VirtualBox

Ticket #10947 (closed defect: fixed)

Opened 19 months ago

Last modified 5 months ago

Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' => fixed in SVN

Reported by: Kissy Owned by:
Priority: minor Component: VMM
Version: VirtualBox 4.2.0 Keywords: rdtsc cpuid
Cc: Guest type: Windows
Host type: Windows

Description

This 'Rdtsc' problem only appears without VT-X/AMD-V.

      .586
      .model flat, stdcall
      option casemap :none   ; case sensitive
      
      include windows.inc
      include kernel32.inc
      include user32.inc 
      includelib kernel32.lib
      includelib user32.lib
     
.data
Flag	dd 0
szRight	db 'Flag Value is right!',0
szWrong	db 'Flag Value is wrong!',0
szInfo	db 'Info:'

.code
start:
	assume fs: nothing
	call @MyCode
	mov     ecx, dword ptr [esp+0Ch]
	mov 	ecx, dword ptr [ecx+0B8h]	;;Ecx = Seh.eip
	.if ecx == offset @WrongExceptionEip
		mov Flag,0
	.else
		mov Flag,1
	.endif
	xor     eax, eax
	retn
	@MyCode:
	push    dword ptr fs:[0]
	mov     dword ptr fs:[0], esp
	push 397h             ;;Set Eflags
	popfd
	rdtsc
	@RightExceptionEip:		;;Normally,Seh.eip should be pointed here
	nop
	@WrongExceptionEip:		;;In Guest system,('Without' VT-X/AMD-V),Seh.eip is pointed here.But 'With' VT-X/AMD-V,Seh.eip is right.
	.if Flag == 1 
		invoke MessageBoxA,0,offset szRight,offset szInfo,MB_OK
	.else 
		invoke MessageBoxA,0,offset szWrong,offset szInfo,MB_OK
	.endif
	invoke ExitProcess,0
end start

This 'Cpuid' problem only appears with VT-X/AMD-V.

      .586
      .model flat, stdcall
      option casemap :none   ; case sensitive
      
      include windows.inc
      include kernel32.inc
      include user32.inc   
      includelib kernel32.lib
      includelib user32.lib
     
.data
Flag	dd 0
szRight	db 'Flag Value is right!',0
szWrong	db 'Flag Value is wrong!',0
szInfo	db 'Info:'

.code
start:
	assume fs: nothing
	call @MyCode
	mov     ecx, dword ptr [esp+0Ch]
	mov 	ecx, dword ptr [ecx+0B8h]	;;Ecx = Seh.eip
	.if ecx == offset @WrongExceptionEip
		mov Flag,0
	.else
		mov Flag,1
	.endif
	xor     eax, eax
	retn
	@MyCode:
	push    dword ptr fs:[0]
	mov     dword ptr fs:[0], esp
	push 397h			;;Set Eflags.
	popfd
	cpuid
	@RightExceptionEip:		;;Normally,Seh.eip should be pointed here
	nop
	@WrongExceptionEip:		;;In Guest system,('With' VT-X/AMD-V),Seh.eip is pointed here.But 'Without' VT-X/AMD-V,Seh.eip is right.
					;;It's different than 'Rdtsc',This problem only appear in the VT-X/AMD-V
	.if Flag == 1 
		invoke MessageBoxA,0,offset szRight,offset szInfo,MB_OK
	.else 
		invoke MessageBoxA,0,offset szWrong,offset szInfo,MB_OK
	.endif
	invoke ExitProcess,0
end start

Attachments

Test Examples.rar Download (2.3 KB) - added by Kissy 19 months ago.
Test Examples

Change History

Changed 19 months ago by Kissy

Test Examples

comment:1 Changed 19 months ago by frank

  • Priority changed from major to minor
  • Summary changed from On some condition,something is wrong with 'Rdtsc' and 'Cpuid' command. to Wrong instruction after single-step exception with 'rdtsc' and 'cpuid'

Your summary as well as your description is very unclear. What your examples actually do is to set the trap flag which will trigger a single-step exception for the following instruction.

comment:2 Changed 5 months ago by ramshankar

The code in 4.2.x is drastically different. This bug should be fixed in the upcoming 4.3.4 maintenance release.

comment:3 Changed 5 months ago by ramshankar

  • Summary changed from Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' to Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' => fixed in SVN

comment:4 Changed 5 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in 4.3.4.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use