Hello Timo, The vbox-dev mailing list [1] might be a better place for this particular issue, notwithstanding what it says about not being for end users.
Regards, Michael [1] https://www.virtualbox.org/mailman/listinfo/vbox-dev On 12/21/2011 08:17 PM, Timo Kreuzer wrote: > Hi again, > > I'm trying again in the hope someone has mercy with me... > > I tried latest VBox with no improvement on the matter. Currently I need > an ugly hack in my trap dispatching code to work around this bug. > > Hoping someone can help, > > Timo > > > On 10.12.2011 19:42, Timo Kreuzer wrote: >> Hi, >> >> I'm a ReactOS developer working on the x64 port of ReactOS. I just >> stumbled upon something that seems to be a very strange VBox bug: >> >> Under some circumstances an int 3 will cause the RIP value that is >> pushed on the stack to point AT the 0xCC instead of pointing AFTER it. >> I verified this by putting a HLT instruction at the int 3 handler and >> then checked with the vbox debugger (log attached at the end) >> >> I also tried this with int 2c, there the problem doesn't appear. >> >> This behaviour occurred as soon as I was accessing a certain range of >> memory. Higher level page directories were already set up and I could >> set up a PTE without any problem, the bug occurs only after I access >> the mapped page. I can map any physical page to the PTE without >> changing the behaviour. Also reloading cr3 before and after mapping >> the PTE didn't change anything. The VA range where it happened is the >> range of one PDE. Changing the physical page for that PDE fixed the >> problem. Some pages worked, while others didn't. >> More testing revealed that the problem seems to originate from the >> fact that the page tables are double mapped. This is due to the OS >> loader treating memory for the kernel and page tables in the same way, >> mapping both to kernel mode VA space before transfering execution to >> the kernel. >> When I unmap all double mappings of page tables the problem doesn't >> occur anymore. >> >> I would accept that it is a bug in my code, but I would like to >> understand what I did wrong. Double mapping page tables doesn't seem >> to be something that is forbidden. And I also wonder how it could lead >> to something as strange as a wrong rip pushed on the stack after an >> int 3. So any hints what the reason might be are very appreciated. >> >> Btw, this is on vbox 4.1.6.r74713 with and without PAE/NX / nested >> paging enabled. Host CPU is an AMD Athlon 64 x2. >> >> WBR, >> Timo >> >> Vbox debug log: >> >> Welcome to the VirtualBox Debugger! >> Current VM is 00920000, CPU #0 >> VBoxDbg> stop >> >> dbgf event: VM 0000000000920000 is halted! (other) >> eax=0000002f ebx=00000000 ecx=ffc00000 edx=00000002 esi=fee0fae5 >> edi=00005060 >> eip=0052b23a esp=00584058 ebp=00000000 iopl=0 nv up di pl zr na po nc >> cs=0010 ds=002b es=002b fs=0053 gs=002b ss=0018 eflags=00000046 >> 0010:0052b23a 48 c7 c1 45 23 01 00 mov rcx, 00000000000012345h >> VBoxDbg> rg64 >> rax=000000000000002f rbx=0000000000000000 rcx=ffffffffffc00000 >> rdx=0000000000000002 >> rsi=00000000fee0fae5 rdi=0000000000005060 r8 =0000000000000000 r9 >> =fffff80000583fa0 >> r10=0000000000000000 r11=fffff800005a1080 r12=0000000000000000 >> r13=0000000000000000 >> r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di pl zr na >> po nc >> rip=fffff8000052b23a rsp=fffff80000584058 rbp=0000000000000000 >> cs=0010 ds=002b es=002b fs=0053 gs=002b ss=0018 rflags=00000046 >> %fffff8000052b23a 48 c7 c1 45 23 01 00 mov rcx, 00000000000012345h >> VBoxDbg> dq fffff80000584058 >> %fffff80000584058: fffff8000059aeb4 0000000000000010 >> %fffff80000584068: 0000000000000046 fffff80000584080 >> %fffff80000584078: 0000000000000018 fffff80000598000 >> %fffff80000584088: fffff800005a1080 fffff800005840f0 >> %fffff80000584098: fffff800005840a4 000000b600000080 >> %fffff800005840a8: 0000000000001003 fffff6ffffffe000 >> VBoxDbg> u fffff8000059aeb4 >> %fffff8000059aeb4 cc int3 >> %fffff8000059aeb5 48 8b 05 0c 43 00 00 mov rax, qword [00000430ch >> wrt rip] >> %fffff8000059aebc 8b 40 04 mov eax, dword [rax+004h] >> %fffff8000059aebf 2d 00 10 00 00 sub eax, 000001000h >> %fffff8000059aec4 89 44 24 20 mov dword [rsp+020h], eax >> %fffff8000059aec8 8b 44 24 20 mov eax, dword [rsp+020h] >> %fffff8000059aecc 33 d2 xor edx, edx >> %fffff8000059aece b9 04 00 00 00 mov ecx, 000000004h >> %fffff8000059aed3 48 f7 f1 div rcx >> %fffff8000059aed6 48 8b c8 mov rcx, rax >> VBoxDbg> >> >> >> >> >> ------------------------------------------------------------------------------ >> Learn Windows Azure Live! Tuesday, Dec 13, 2011 >> Microsoft is holding a special Learn Windows Azure training event for >> developers. It will provide a great way to learn Windows Azure and what it >> provides. You can attend the event by watching it streamed LIVE online. >> Learn more athttp://p.sf.net/sfu/ms-windowsazure >> >> >> _______________________________________________ >> VBox-users-community mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/vbox-users-community > > > > > ------------------------------------------------------------------------------ > Write once. Port to many. > Get the SDK and tools to simplify cross-platform app development. Create > new or port existing apps to sell to consumers worldwide. Explore the > Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join > http://p.sf.net/sfu/intel-appdev > > > > _______________________________________________ > VBox-users-community mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/vbox-users-community -- ORACLE Deutschland B.V. & Co. KG Michael Thayer Werkstrasse 24 VirtualBox engineering 71384 Weinstadt, Germany mailto:[email protected] Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ VBox-users-community mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vbox-users-community
