OSDev.org

Posted: **Fri Mar 29, 2013 4:48 am**

It might be that I found a bug in VirtualBox but I cannot say for sure yet. It seems that "rep stosb" does not trigger a page fault when it goes beyond the mapped memory area. In real hardware everything works as expected and a page fault occurs. Maybe this is not a bug but a feature and it may be that I am not interested in to analyze it very thoroughly. Have you ever found out similar kind of features in virtual machines?

Code: Select all

	char *memory = (char *)0xEFFFF000;     /* Correctly mapped */

	memory[0]    = 1;              /* No page fault */
	memory[4095] = 2;              /* No page fault */
	memory[4096] = 3;              /* Expected page fault (0xF0000000 is not mapped) */

	memset(memory, 0, 4096)        /* No page fault */
	memset(memory, 0, 4097)        /* No page fault in VirtualBox!!! */
	memset(memory, 0, 5000)        /* No page fault in VirtualBox!!! */

	memory += 0x1000;
	memset(memory, 0, 1)           /* Page fault (also in VirtualBox)

Simple memset implementation:

Code: Select all

/*
 * void *memset(void *destination, int value, unsigned long num);
 */
memset:
	movl 4(%esp), %edi
	movl 8(%esp), %eax
	movl 12(%esp), %ecx
	rep stosb
	movl 4(%esp), %eax
	retl

Posted: **Sat Mar 30, 2013 2:35 am**

Interesting. Just out of curiosity, what happens if you write a non-aligned dword straddling the page boundary, e.g. if page A is mapped and page B is unmapped and you write a dword with the mov instruction, two bytes into page A and two bytes into page B?

Does this also avoid throwing the page fault in the emulator? Sounds like a bounds checking bug or something to me...

Posted: **Sat Mar 30, 2013 2:55 am**

Are you using hardware virtualisation or relying on VirtualBox's emulation?

Regards,
John.

Posted: **Sat Mar 30, 2013 4:33 am**

I updated to the latest version and now everything works. However, that bug was not very serious for normal operating systems. I guess Windows and Linux do not rely on triggering a page fault that way (if there are no bugs). A user program might use it... to terminate itself?

I also tried to do memset(memory, 0, 0xFFFFFFFF) and it still did not trigger a page fault. However, it did not clear all the memory but stopped to the first unmapped page.

brain wrote:write a non-aligned dword straddling the page boundary

That would have been a good test. I should have tried.

jnc100 wrote:Are you using hardware virtualisation or relying on VirtualBox's emulation?

It was hardware virtualization.

Posted: **Mon Apr 01, 2013 8:48 am**

Antti wrote:I guess Windows and Linux do not rely on triggering a page fault that way (if there are no bugs). A user program might use it... to terminate itself?

...to initialise a memory region that is partially COW or swapped out?

Posted: **Sat Apr 06, 2013 4:46 am**

A little offtopic note: I have a huge problem with my assembly code base. I posted my simple memset function to this thread and it is horrendously wrong. Unbelievable that I have missed this and noticed it until now: I have not saved registers ESI and EDI! This same problem is everywhere and I have to check all my assembly procedures. I somehow thought that only registers EBP and EBX should be saved. What a mistake.

There were some symptoms visible because I wondered why some things broke when I enabled high optimize levels in gcc. It is strange that I got this far even my widely used memset and memcpy always trashed registers that should be saved.

OSDev.org

Bugs in virtual machines

Bugs in virtual machines

Re: Bugs in virtual machines

Re: Bugs in virtual machines

Re: Bugs in virtual machines

Re: Bugs in virtual machines

Re: Bugs in virtual machines