offSeg <= cbLimit))
     2162            u64Base = X86DESC_BASE(&Desc.Legacy);
     2163        else
     2164        {
     2165            Log(("jmpf %04x:%08RX64 -> out of bounds (%#x)\n", uSel, offSeg, cbLimit));
    21722166            /** @todo Intel says this is \#GP(0)! */
    21732167            return iemRaiseGeneralProtectionFaultBySelector(pVCpu, uSel);
    21742168        }
    2175         u64Base = X86DESC_BASE(&Desc.Legacy);
     2169    }
     2170    else if (IEM_IS_CANONICAL(offSeg))
     2171        u64Base = 0;
     2172    else
     2173    {
     2174        Log(("callf %04x:%016RX64 - not canonical -> #GP\n", uSel, offSeg));
     2175        return iemRaiseNotCanonical(pVCpu);
    21762176    }
    21772177

  • trunk/src/VBox/VMM/VMMAll/IEMAllInstructionsOneByte.cpp.h

    r97511 r97517  
    1151811518    /* 64-bit mode: Default is 32-bit, but only intel respects a REX.W prefix. */
    1151911519    /** @todo what does VIA do? */
    11520     if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT || IEM_IS_GUEST_CPU_INTEL(pVCpu) || pVCpu->iem.s.enmEffOpSize != IEMMODE_64BIT)
     11520    if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT || pVCpu->iem.s.enmEffOpSize != IEMMODE_64BIT || IEM_IS_GUEST_CPU_INTEL(pVCpu))
    1152111521    { /* likely */ }
    1152211522    else
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette