Bugs in virtual machines

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
Antti
Member
Member
Posts: 923
Joined: Thu Jul 05, 2012 5:12 am
Location: Finland

Bugs in virtual machines

Post by Antti »

It might be that I found a bug in VirtualBox but I cannot say for sure yet. It seems that "rep stosb" does not trigger a page fault when it goes beyond the mapped memory area. In real hardware everything works as expected and a page fault occurs. Maybe this is not a bug but a feature and it may be that I am not interested in to analyze it very thoroughly. Have you ever found out similar kind of features in virtual machines?

Code: Select all

	char *memory = (char *)0xEFFFF000;     /* Correctly mapped */

	memory[0]    = 1;              /* No page fault */
	memory[4095] = 2;              /* No page fault */
	memory[4096] = 3;              /* Expected page fault (0xF0000000 is not mapped) */

	memset(memory, 0, 4096)        /* No page fault */
	memset(memory, 0, 4097)        /* No page fault in VirtualBox!!! */
	memset(memory, 0, 5000)        /* No page fault in VirtualBox!!! */

	memory += 0x1000;
	memset(memory, 0, 1)           /* Page fault (also in VirtualBox)
Simple memset implementation:

Code: Select all

/*
 * void *memset(void *destination, int value, unsigned long num);
 */
memset:
	movl 4(%esp), %edi
	movl 8(%esp), %eax
	movl 12(%esp), %ecx
	rep stosb
	movl 4(%esp), %eax
	retl
User avatar
brain
Member
Member
Posts: 234
Joined: Thu Nov 05, 2009 5:04 pm
Location: UK
Contact:

Re: Bugs in virtual machines

Post by brain »

Interesting. Just out of curiosity, what happens if you write a non-aligned dword straddling the page boundary, e.g. if page A is mapped and page B is unmapped and you write a dword with the mov instruction, two bytes into page A and two bytes into page B?

Does this also avoid throwing the page fault in the emulator? Sounds like a bounds checking bug or something to me...
jnc100
Member
Member
Posts: 775
Joined: Mon Apr 09, 2007 12:10 pm
Location: London, UK
Contact:

Re: Bugs in virtual machines

Post by jnc100 »

Are you using hardware virtualisation or relying on VirtualBox's emulation?

Regards,
John.
Antti
Member
Member
Posts: 923
Joined: Thu Jul 05, 2012 5:12 am
Location: Finland

Re: Bugs in virtual machines

Post by Antti »

I updated to the latest version and now everything works. However, that bug was not very serious for normal operating systems. I guess Windows and Linux do not rely on triggering a page fault that way (if there are no bugs). A user program might use it... to terminate itself?

I also tried to do memset(memory, 0, 0xFFFFFFFF) and it still did not trigger a page fault. However, it did not clear all the memory but stopped to the first unmapped page.
brain wrote:write a non-aligned dword straddling the page boundary
That would have been a good test. I should have tried.
jnc100 wrote:Are you using hardware virtualisation or relying on VirtualBox's emulation?
It was hardware virtualization.
Kevin
Member
Member
Posts: 1071
Joined: Sun Feb 01, 2009 6:11 am
Location: Germany
Contact:

Re: Bugs in virtual machines

Post by Kevin »

Antti wrote:I guess Windows and Linux do not rely on triggering a page fault that way (if there are no bugs). A user program might use it... to terminate itself?
...to initialise a memory region that is partially COW or swapped out?
Developer of tyndur - community OS of Lowlevel (German)
Antti
Member
Member
Posts: 923
Joined: Thu Jul 05, 2012 5:12 am
Location: Finland

Re: Bugs in virtual machines

Post by Antti »

A little offtopic note: I have a huge problem with my assembly code base. I posted my simple memset function to this thread and it is horrendously wrong. Unbelievable that I have missed this and noticed it until now: I have not saved registers ESI and EDI! This same problem is everywhere and I have to check all my assembly procedures. I somehow thought that only registers EBP and EBX should be saved. What a mistake.

There were some symptoms visible because I wondered why some things broke when I enabled high optimize levels in gcc. It is strange that I got this far even my widely used memset and memcpy always trashed registers that should be saved.
Post Reply