Opened 15 years ago
Closed 14 years ago
#5248 closed defect (fixed)
Incorrect handling of 'Accessed' bit in page table entries -> fixed in SVN/3.0.10
| Reported by: | diamond | Owned by: | |
|---|---|---|---|
| Component: | VMM/RAW | Version: | VirtualBox 3.0.8 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
The function ModifyPage() from src/VBox/VMM/VMMAll/PGMAllGst.h assumes that size argument is page-aligned. However, PGMPhysInterpretedRead() from src/VBox/VMM/VMMAll/PGMAllPhys.cpp calls ModifyPage() with size=1. Due to the structure of ModifyPage(), this can cause setting 'Accessed' bit for entries of page table, which were not accessed, and in most serious cases this leads to the 'Guru Meditation' state.
Small examples for both cases is attached. Hardware virtualization must be disabled. Both examples are valid bootsectors and can be installed to virtual machine as floppy images; when booting from such floppy, in first case VirtualBox goes to 'Guru Meditation' VERR_TRPM_DONT_PANIC (VBox.log is attached, VBox.png contains black screen). The second example after access to page 0x8000 (through 'in al, dx' from ring-3, which loads allowed i/o ports bitmap, causing read from TSS) checks 'Accessed' bit of page 0x9000 and displays the letter 'M' at top-left corner of the screen.
Attachments (3)
Change History (5)
by , 15 years ago
by , 15 years ago
comment:1 by , 15 years ago
| Summary: | Incorrect handling of 'Accessed' bit in page table entries → Incorrect handling of 'Accessed' bit in page table entries -> fixed in SVN/3.0.10 |
|---|
Thanks for the detailed report! Fixed in SVN.
comment:2 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
bootsector, which causes guru meditation