Opened 14 years ago
Closed 14 years ago
#5551 closed defect (fixed)
Guru Meditation when stack pointer for trap handler is near zero
| Reported by: | diamond | Owned by: | |
|---|---|---|---|
| Component: | VMM/RAW | Version: | VirtualBox 3.0.12 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
If the guest causes a trap, ESP is near zero, e.g. ESP=10h (this is just enough for eflags+cs+eip+errorcode without ring transition), hardware virtualization is disabled, VirtualBox goes to Guru Meditation state.
The small example is attached; it is valid bootsector, so can be installed as floppy image. This example raises #PF with ESP=10h from ring-0, in real environment the handler of #PF gots control, skips faulting instruction, and then the code enters idle state. VirtualBox goes to 'Guru Meditation' VERR_TRPM_DONT_PANIC. VBox.log is attached, VBox.png shows black screen.
According to stack trace, TRPMForwardTrap calls PGMVerifyAccess for range [esp-28h,esp), integer overflow results in negative 64-bit address, and pgmRCGst32BitGetPage does not expect this.
Attachments (2)
Change History (3)
by , 14 years ago
by , 14 years ago
comment:1 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Thanks for the report. I've added some extra boundary checks for 32 bits paging modes.
bootsector, which causes guru meditation