[Pkg-virtualbox-commits] [virtualbox] 01/03: Imported Upstream version 4.1.44-dfsg
Gianfranco Costamagna
locutusofborg-guest at moszumanska.debian.org
Wed Nov 18 08:29:39 UTC 2015
This is an automated email from the git hooks/post-receive script.
locutusofborg-guest pushed a commit to branch wheezy
in repository virtualbox.
commit 6564631f76959ddc0b524e0e112c652e479cb5cd
Author: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Date: Tue Nov 17 12:33:08 2015 +0100
Imported Upstream version 4.1.44-dfsg
---
Config.kmk | 4 +--
doc/manual/user_ChangeLogImpl.xml | 16 ++++++++++++
include/VBox/err.h | 6 +++--
src/VBox/Devices/EFI/FirmwareBin/VBoxEFI32.fd | Bin 2031616 -> 2031616 bytes
src/VBox/VMM/VMMR0/HWSVMR0.cpp | 32 +++++++++++++++++------
src/VBox/VMM/VMMR0/HWVMXR0.cpp | 22 ++++++++++++++++
src/VBox/VMM/include/EMHandleRCTmpl.h | 1 +
src/VBox/VMM/include/HWACCMInternal.h | 6 ++---
src/libs/xpcom18a4/nsprpub/lib/ds/plarena.c | 10 +++++++
src/libs/xpcom18a4/nsprpub/lib/ds/plarena.h | 36 +++++++++++++++-----------
10 files changed, 103 insertions(+), 30 deletions(-)
diff --git a/Config.kmk b/Config.kmk
index d9376d6..dfd0efb 100644
--- a/Config.kmk
+++ b/Config.kmk
@@ -194,7 +194,7 @@ VBOX_VERSION_MINOR = 1
# This is the current build number. It should be increased every time we publish a
# new build. The define is available in every source file. Only even build numbers
# will be published, odd numbers are set during development.
-VBOX_VERSION_BUILD = 42
+VBOX_VERSION_BUILD = 44
# The raw version string. This *must not* contain any other information/fields than
# major, minor and build revision (as it is now) -- also will be used for host/guest version
# comparison.
@@ -5184,7 +5184,7 @@ endif
SVN ?= svn$(HOSTSUFF_EXE)
VBOX_SVN_REV_KMK = $(PATH_OUT)/revision.kmk
ifndef VBOX_SVN_REV
- VBOX_SVN_REV_FALLBACK := $(patsubst %:,, $Rev: 103435 $ )
+ VBOX_SVN_REV_FALLBACK := $(patsubst %:,, $Rev: 104071 $ )
VBOX_SVN_DEP := $(wildcard $(PATH_ROOT)/.svn/entries)
ifeq ($(which $(SVN)),)
VBOX_SVN_DEP :=
diff --git a/doc/manual/user_ChangeLogImpl.xml b/doc/manual/user_ChangeLogImpl.xml
index 14d445a..7d18181 100644
--- a/doc/manual/user_ChangeLogImpl.xml
+++ b/doc/manual/user_ChangeLogImpl.xml
@@ -1,6 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<sect1>
+ <title>Version 4.1.44 (2015-11-11)</title>
+
+ <para>This is a maintenance release. The following items were fixed and/or
+ added:</para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>several fixes</para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1>
<title>Version 4.1.42 (2015-10-20)</title>
<para>This is a maintenance release. The following items were fixed and/or
diff --git a/include/VBox/err.h b/include/VBox/err.h
index b3a5f5a..e367d93 100644
--- a/include/VBox/err.h
+++ b/include/VBox/err.h
@@ -240,6 +240,8 @@
#define VERR_EM_INTERNAL_DISAS_ERROR (-1153)
/** Unexpected guest mapping conflict detected. */
#define VERR_EM_UNEXPECTED_MAPPING_CONFLICT (-1154)
+/** Guest tried to trigger a CPU hang. The guest is probably up to no good. */
+#define VERR_EM_GUEST_CPU_HANG (-1155)
/** @} */
@@ -1615,9 +1617,9 @@
/** Type error opening the ApiPort LPC object. */
#define VERR_SUPDRV_APIPORT_OPEN_ERROR_TYPE (-3742)
/** The process trying to open VBoxDrv is not a budding VM process (1). */
-#define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_1 (-3748)
+#define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_1 (-3748)
/** The process trying to open VBoxDrv is not a budding VM process (2). */
-#define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_2 (-3748)
+#define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_2 (-3749)
/** @} */
diff --git a/src/VBox/Devices/EFI/FirmwareBin/VBoxEFI32.fd b/src/VBox/Devices/EFI/FirmwareBin/VBoxEFI32.fd
index 85d9353..65ae913 100644
Binary files a/src/VBox/Devices/EFI/FirmwareBin/VBoxEFI32.fd and b/src/VBox/Devices/EFI/FirmwareBin/VBoxEFI32.fd differ
diff --git a/src/VBox/VMM/VMMR0/HWSVMR0.cpp b/src/VBox/VMM/VMMR0/HWSVMR0.cpp
index 4d033a0..9e897b0 100644
--- a/src/VBox/VMM/VMMR0/HWSVMR0.cpp
+++ b/src/VBox/VMM/VMMR0/HWSVMR0.cpp
@@ -929,14 +929,9 @@ VMMR0DECL(int) SVMR0LoadGuestState(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
pVMCB->guest.u64SFMASK = pCtx->msrSFMASK; /* syscall flag mask */
pVMCB->guest.u64KernelGSBase = pCtx->msrKERNELGSBASE; /* swapgs exchange value */
-#ifdef DEBUG
- /* Intercept X86_XCPT_DB if stepping is enabled */
- if ( DBGFIsStepping(pVCpu)
- || CPUMIsHyperDebugStateActive(pVCpu))
- pVMCB->ctrl.u32InterceptException |= RT_BIT(X86_XCPT_DB);
- else
- pVMCB->ctrl.u32InterceptException &= ~RT_BIT(X86_XCPT_DB);
-#endif
+ /* Always intercept #AC and #DB for security reasons. */
+ Assert(pVMCB->ctrl.u32InterceptException & RT_BIT(X86_XCPT_AC));
+ Assert(pVMCB->ctrl.u32InterceptException & RT_BIT(X86_XCPT_DB));
/* Done. */
pVCpu->hwaccm.s.fContextUseFlags &= ~HWACCM_CHANGED_ALL_GUEST;
@@ -1615,6 +1610,27 @@ ResumeExecution:
Log2(("Hardware/software interrupt %d\n", vector));
switch (vector)
{
+ case X86_XCPT_AC:
+ {
+ if ( pVCpu->hwaccm.s.Event.fPending
+ && pVMCB->ctrl.ExitIntInfo.n.u3Type == SVM_EVENT_EXCEPTION
+ && pVMCB->ctrl.ExitIntInfo.n.u8Vector == X86_XCPT_AC)
+ {
+ Assert(pVMCB->ctrl.ExitIntInfo.n.u1Valid);
+ Log(("Nested #AC - Bad guest\n"));
+ rc = VERR_EM_GUEST_CPU_HANG;
+ break;
+ }
+
+ /* Reinject the exception. */
+ Event.au64[0] = 0;
+ Event.n.u3Type = SVM_EVENT_EXCEPTION;
+ Event.n.u1Valid = 1;
+ Event.n.u8Vector = X86_XCPT_AC;
+ SVMR0InjectEvent(pVCpu, pVMCB, pCtx, &Event);
+ goto ResumeExecution;
+ }
+
case X86_XCPT_DB:
{
STAM_COUNTER_INC(&pVCpu->hwaccm.s.StatExitGuestDB);
diff --git a/src/VBox/VMM/VMMR0/HWVMXR0.cpp b/src/VBox/VMM/VMMR0/HWVMXR0.cpp
index 9f263ff..90afbaa 100644
--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp
+++ b/src/VBox/VMM/VMMR0/HWVMXR0.cpp
@@ -1318,6 +1318,10 @@ static void vmxR0UpdateExceptionBitmap(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
&& pVM->hwaccm.s.vmx.pRealModeTSS)
u32TrapMask |= HWACCM_VMX_TRAP_MASK_REALMODE;
+ /* Always intercept #AC and #DB for security reasons. */
+ Assert(u32TrapMask & RT_BIT(X86_XCPT_AC));
+ Assert(u32TrapMask & RT_BIT(X86_XCPT_DB));
+
int rc = VMXWriteVMCS(VMX_VMCS_CTRL_EXCEPTION_BITMAP, u32TrapMask);
AssertRC(rc);
}
@@ -3077,6 +3081,24 @@ ResumeExecution:
break;
}
+ case X86_XCPT_AC: /* Alignment Check. */
+ {
+ if ( pVCpu->hwaccm.s.Event.fPending
+ && VMX_EXIT_INTERRUPTION_INFO_TYPE(pVCpu->hwaccm.s.Event.intInfo) == VMX_EXIT_INTERRUPTION_INFO_TYPE_HWEXCPT
+ && VMX_EXIT_INTERRUPTION_INFO_VECTOR(pVCpu->hwaccm.s.Event.intInfo) == X86_XCPT_AC)
+ {
+ Assert(VMX_EXIT_INTERRUPTION_INFO_VALID(pVCpu->hwaccm.s.Event.intInfo));
+ Log(("Nested #AC - Bad guest\n"));
+ rc = VERR_EM_GUEST_CPU_HANG;
+ STAM_PROFILE_ADV_STOP(&pVCpu->hwaccm.s.StatExit2Sub3, y3);
+ break;
+ }
+ rc2 = VMXR0InjectEvent(pVM, pVCpu, pCtx, VMX_VMCS_CTRL_ENTRY_IRQ_INFO_FROM_EXIT_INT_INFO(intInfo), cbInstr, errCode);
+ AssertRC(rc2);
+ STAM_PROFILE_ADV_STOP(&pVCpu->hwaccm.s.StatExit2Sub3, y3);
+ goto ResumeExecution;
+ }
+
case X86_XCPT_BP: /* Breakpoint. */
{
rc = DBGFRZTrap03Handler(pVM, pVCpu, CPUMCTX2CORE(pCtx));
diff --git a/src/VBox/VMM/include/EMHandleRCTmpl.h b/src/VBox/VMM/include/EMHandleRCTmpl.h
index 7eb50be..2f5b897 100644
--- a/src/VBox/VMM/include/EMHandleRCTmpl.h
+++ b/src/VBox/VMM/include/EMHandleRCTmpl.h
@@ -319,6 +319,7 @@ int emR3HwaccmHandleRC(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx, int rc)
case VERR_VMM_RING0_ASSERTION:
case VERR_VMM_HYPER_CR3_MISMATCH:
case VERR_VMM_RING3_CALL_DISABLED:
+ case VERR_EM_GUEST_CPU_HANG:
break;
#ifdef EMHANDLERC_WITH_HWACCM
diff --git a/src/VBox/VMM/include/HWACCMInternal.h b/src/VBox/VMM/include/HWACCMInternal.h
index aaca54c..98b8aa9 100644
--- a/src/VBox/VMM/include/HWACCMInternal.h
+++ b/src/VBox/VMM/include/HWACCMInternal.h
@@ -118,11 +118,11 @@ RT_C_DECLS_BEGIN
* Currently #NM and #PF only
*/
#ifdef VBOX_STRICT
-#define HWACCM_VMX_TRAP_MASK RT_BIT(X86_XCPT_BP) | RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_DE) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF) | RT_BIT(X86_XCPT_UD) | RT_BIT(X86_XCPT_NP) | RT_BIT(X86_XCPT_SS) | RT_BIT(X86_XCPT_GP) | RT_BIT(X86_XCPT_MF)
+#define HWACCM_VMX_TRAP_MASK RT_BIT(X86_XCPT_AC) | RT_BIT(X86_XCPT_BP) | RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_DE) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF) | RT_BIT(X86_XCPT_UD) | RT_BIT(X86_XCPT_NP) | RT_BIT(X86_XCPT_SS) | RT_BIT(X86_XCPT_GP) | RT_BIT(X86_XCPT_MF)
#define HWACCM_SVM_TRAP_MASK HWACCM_VMX_TRAP_MASK
#else
-#define HWACCM_VMX_TRAP_MASK RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF)
-#define HWACCM_SVM_TRAP_MASK RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF)
+#define HWACCM_VMX_TRAP_MASK RT_BIT(X86_XCPT_AC) | RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF)
+#define HWACCM_SVM_TRAP_MASK RT_BIT(X86_XCPT_AC) | RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_NM) | RT_BIT(X86_XCPT_PF)
#endif
/* All exceptions have to be intercept in emulated real-mode (minus NM & PF as they are always intercepted. */
#define HWACCM_VMX_TRAP_MASK_REALMODE RT_BIT(X86_XCPT_DE) | RT_BIT(X86_XCPT_DB) | RT_BIT(X86_XCPT_NMI) | RT_BIT(X86_XCPT_BP) | RT_BIT(X86_XCPT_OF) | RT_BIT(X86_XCPT_BR) | RT_BIT(X86_XCPT_UD) | RT_BIT(X86_XCPT_DF) | RT_BIT(X86_XCPT_CO_SEG_OVERRUN) | RT_BIT(X86_XCPT_TS) | RT_BIT(X86_XCPT_NP) | RT_BIT(X86_XCPT_SS) | RT_BIT(X86_XCPT_GP) | RT_BIT(X86_XCPT_MF) | RT_BIT(X86_XCPT_AC) | RT_BIT(X86_XCPT_MC) | RT_BIT(X86_XCPT_XF)
diff --git a/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.c b/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.c
index 34d675f..e61efbe 100644
--- a/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.c
+++ b/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.c
@@ -115,6 +115,9 @@ PR_IMPLEMENT(void) PL_InitArenaPool(
align = PL_ARENA_DEFAULT_ALIGN;
pool->mask = PR_BITMASK(PR_CeilingLog2(align));
pool->first.next = NULL;
+ /* Set all three addresses in pool->first to the same dummy value.
+ * These addresses are only compared with each other, but never
+ * dereferenced. */
pool->first.base = pool->first.avail = pool->first.limit =
(PRUword)PL_ARENA_ALIGN(pool, &pool->first + 1);
pool->current = &pool->first;
@@ -158,10 +161,14 @@ PR_IMPLEMENT(void *) PL_ArenaAllocate(PLArenaPool *pool, PRUint32 nb)
{
PLArena *a;
char *rp; /* returned pointer */
+ PRUint32 nbOld;
PR_ASSERT((nb & pool->mask) == 0);
+ nbOld = nb;
nb = (PRUword)PL_ARENA_ALIGN(pool, nb); /* force alignment */
+ if (nb < nbOld)
+ return NULL;
/* attempt to allocate from arenas at pool->current */
{
@@ -217,6 +224,7 @@ PR_IMPLEMENT(void *) PL_ArenaAllocate(PLArenaPool *pool, PRUint32 nb)
a->base = a->avail = (PRUword)PL_ARENA_ALIGN(pool, a + 1);
rp = (char *)a->avail;
a->avail += nb;
+ PR_ASSERT(a->avail <= a->limit);
/* the newly allocated arena is linked after pool->current
* and becomes pool->current */
a->next = pool->current->next;
@@ -239,6 +247,8 @@ PR_IMPLEMENT(void *) PL_ArenaGrow(
{
void *newp;
+ if (PR_UINT32_MAX - size < incr)
+ return NULL;
PL_ARENA_ALLOCATE(newp, pool, size + incr);
if (newp)
memcpy(newp, p, size);
diff --git a/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.h b/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.h
index 38f3e39..174bd97 100644
--- a/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.h
+++ b/src/libs/xpcom18a4/nsprpub/lib/ds/plarena.h
@@ -108,31 +108,37 @@ struct PLArenaPool {
#define PL_ARENA_ALLOCATE(p, pool, nb) \
PR_BEGIN_MACRO \
PLArena *_a = (pool)->current; \
- PRUint32 _nb = PL_ARENA_ALIGN(pool, nb); \
+ PRUint32 _nb = PL_ARENA_ALIGN(pool, (PRUint32)nb); \
PRUword _p = _a->avail; \
- PRUword _q = _p + _nb; \
- if (_q > _a->limit) \
+ if (_nb < (PRUint32)nb) { \
+ _p = 0; \
+ } else if (_nb > (_a->limit - _a->avail)) { \
_p = (PRUword)PL_ArenaAllocate(pool, _nb); \
- else \
- _a->avail = _q; \
+ } else { \
+ _a->avail += _nb; \
+ } \
p = (void *)_p; \
- PL_ArenaCountAllocation(pool, nb); \
+ if (p) { \
+ PL_ArenaCountAllocation(pool, nb); \
+ } \
PR_END_MACRO
#define PL_ARENA_GROW(p, pool, size, incr) \
PR_BEGIN_MACRO \
PLArena *_a = (pool)->current; \
- PRUint32 _incr = PL_ARENA_ALIGN(pool, incr); \
- PRUword _p = _a->avail; \
- PRUword _q = _p + _incr; \
- if (_p == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
- _q <= _a->limit) { \
- _a->avail = _q; \
- PL_ArenaCountInplaceGrowth(pool, size, incr); \
+ PRUint32 _incr = PL_ARENA_ALIGN(pool, (PRUint32)incr); \
+ if (_incr < (PRUint32)incr) { \
+ p = NULL; \
+ } else if (_a->avail == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
+ _incr <= (_a->limit - _a->avail)) { \
+ _a->avail = _incr; \
+ PL_ArenaCountInplaceGrowth(pool, size, (RTUint32)incr); \
} else { \
- p = PL_ArenaGrow(pool, p, size, incr); \
+ p = PL_ArenaGrow(pool, p, size, (PRUint32)incr); \
+ } \
+ if (p) { \
+ PL_ArenaCountGrowth(pool, size, (PRUint32)incr); \
} \
- PL_ArenaCountGrowth(pool, size, incr); \
PR_END_MACRO
#define PL_ARENA_MARK(pool) ((void *) (pool)->current->avail)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-virtualbox/virtualbox.git
More information about the Pkg-virtualbox-commits
mailing list