Incorrect handling of 'Accessed' bit in page table entries -> fixed in SVN/3.0.10

[diamond]

The function ModifyPage() from src/VBox/VMM/VMMAll/PGMAllGst.h assumes that size argument is page-aligned. However, PGMPhysInterpretedRead() from src/VBox/VMM/VMMAll/PGMAllPhys.cpp calls ModifyPage() with size=1. Due to the structure of ModifyPage(), this can cause setting 'Accessed' bit for entries of page table, which were not accessed, and in most serious cases this leads to the 'Guru Meditation' state.

Small examples for both cases is attached. Hardware virtualization must be disabled. Both examples are valid bootsectors and can be installed to virtual machine as floppy images; when booting from such floppy, in first case VirtualBox goes to 'Guru Meditation' VERR_TRPM_DONT_PANIC (VBox.log is attached, VBox.png contains black screen). The second example after access to page 0x8000 (through 'in al, dx' from ring-3, which loads allowed i/o ports bitmap, causing read from TSS) checks 'Accessed' bit of page 0x9000 and displays the letter 'M' at top-left corner of the screen.

[diamond]

bootsector, which causes guru meditation

[diamond]

bootsector, which displays unexpected modification

[sandervl73]

Thanks for the detailed report! Fixed in SVN.