diff -Nru virtualbox-5.2.16-dfsg/debian/changelog virtualbox-5.2.18-dfsg/debian/changelog --- virtualbox-5.2.16-dfsg/debian/changelog 2018-08-03 02:03:48.000000000 +0000 +++ virtualbox-5.2.18-dfsg/debian/changelog 2018-08-15 21:00:46.000000000 +0000 @@ -1,14 +1,10 @@ -virtualbox (5.2.16-dfsg-3build2) cosmic; urgency=high +virtualbox (5.2.18-dfsg-1) unstable; urgency=medium - * No change rebuild against new qt/xorg. + * New upstream version 5.2.18-dfsg + * Patch refresh + * Bump std-version to 4.2.0.1, no changes required - -- Dimitri John Ledkov Fri, 03 Aug 2018 03:03:48 +0100 - -virtualbox (5.2.16-dfsg-3build1) cosmic; urgency=high - - * No change rebuild against older qt/xorg abi. - - -- Dimitri John Ledkov Thu, 02 Aug 2018 21:46:26 +0100 + -- Gianfranco Costamagna Wed, 15 Aug 2018 23:00:46 +0200 virtualbox (5.2.16-dfsg-3) unstable; urgency=medium diff -Nru virtualbox-5.2.16-dfsg/debian/control virtualbox-5.2.18-dfsg/debian/control --- virtualbox-5.2.16-dfsg/debian/control 2018-08-02 20:46:26.000000000 +0000 +++ virtualbox-5.2.18-dfsg/debian/control 2018-08-15 20:59:31.000000000 +0000 @@ -1,8 +1,7 @@ Source: virtualbox Section: contrib/misc Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian Virtualbox Team +Maintainer: Debian Virtualbox Team Uploaders: Ritesh Raj Sarraf , Gianfranco Costamagna Build-Depends: bzip2, @@ -72,7 +71,7 @@ yasm (>= 0.7.0), zlib1g-dev X-Python-Version: >= 2.5 -Standards-Version: 4.1.5 +Standards-Version: 4.2.0.1 Homepage: https://www.virtualbox.org Vcs-Browser: https://salsa.debian.org/pkg-virtualbox-team/virtualbox Vcs-Git: https://salsa.debian.org/pkg-virtualbox-team/virtualbox.git diff -Nru virtualbox-5.2.16-dfsg/debian/patches/27-hide-host-cache-warning.patch virtualbox-5.2.18-dfsg/debian/patches/27-hide-host-cache-warning.patch --- virtualbox-5.2.16-dfsg/debian/patches/27-hide-host-cache-warning.patch 2018-04-20 13:14:21.000000000 +0000 +++ virtualbox-5.2.18-dfsg/debian/patches/27-hide-host-cache-warning.patch 2018-08-15 20:59:07.000000000 +0000 @@ -6,7 +6,7 @@ index 61dbf0a59..cfb76fc48 100644 --- a/src/VBox/Main/src-client/ConsoleImpl2.cpp +++ b/src/VBox/Main/src-client/ConsoleImpl2.cpp -@@ -4038,34 +4038,12 @@ int Console::i_checkMediumLocation(IMedium *pMedium, bool *pfUseHostIOCache) +@@ -4046,34 +4046,12 @@ int Console::i_checkMediumLocation(IMedium *pMedium, bool *pfUseHostIOCache) if ( enmFsTypeFile == RTFSTYPE_EXT4 || enmFsTypeFile == RTFSTYPE_XFS) { diff -Nru virtualbox-5.2.16-dfsg/debian/virtualbox-guest-source.files/control.modules.in virtualbox-5.2.18-dfsg/debian/virtualbox-guest-source.files/control.modules.in --- virtualbox-5.2.16-dfsg/debian/virtualbox-guest-source.files/control.modules.in 2017-07-11 21:55:59.000000000 +0000 +++ virtualbox-5.2.18-dfsg/debian/virtualbox-guest-source.files/control.modules.in 2018-08-15 21:00:31.000000000 +0000 @@ -5,10 +5,10 @@ Uploaders: Ritesh Raj Sarraf , Gianfranco Costamagna Build-Depends: debhelper (>= 10), kbuild -Standards-Version: 4.0.0 -Homepage: http://www.virtualbox.org/ -Vcs-Git: https://anonscm.debian.org/git/pkg-virtualbox/virtualbox.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git +Standards-Version: 4.2.0.1 +Homepage: https://www.virtualbox.org/ +Vcs-Browser: https://salsa.debian.org/pkg-virtualbox-team/virtualbox +Vcs-Git: https://salsa.debian.org/pkg-virtualbox-team/virtualbox.git Package: virtualbox-guest-modules-_KVERS_ Section: contrib/kernel diff -Nru virtualbox-5.2.16-dfsg/debian/virtualbox-source.files/control.modules.in virtualbox-5.2.18-dfsg/debian/virtualbox-source.files/control.modules.in --- virtualbox-5.2.16-dfsg/debian/virtualbox-source.files/control.modules.in 2017-07-11 21:56:18.000000000 +0000 +++ virtualbox-5.2.18-dfsg/debian/virtualbox-source.files/control.modules.in 2018-08-15 21:00:21.000000000 +0000 @@ -5,10 +5,10 @@ Uploaders: Ritesh Raj Sarraf , Gianfranco Costamagna Build-Depends: debhelper (>= 10), kbuild -Standards-Version: 4.0.0 -Homepage: http://www.virtualbox.org/ -Vcs-Git: https://anonscm.debian.org/git/pkg-virtualbox/virtualbox.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git +Standards-Version: 4.2.0.1 +Homepage: https://www.virtualbox.org/ +Vcs-Browser: https://salsa.debian.org/pkg-virtualbox-team/virtualbox +Vcs-Git: https://salsa.debian.org/pkg-virtualbox-team/virtualbox.git Package: virtualbox-modules-_KVERS_ Section: contrib/kernel diff -Nru virtualbox-5.2.16-dfsg/doc/manual/en_US/user_BasicConcepts.xml virtualbox-5.2.18-dfsg/doc/manual/en_US/user_BasicConcepts.xml --- virtualbox-5.2.16-dfsg/doc/manual/en_US/user_BasicConcepts.xml 2018-07-16 14:56:48.000000000 +0000 +++ virtualbox-5.2.18-dfsg/doc/manual/en_US/user_BasicConcepts.xml 2018-08-14 11:38:13.000000000 +0000 @@ -714,8 +714,9 @@ If your host's CPU supports the nested paging (AMD-V) or EPT (Intel VT-x) features, then you can expect a significant performance increase - by enabling nested paging in addition to hardware virtualization. For - technical details, see . + by enabling nested paging in addition to hardware virtualization. For + technical details, see . For Intel EPT + security recommendations, see . Starting with version 5.0, VirtualBox provides paravirtualization interfaces to improve time-keeping accuracy and performance of guest diff -Nru virtualbox-5.2.16-dfsg/doc/manual/en_US/user_Security.xml virtualbox-5.2.18-dfsg/doc/manual/en_US/user_Security.xml --- virtualbox-5.2.16-dfsg/doc/manual/en_US/user_Security.xml 2018-07-16 14:56:48.000000000 +0000 +++ virtualbox-5.2.18-dfsg/doc/manual/en_US/user_Security.xml 2018-08-14 11:38:13.000000000 +0000 @@ -390,4 +390,86 @@ --> + + Security Recommendations + + This section contains security recommendations for specific issues. + By default VirtualBox will configure the VMs to run in a secure manner, + however this may not always be possible without additional user actions (e.g. + host OS / firmware configuration changes). + + + CVE-2018-3646 + + This security issue affects a range of Intel CPUs with nested paging. + AMD CPUs are expected not to be impacted (pending direct confirmation by AMD). + Also the issue does not affect VMs running with hardware virtualization + disabled or with nested paging disabled. + + For more information about nested paging, see . + + Mitigation options: + + + Disable nested paging + + By disabling nested paging (EPT), the VMM will construct page tables + shadowing the ones in the guest. It is no possible for the guest to insert + anything fishy into the page tables, since the VMM carefully validates each + entry before shadowing it. + + As a side effect of disabling nested paging, several CPU features + will not be made available to the guest. Among these features are AVX, + AVX2, XSAVE, AESNI, and POPCNT. Not all guests may be able to cope with + dropping these features after installation. Also, for some guests, + especially in SMP configurations, there could be stability issues arising + from disabling nested paging. Finally, some workloads may experience a + performance degradation. + + + + Flushing the level 1 data cache + + This aims at removing potentially sensitive data from the level 1 + data cache when running guest code. However, it is made difficult by + hyper-threading setups sharing the level 1 cache and thereby potentially + letting the other thread in a pair refill the cache with data the user + does not want the guest to see. In addition, flushing the level 1 data + cache is usually not without performance side effects. + + Up to date CPU microcode is a prerequisite for the cache flushing + mitigations. Some host OSes may install these automatically, though it + has traditionally been a task best performed by the system firmware. So, + please check with your system / mainboard manufacturer for the latest + firmware update. + + We recommend disabling hyper-threading on the host. This is + traditionally done from the firmware setup, but some OSes also offer + ways to disable HT. In some cases it may be disabled by default, but please + verify as the effectiveness of the mitigation depends on it. + + The default action taken by VirtualBox is to flush the level 1 + data cache when a thread is scheduled to execute guest code, rather + than on each VM entry. This reduces the performance impact, while + making the assumption that the host OS will not handle security + sensitive data from interrupt handlers and similar without taking + precautions. + + A more aggressive flushing option is provided via the VBoxManage + modifyvm option --l1d-flush-on-vm-entry. + When enabled the level 1 data cache will be flushed on every VM entry. + The performance impact is greater than with the default option, though + this of course depends on the workload. Workloads producing a lot of + VM exits (like networking, VGA access, and similiar) will probably be + most impacted. + + For users not concerned by this security issue, the default + mitigation can be disabled using + VBoxManage modifyvm name --l1d-flush-on-sched off + + + + + + diff -Nru virtualbox-5.2.16-dfsg/doc/manual/en_US/user_Technical.xml virtualbox-5.2.18-dfsg/doc/manual/en_US/user_Technical.xml --- virtualbox-5.2.16-dfsg/doc/manual/en_US/user_Technical.xml 2018-07-16 14:56:48.000000000 +0000 +++ virtualbox-5.2.18-dfsg/doc/manual/en_US/user_Technical.xml 2018-08-14 11:38:13.000000000 +0000 @@ -943,6 +943,10 @@ VBoxManage modifyvm --largepages command; see . + + If you have an Intel CPU with EPT, please consult + for security concerns + regarding EPT. diff -Nru virtualbox-5.2.16-dfsg/doc/manual/en_US/user_VBoxManage.xml virtualbox-5.2.18-dfsg/doc/manual/en_US/user_VBoxManage.xml --- virtualbox-5.2.16-dfsg/doc/manual/en_US/user_VBoxManage.xml 2018-07-16 14:56:48.000000000 +0000 +++ virtualbox-5.2.18-dfsg/doc/manual/en_US/user_VBoxManage.xml 2018-08-14 11:38:14.000000000 +0000 @@ -627,6 +627,14 @@ + --ibpb-on-vm-[enter|exit] on|off: + Enables flushing of the indirect branch prediction buffers on every VM enter + or exit respectively. This could be enabled by users overly worried about + possible spectre attacks by the VM. Please note that these options may have + sever impact on performance. + + + --spec-ctrl on|off: This setting enables/disables exposing speculation control interfaces to the guest, provided they are available on the host. Depending on the host CPU and workload, enabling @@ -634,6 +642,18 @@ + --l1d-flush-on-sched on|off: + Enables flushing of the level 1 data cache on scheduling EMT for guest execution. + See . + + + + --l1d-flush-on-vm-enter on|off: + Enables flushing of the level 1 data cache on VM enter. + See . + + + --cpu-profile <host|intel 80[86|286|386]>: This enables specification of a profile for guest cpu emulation. Specify either one based on the host system CPU (host), or one from @@ -713,8 +733,8 @@ --nestedpaging on|off: If hardware virtualization is enabled, this additional setting enables or disables the use of the nested paging feature in the - processor of your host system; see . + processor of your host system; see + and . @@ -1932,6 +1952,9 @@ (change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all) 1: Suggested VM name "Windows XP Professional_1" (change with "--vsys 0 --vmname <name>") + 2: End-user license agreement + (display with "--vsys 0 --eula show"; + accept with "--vsys 0 --eula accept") 3: Number of CPUs: 1 (change with "--vsys 0 --cpus <n>") 4: Guest memory: 956 MB (change with "--vsys 0 --memory <MB>") @@ -3759,7 +3782,7 @@ Use --cipher <cipher> to specify the cipher to use for encryption; this can be either AES-XTS128-PLAIN64 or - AES-AXTS256-PLAIN64. + AES-XTS256-PLAIN64. Use this option to change any existing encryption on the medium/image, or setup new encryption on it for the 1st time. diff -Nru virtualbox-5.2.16-dfsg/doc/manual/user_ChangeLogImpl.xml virtualbox-5.2.18-dfsg/doc/manual/user_ChangeLogImpl.xml --- virtualbox-5.2.16-dfsg/doc/manual/user_ChangeLogImpl.xml 2018-07-16 14:56:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/doc/manual/user_ChangeLogImpl.xml 2018-08-14 11:38:14.000000000 +0000 @@ -28,6 +28,36 @@ So, we use chapter and xpointer="xpointer(/chapter/)" with xi:include. --> + Version 5.2.18 (2018-08-14) + + This is a maintenance release. The following items were fixed and/or + added: + + + + + VMM: See . + + + + VMM: fix loading with recent binutils and self-built versions + of VirtualBox (bug #17851) + + + + NAT: fix --nataliasmode sameports + which is a valid setting (bug #13000) + + + + VRDP: fixed VM process termination on RDP client disconnect if 3D + is enabled for the virtual machine + + + + + + Version 5.2.16 (2018-07-17) This is a maintenance release. The following items were fixed and/or @@ -46,7 +76,7 @@ Linux: various build fixes for distribution builds, thank you - you Gianfranco Costmagna + Gianfranco Costmagna diff -Nru virtualbox-5.2.16-dfsg/include/iprt/err.mac virtualbox-5.2.18-dfsg/include/iprt/err.mac --- virtualbox-5.2.16-dfsg/include/iprt/err.mac 2018-07-16 14:56:54.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/iprt/err.mac 2018-08-14 11:38:19.000000000 +0000 @@ -579,6 +579,7 @@ %define VERR_VFS_CHAIN_PATH_ONLY (-22155) %define VERR_VFS_CHAIN_TYPE_MISMATCH_PATH_ONLY (-22156) %define VERR_VFS_CHAIN_NOT_PATH_ONLY (-22157) +%define VERR_VFS_CHAIN_TOO_SHORT_FOR_PARENT (-22158) %define VERR_DVM_MAP_EMPTY (-22200) %define VERR_DVM_MAP_NO_VOLUME (-22201) %define VERR_LOG_REVISION_MISMATCH (-22300) @@ -694,6 +695,7 @@ %define VERR_ASN1_INVALID_DATA_POINTER (-22854) %define VERR_ASN1_TOO_DEEPLY_NESTED (-22855) %define VERR_ASN1_UNEXPECTED_OBJ_ID (-22856) +%define VERR_ASN1_INVALID_INTEGER_ENCODING (-22857) %define VERR_ASN1_INTERNAL_ERROR_1 (-22895) %define VERR_ASN1_INTERNAL_ERROR_2 (-22896) %define VERR_ASN1_INTERNAL_ERROR_3 (-22897) diff -Nru virtualbox-5.2.16-dfsg/include/iprt/x86.h virtualbox-5.2.18-dfsg/include/iprt/x86.h --- virtualbox-5.2.16-dfsg/include/iprt/x86.h 2018-07-16 14:56:57.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/iprt/x86.h 2018-08-14 11:38:21.000000000 +0000 @@ -615,7 +615,8 @@ #define X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB RT_BIT_32(26) /** EDX Bit 27 - IBRS & IBPB - Supports the STIBP flag in IA32_SPEC_CTRL. */ #define X86_CPUID_STEXT_FEATURE_EDX_STIBP RT_BIT_32(27) - +/** EDX Bit 28 - FLUSH_CMD - Supports IA32_FLUSH_CMD MSR. */ +#define X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD RT_BIT_32(28) /** EDX Bit 29 - ARCHCAP - Supports the IA32_ARCH_CAPABILITIES MSR. */ #define X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP RT_BIT_32(29) @@ -1202,13 +1203,22 @@ /** MTRR Capabilities. */ #define MSR_IA32_MTRR_CAP 0xFE -/** Architecture capabilities (bugfixes). - * @note May move */ +/** Architecture capabilities (bugfixes). */ #define MSR_IA32_ARCH_CAPABILITIES UINT32_C(0x10a) -/** CPU is no subject to spectre problems. */ -#define MSR_IA32_ARCH_CAP_F_SPECTRE_FIX RT_BIT_32(0) +/** CPU is no subject to meltdown problems. */ +#define MSR_IA32_ARCH_CAP_F_RDCL_NO RT_BIT_32(0) /** CPU has better IBRS and you can leave it on all the time. */ -#define MSR_IA32_ARCH_CAP_F_BETTER_IBRS RT_BIT_32(1) +#define MSR_IA32_ARCH_CAP_F_IBRS_ALL RT_BIT_32(1) +/** CPU has return stack buffer (RSB) override. */ +#define MSR_IA32_ARCH_CAP_F_RSBO RT_BIT_32(2) +/** Virtual machine monitors need not flush the level 1 data cache on VM entry. + * This is also the case when MSR_IA32_ARCH_CAP_F_RDCL_NO is set. */ +#define MSR_IA32_ARCH_CAP_F_VMM_NEED_NOT_FLUSH_L1D RT_BIT_32(3) + +/** Flush command register. */ +#define MSR_IA32_FLUSH_CMD UINT32_C(0x10b) +/** Flush the level 1 data cache when this bit is written. */ +#define MSR_IA32_FLUSH_CMD_F_L1D RT_BIT_32(0) /** Cache control/info. */ #define MSR_BBL_CR_CTL3 UINT32_C(0x11e) diff -Nru virtualbox-5.2.16-dfsg/include/iprt/x86.mac virtualbox-5.2.18-dfsg/include/iprt/x86.mac --- virtualbox-5.2.16-dfsg/include/iprt/x86.mac 2018-07-16 14:56:57.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/iprt/x86.mac 2018-08-14 11:38:21.000000000 +0000 @@ -176,8 +176,15 @@ %define X86_CPUID_STEXT_FEATURE_EBX_AVX512CD RT_BIT_32(28) %define X86_CPUID_STEXT_FEATURE_EBX_SHA RT_BIT_32(29) %define X86_CPUID_STEXT_FEATURE_ECX_PREFETCHWT1 RT_BIT_32(0) +%define X86_CPUID_STEXT_FEATURE_ECX_UMIP RT_BIT_32(2) +%define X86_CPUID_STEXT_FEATURE_ECX_PKU RT_BIT_32(3) +%define X86_CPUID_STEXT_FEATURE_ECX_OSPKE RT_BIT_32(4) +%define X86_CPUID_STEXT_FEATURE_ECX_MAWAU 0x003e0000 +%define X86_CPUID_STEXT_FEATURE_ECX_RDPID RT_BIT_32(2) +%define X86_CPUID_STEXT_FEATURE_ECX_SGX_LC RT_BIT_32(30) %define X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB RT_BIT_32(26) %define X86_CPUID_STEXT_FEATURE_EDX_STIBP RT_BIT_32(27) +%define X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD RT_BIT_32(28) %define X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP RT_BIT_32(29) %define X86_CPUID_EXT_FEATURE_ECX_LAHF_SAHF RT_BIT_32(0) %define X86_CPUID_EXT_FEATURE_EDX_SYSCALL RT_BIT_32(11) @@ -238,6 +245,10 @@ %define X86_CPUID_AMD_ADVPOWER_EDX_EFRO RT_BIT_32(10) %define X86_CPUID_AMD_ADVPOWER_EDX_PFI RT_BIT_32(11) %define X86_CPUID_AMD_ADVPOWER_EDX_PA RT_BIT_32(12) +%define X86_CPUID_AMD_EFEID_EBX_CLZERO RT_BIT_32(0) +%define X86_CPUID_AMD_EFEID_EBX_IRPERF RT_BIT_32(1) +%define X86_CPUID_AMD_EFEID_EBX_XSAVE_ER_PTR RT_BIT_32(2) +%define X86_CPUID_AMD_EFEID_EBX_IBPB RT_BIT_32(12) %define X86_CPUID_SVM_FEATURE_EDX_NESTED_PAGING RT_BIT(0) %define X86_CPUID_SVM_FEATURE_EDX_LBR_VIRT RT_BIT(1) %define X86_CPUID_SVM_FEATURE_EDX_SVM_LOCK RT_BIT(2) @@ -291,6 +302,7 @@ %define X86_CR4_OSXMMEEXCPT RT_BIT_32(10) %define X86_CR4_VMXE RT_BIT_32(13) %define X86_CR4_SMXE RT_BIT_32(14) +%define X86_CR4_FSGSBASE RT_BIT_32(16) %define X86_CR4_PCIDE RT_BIT_32(17) %define X86_CR4_OSXSAVE RT_BIT_32(18) %define X86_CR4_SMEP RT_BIT_32(20) @@ -400,9 +412,13 @@ %define MSR_IA32_MPERF 0xE7 %define MSR_IA32_APERF 0xE8 %define MSR_IA32_MTRR_CAP 0xFE -%define MSR_IA32_ARCH_CAP 0x10a -%define MSR_IA32_ARCH_CAP_F_SPECTRE_FIX RT_BIT_32(0) -%define MSR_IA32_ARCH_CAP_F_BETTER_IBRS RT_BIT_32(1) +%define MSR_IA32_ARCH_CAPABILITIES 0x10a +%define MSR_IA32_ARCH_CAP_F_RDCL_NO RT_BIT_32(0) +%define MSR_IA32_ARCH_CAP_F_IBRS_ALL RT_BIT_32(1) +%define MSR_IA32_ARCH_CAP_F_RSBO RT_BIT_32(2) +%define MSR_IA32_ARCH_CAP_F_VMM_NEED_NOT_FLUSH_L1D RT_BIT_32(3) +%define MSR_IA32_FLUSH_CMD 0x10b +%define MSR_IA32_FLUSH_CMD_F_L1D RT_BIT_32(0) %define MSR_BBL_CR_CTL3 0x11e %ifndef MSR_IA32_SYSENTER_CS %define MSR_IA32_SYSENTER_CS 0x174 @@ -768,6 +784,11 @@ %endif %define X86_PML4_SHIFT 39 %define X86_PML4_MASK 0x1ff +%define X86_INVPCID_TYPE_INDV_ADDR 0 +%define X86_INVPCID_TYPE_SINGLE_CONTEXT 1 +%define X86_INVPCID_TYPE_ALL_CONTEXT_INCL_GLOBAL 2 +%define X86_INVPCID_TYPE_ALL_CONTEXT_EXCL_GLOBAL 3 +%define X86_INVPCID_TYPE_MAX_VALID X86_INVPCID_TYPE_ALL_CONTEXT_EXCL_GLOBAL %ifndef VBOX_FOR_DTRACE_LIB %endif %ifndef VBOX_FOR_DTRACE_LIB diff -Nru virtualbox-5.2.16-dfsg/include/VBox/err.mac virtualbox-5.2.18-dfsg/include/VBox/err.mac --- virtualbox-5.2.16-dfsg/include/VBox/err.mac 2018-07-16 14:56:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/err.mac 2018-08-14 11:38:16.000000000 +0000 @@ -720,6 +720,7 @@ %define VERR_SUPDRV_TSC_DELTA_MEASUREMENT_BUSY (-3747) %define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_1 (-3748) %define VERR_SUPDRV_NOT_BUDDING_VM_PROCESS_2 (-3749) +%define VERR_SUPDRV_NO_RAW_MODE_HYPER_V_ROOT (-7000) %define VERR_SUPLIB_PATH_NOT_ABSOLUTE (-3750) %define VERR_SUPLIB_PATH_NOT_CLEAN (-3751) %define VERR_SUPLIB_PATH_TOO_LONG (-3752) diff -Nru virtualbox-5.2.16-dfsg/include/VBox/settings.h virtualbox-5.2.18-dfsg/include/VBox/settings.h --- virtualbox-5.2.16-dfsg/include/VBox/settings.h 2018-07-16 14:56:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/settings.h 2018-08-14 11:38:16.000000000 +0000 @@ -908,6 +908,8 @@ bool fIBPBOnVMEntry; //< added out of cycle, after 1.16 was out. bool fSpecCtrl; //< added out of cycle, after 1.16 was out. bool fSpecCtrlByHost; //< added out of cycle, after 1.16 was out. + bool fL1DFlushOnSched ; //< added out of cycle, after 1.16 was out. + bool fL1DFlushOnVMEntry ; //< added out of cycle, after 1.16 was out. typedef enum LongModeType { LongMode_Enabled, LongMode_Disabled, LongMode_Legacy } LongModeType; LongModeType enmLongMode; uint32_t cCPUs; diff -Nru virtualbox-5.2.16-dfsg/include/VBox/vmm/cpumctx.h virtualbox-5.2.18-dfsg/include/VBox/vmm/cpumctx.h --- virtualbox-5.2.16-dfsg/include/VBox/vmm/cpumctx.h 2018-07-16 14:56:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/vmm/cpumctx.h 2018-08-14 11:38:16.000000000 +0000 @@ -749,6 +749,8 @@ #define CPUMCTX_WSF_IBPB_EXIT RT_BIT_32(0) /** Touch IA32_PRED_CMD.IBPB on VM entry. */ #define CPUMCTX_WSF_IBPB_ENTRY RT_BIT_32(1) +/** Touch IA32_FLUSH_CMD.L1D on VM entry. */ +#define CPUMCTX_WSF_L1D_ENTRY RT_BIT_32(2) /** @} */ diff -Nru virtualbox-5.2.16-dfsg/include/VBox/vmm/cpum.h virtualbox-5.2.18-dfsg/include/VBox/vmm/cpum.h --- virtualbox-5.2.16-dfsg/include/VBox/vmm/cpum.h 2018-07-16 14:56:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/vmm/cpum.h 2018-08-14 11:38:16.000000000 +0000 @@ -727,6 +727,7 @@ kCpumMsrWrFn_Ia32DebugInterface, kCpumMsrWrFn_Ia32SpecCtrl, kCpumMsrWrFn_Ia32PredCmd, + kCpumMsrWrFn_Ia32FlushCmd, kCpumMsrWrFn_Amd64Efer, kCpumMsrWrFn_Amd64SyscallTarget, @@ -1037,6 +1038,8 @@ uint32_t fIbrs : 1; /** Supports IA32_SPEC_CTRL.STIBP. */ uint32_t fStibp : 1; + /** Supports IA32_FLUSH_CMD. */ + uint32_t fFlushCmd : 1; /** Supports IA32_ARCH_CAP. */ uint32_t fArchCap : 1; /** Supports PCID. */ @@ -1077,13 +1080,26 @@ /** Support for Intel VMX. */ uint32_t fVmx : 1; - /** Indicates that speculative execution control CPUID bits and - * MSRs are exposed. The details are different for Intel and - * AMD but both have similar functionality. */ + /** Indicates that speculative execution control CPUID bits and MSRs are exposed. + * The details are different for Intel and AMD but both have similar + * functionality. */ uint32_t fSpeculationControl : 1; + /** MSR_IA32_ARCH_CAPABILITIES: RDCL_NO (bit 0). + * @remarks Only safe use after CPUM ring-0 init! */ + uint32_t fArchRdclNo : 1; + /** MSR_IA32_ARCH_CAPABILITIES: IBRS_ALL (bit 1). + * @remarks Only safe use after CPUM ring-0 init! */ + uint32_t fArchIbrsAll : 1; + /** MSR_IA32_ARCH_CAPABILITIES: RSB Override (bit 2). + * @remarks Only safe use after CPUM ring-0 init! */ + uint32_t fArchRsbOverride : 1; + /** MSR_IA32_ARCH_CAPABILITIES: RSB Override (bit 3). + * @remarks Only safe use after CPUM ring-0 init! */ + uint32_t fArchVmmNeedNotFlushL1d : 1; + /** Alignment padding / reserved for future use. */ - uint32_t fPadding : 15; + uint32_t fPadding : 10; /** SVM: Supports Nested-paging. */ uint32_t fSvmNestedPaging : 1; diff -Nru virtualbox-5.2.16-dfsg/include/VBox/vmm/cpum.mac virtualbox-5.2.18-dfsg/include/VBox/vmm/cpum.mac --- virtualbox-5.2.16-dfsg/include/VBox/vmm/cpum.mac 2018-07-16 14:56:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/vmm/cpum.mac 2018-08-14 11:38:16.000000000 +0000 @@ -285,6 +285,8 @@ %define CPUMCTX_WSF_IBPB_EXIT RT_BIT_32(0) %define CPUMCTX_WSF_IBPB_ENTRY RT_BIT_32(1) +%define CPUMCTX_WSF_L1D_ENTRY RT_BIT_32(2) + %define CPUMSELREG_FLAGS_VALID 0x0001 %define CPUMSELREG_FLAGS_STALE 0x0002 diff -Nru virtualbox-5.2.16-dfsg/include/VBox/vmm/hm_vmx.h virtualbox-5.2.18-dfsg/include/VBox/vmm/hm_vmx.h --- virtualbox-5.2.16-dfsg/include/VBox/vmm/hm_vmx.h 2018-07-16 14:56:52.000000000 +0000 +++ virtualbox-5.2.18-dfsg/include/VBox/vmm/hm_vmx.h 2018-08-14 11:38:17.000000000 +0000 @@ -1111,10 +1111,10 @@ /** Memory type that must be used for the VMCS. */ #define MSR_IA32_VMX_BASIC_INFO_VMCS_MEM_TYPE(a) (((a) >> 50) & 0xF) /** Whether the processor provides additional information for exits due to INS/OUTS. */ -#define MSR_IA32_VMX_BASIC_INFO_VMCS_INS_OUTS(a) ((a) & RT_BIT_64(54)) +#define MSR_IA32_VMX_BASIC_INFO_VMCS_INS_OUTS(a) (((a) >> 54) & 1) /** Whether default 1 bits in control MSRs (pin/proc/exit/entry) may be * cleared to 0 and that 'true' control MSRs are supported. */ -#define MSR_IA32_VMX_BASIC_INFO_TRUE_CONTROLS(a) ((a) & RT_BIT_64(55)) +#define MSR_IA32_VMX_BASIC_INFO_TRUE_CONTROLS(a) (((a) >> 55) & 1) /** @} */ diff -Nru virtualbox-5.2.16-dfsg/Makefile.kmk virtualbox-5.2.18-dfsg/Makefile.kmk --- virtualbox-5.2.16-dfsg/Makefile.kmk 2018-07-16 14:56:47.000000000 +0000 +++ virtualbox-5.2.18-dfsg/Makefile.kmk 2018-08-14 11:38:13.000000000 +0000 @@ -1124,7 +1124,7 @@ additions-build-os2.rsync-out-of-vm: additions-build-os2.build-it rsh -l vbox $(VBOX_BLD_VM_OS2_IP) "dir e:\\tinderbox\\$(VBOX_ADDITIONS_BUILD_SUBDIRNAME)\\out" rsh -l vbox $(VBOX_BLD_VM_OS2_IP) "dir e:\\tinderbox\\$(VBOX_ADDITIONS_BUILD_SUBDIRNAME)\\out\\os2.x86" - $(REDIRECT) -v -r0 /dev/null -- rsync -vvvvvvv -a --delete rsync://vbox@$(VBOX_BLD_VM_OS2_IP)/tinderbox/$(VBOX_ADDITIONS_BUILD_SUBDIRNAME)/out/os2.x86 out/ + $(VBOX_KMK_TIME) rsync -v -a --delete rsync://vbox@$(VBOX_BLD_VM_OS2_IP)/tinderbox/$(VBOX_ADDITIONS_BUILD_SUBDIRNAME)/out/os2.x86 out/ .NOTPARALLEL: additions-build-os2.rsync-into-vm .PHONY: additions-build-os2.rsync-into-vm additions-build-os2.rsync-out-of-vm additions-build-os2.build-it Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/Additions/common/crOpenGL/entrypoints.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/Additions/common/crOpenGL/entrypoints.pyc differ diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.asm 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.asm 2018-08-14 11:42:59.000000000 +0000 @@ -7395,7 +7395,7 @@ section _DATA progbits vstart=0x4600 align=1 ; size=0x3727 class=DATA group=DGROUP _msg_vga_init: ; 0xc4600 LB 0x2f - db 'Oracle VM VirtualBox Version 5.2.16 VGA BIOS', 00dh, 00ah, 000h + db 'Oracle VM VirtualBox Version 5.2.18 VGA BIOS', 00dh, 00ah, 000h _vga_modes: ; 0xc462f LB 0x80 db 000h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 001h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h db 002h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 003h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h @@ -8292,7 +8292,7 @@ _vbebios_product_name: ; 0xc7c8e LB 0x21 db 'Oracle VM VirtualBox VBE Adapter', 000h _vbebios_product_revision: ; 0xc7caf LB 0x24 - db 'Oracle VM VirtualBox Version 5.2.16', 000h + db 'Oracle VM VirtualBox Version 5.2.18', 000h _vbebios_info_string: ; 0xc7cd3 LB 0x2b db 'VirtualBox VBE Display Adapter enabled', 00dh, 00ah, 00dh, 00ah, 000h _no_vbebios_info_string: ; 0xc7cfe LB 0x29 @@ -8351,4 +8351,4 @@ db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h - db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 033h + db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 02fh diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.md5sum 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative286.md5sum 2018-08-14 11:42:59.000000000 +0000 @@ -1 +1 @@ -84e4085c92fe822b7fd114d6ee22d0f7 *VBoxVgaBios286.rom +84cc403384ebca647f2b77f7d327bc60 *VBoxVgaBios286.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.asm 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.asm 2018-08-14 11:42:59.000000000 +0000 @@ -6867,7 +6867,7 @@ section _DATA progbits vstart=0x4600 align=1 ; size=0x3727 class=DATA group=DGROUP _msg_vga_init: ; 0xc4600 LB 0x2f - db 'Oracle VM VirtualBox Version 5.2.16 VGA BIOS', 00dh, 00ah, 000h + db 'Oracle VM VirtualBox Version 5.2.18 VGA BIOS', 00dh, 00ah, 000h _vga_modes: ; 0xc462f LB 0x80 db 000h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 001h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h db 002h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 003h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h @@ -7764,7 +7764,7 @@ _vbebios_product_name: ; 0xc7c8e LB 0x21 db 'Oracle VM VirtualBox VBE Adapter', 000h _vbebios_product_revision: ; 0xc7caf LB 0x24 - db 'Oracle VM VirtualBox Version 5.2.16', 000h + db 'Oracle VM VirtualBox Version 5.2.18', 000h _vbebios_info_string: ; 0xc7cd3 LB 0x2b db 'VirtualBox VBE Display Adapter enabled', 00dh, 00ah, 00dh, 00ah, 000h _no_vbebios_info_string: ; 0xc7cfe LB 0x29 @@ -7823,4 +7823,4 @@ db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h - db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 0a8h + db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 0a4h diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.md5sum 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative386.md5sum 2018-08-14 11:42:59.000000000 +0000 @@ -1 +1 @@ -20474e2cf7ec488cb4f8b711daa0fe87 *VBoxVgaBios386.rom +466f58de8bf662315e55a437d3e35d47 *VBoxVgaBios386.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.asm 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.asm 2018-08-14 11:42:59.000000000 +0000 @@ -7514,7 +7514,7 @@ section _DATA progbits vstart=0x4600 align=1 ; size=0x3727 class=DATA group=DGROUP _msg_vga_init: ; 0xc4600 LB 0x2f - db 'Oracle VM VirtualBox Version 5.2.16 VGA BIOS', 00dh, 00ah, 000h + db 'Oracle VM VirtualBox Version 5.2.18 VGA BIOS', 00dh, 00ah, 000h _vga_modes: ; 0xc462f LB 0x80 db 000h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 001h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h db 002h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h, 003h, 000h, 000h, 004h, 000h, 0b8h, 0ffh, 002h @@ -8411,7 +8411,7 @@ _vbebios_product_name: ; 0xc7c8e LB 0x21 db 'Oracle VM VirtualBox VBE Adapter', 000h _vbebios_product_revision: ; 0xc7caf LB 0x24 - db 'Oracle VM VirtualBox Version 5.2.16', 000h + db 'Oracle VM VirtualBox Version 5.2.18', 000h _vbebios_info_string: ; 0xc7cd3 LB 0x2b db 'VirtualBox VBE Display Adapter enabled', 00dh, 00ah, 00dh, 00ah, 000h _no_vbebios_info_string: ; 0xc7cfe LB 0x29 @@ -8470,4 +8470,4 @@ db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h - db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 097h + db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 093h diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.md5sum 2018-07-16 15:01:29.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Graphics/BIOS/VBoxVgaBiosAlternative8086.md5sum 2018-08-14 11:42:59.000000000 +0000 @@ -1 +1 @@ -faf7fe86880f960451fbf5d481b7261c *VBoxVgaBios8086.rom +16e0e9b87574682bf1d9fd8e404d2e1a *VBoxVgaBios8086.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Makefile.kmk virtualbox-5.2.18-dfsg/src/VBox/Devices/Makefile.kmk --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Makefile.kmk 2018-07-16 15:01:44.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Makefile.kmk 2018-08-14 11:43:11.000000000 +0000 @@ -676,7 +676,6 @@ $(if $(VBOX_WITH_SLIRP_MEMORY_CHECK),RTMEM_WRAP_TO_EF_APIS,) \ $(if $(VBOX_WITH_DEBUG_NAT_SOCKETS),VBOX_WITH_DEBUG_NAT_SOCKETS,) \ $(if $(VBOX_WITH_DNSMAPPING_IN_HOSTRESOLVER),VBOX_WITH_DNSMAPPING_IN_HOSTRESOLVER,) \ - $(if $(VBOX_WITH_NAT_UDP_SOCKET_CLONE),VBOX_WITH_NAT_UDP_SOCKET_CLONE,) \ $(if $(VBOX_WITH_NAT_SEND2HOME),VBOX_WITH_NAT_SEND2HOME,) \ $(if $(VBOX_WITH_HIDDEN_TCPTEMPLATE),VBOX_WITH_HIDDEN_TCPTEMPLATE,) \ $(if $(VBOX_WITH_SLIRP_MT),VBOX_WITH_SLIRP_MT,) diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/ip_output.c virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/ip_output.c --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/ip_output.c 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/ip_output.c 2018-08-14 11:43:15.000000000 +0000 @@ -150,8 +150,9 @@ */ ip->ip_v = IPVERSION; ip->ip_off &= IP_DF; - ip->ip_id = RT_H2N_U16(ip_currid++); + ip->ip_id = RT_H2N_U16(ip_currid); ip->ip_hl = hlen >> 2; + ip_currid++; ipstat.ips_localout++; /* Current TCP/IP stack hasn't routing information at diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/slirp.c virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/slirp.c --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/slirp.c 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/slirp.c 2018-08-14 11:43:15.000000000 +0000 @@ -391,9 +391,14 @@ if (i32AliasMode & ~(PKT_ALIAS_LOG|PKT_ALIAS_SAME_PORTS|PKT_ALIAS_PROXY_ONLY)) { - Log(("NAT: alias mode %x is ignored\n", i32AliasMode)); + LogRel(("NAT: bad alias mode 0x%x ignored\n", i32AliasMode)); i32AliasMode = 0; } + else if (i32AliasMode != 0) + { + LogRel(("NAT: alias mode 0x%x\n", i32AliasMode)); + } + pData->i32AliasMode = i32AliasMode; getouraddr(pData); { @@ -680,10 +685,7 @@ so->so_poll_index = -1; #endif STAM_COUNTER_INC(&pData->StatTCP); -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - /* TCP socket can't be cloned */ - Assert((!so->so_cloneOf)); -#endif + /* * See if we need a tcp_fasttimo */ @@ -792,10 +794,6 @@ CONTINUE_NO_UNLOCK(udp); } } -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - if (so->so_cloneOf) - CONTINUE_NO_UNLOCK(udp); -#endif /* * When UDP packets are received from over the link, they're @@ -957,10 +955,6 @@ */ QSOCKET_FOREACH(so, so_next, tcp) /* { */ - /* TCP socket can't be cloned */ -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - Assert((!so->so_cloneOf)); -#endif Assert(!so->fUnderPolling); so->fUnderPolling = 1; if (slirpVerifyAndFreeSocket(pData, so)) @@ -1229,10 +1223,6 @@ */ QSOCKET_FOREACH(so, so_next, udp) /* { */ -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - if (so->so_cloneOf) - CONTINUE_NO_UNLOCK(udp); -#endif #if 0 so->fUnderPolling = 1; if(slirpVerifyAndFreeSocket(pData, so)); @@ -2033,7 +2023,7 @@ struct rcp_state rcp_state; int rc; - rcp_state.rcps_flags |= RCPSF_IGNORE_IPV6; + rcp_state.rcps_flags = RCPSF_IGNORE_IPV6; rc = rcp_parse(&rcp_state, RESOLV_CONF_FILE); LogRelFunc(("NAT: rcp_parse:%Rrc old domain:%s new domain:%s\n", rc, LIST_EMPTY(&pData->pDomainList) diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/socket.c virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/socket.c --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/socket.c 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/socket.c 2018-08-14 11:43:15.000000000 +0000 @@ -35,72 +35,13 @@ #include #include #endif +#include #if defined(DECLARE_IOVEC) && defined(RT_OS_WINDOWS) AssertCompileMembersSameSizeAndOffset(struct iovec, iov_base, WSABUF, buf); AssertCompileMembersSameSizeAndOffset(struct iovec, iov_len, WSABUF, len); #endif -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE -/** - * - */ -struct socket * soCloneUDPSocketWithForegnAddr(PNATState pData, bool fBindSocket, struct socket *pSo, uint32_t u32ForeignAddr) -{ - struct socket *pNewSocket = NULL; - LogFlowFunc(("Enter: fBindSocket:%RTbool, so:%R[natsock], u32ForeignAddr:%RTnaipv4\n", fBindSocket, pSo, u32ForeignAddr)); - pNewSocket = socreate(); - if (!pNewSocket) - { - LogFunc(("Can't create socket\n")); - LogFlowFunc(("Leave: NULL\n")); - return NULL; - } - if (fBindSocket) - { - if (udp_attach(pData, pNewSocket, 0) <= 0) - { - sofree(pData, pNewSocket); - LogFunc(("Can't attach fresh created socket\n")); - return NULL; - } - } - else - { - pNewSocket->so_cloneOf = (struct socket *)pSo; - pNewSocket->s = pSo->s; - insque(pData, pNewSocket, &udb); - } - pNewSocket->so_laddr = pSo->so_laddr; - pNewSocket->so_lport = pSo->so_lport; - pNewSocket->so_faddr.s_addr = u32ForeignAddr; - pNewSocket->so_fport = pSo->so_fport; - pSo->so_cCloneCounter++; - LogFlowFunc(("Leave: %R[natsock]\n", pNewSocket)); - return pNewSocket; -} - -struct socket *soLookUpClonedUDPSocket(PNATState pData, const struct socket *pcSo, uint32_t u32ForeignAddress) -{ - struct socket *pSoClone = NULL; - LogFlowFunc(("Enter: pcSo:%R[natsock], u32ForeignAddress:%RTnaipv4\n", pcSo, u32ForeignAddress)); - for (pSoClone = udb.so_next; pSoClone != &udb; pSoClone = pSoClone->so_next) - { - if ( pSoClone->so_cloneOf - && pSoClone->so_cloneOf == pcSo - && pSoClone->so_lport == pcSo->so_lport - && pSoClone->so_fport == pcSo->so_fport - && pSoClone->so_laddr.s_addr == pcSo->so_laddr.s_addr - && pSoClone->so_faddr.s_addr == u32ForeignAddress) - goto done; - } - pSoClone = NULL; -done: - LogFlowFunc(("Leave: pSoClone: %R[natsock]\n", pSoClone)); - return pSoClone; -} -#endif - #ifdef VBOX_WITH_NAT_SEND2HOME DECLINLINE(bool) slirpSend2Home(PNATState pData, struct socket *pSo, const void *pvBuf, uint32_t cbBuf, int iFlags) { @@ -230,6 +171,87 @@ LogFlowFuncLeave(); } + +/* + * Worker for sobind() below. + */ +static int +sobindto(struct socket *so, uint32_t addr, uint16_t port) +{ + struct sockaddr_in self; + int status; + + if (addr == INADDR_ANY && port == 0 && so->so_type != IPPROTO_UDP) + { + /* TCP sockets without constraints don't need to be bound */ + Log2(("NAT: sobind: %s guest %RTnaipv4:%d - nothing to do\n", + so->so_type == IPPROTO_UDP ? "udp" : "tcp", + so->so_laddr.s_addr, ntohs(so->so_lport))); + return 0; + } + + RT_ZERO(self); +#ifdef RT_OS_DARWIN + self.sin_len = sizeof(self); +#endif + self.sin_family = AF_INET; + self.sin_addr.s_addr = addr; + self.sin_port = port; + + status = bind(so->s, (struct sockaddr *)&self, sizeof(self)); + if (status == 0) + { + Log2(("NAT: sobind: %s guest %RTnaipv4:%d to host %RTnaipv4:%d\n", + so->so_type == IPPROTO_UDP ? "udp" : "tcp", + so->so_laddr.s_addr, ntohs(so->so_lport), addr, ntohs(port))); + return 0; + } + + Log2(("NAT: sobind: %s guest %RTnaipv4:%d to host %RTnaipv4:%d error %d%s\n", + so->so_type == IPPROTO_UDP ? "udp" : "tcp", + so->so_laddr.s_addr, ntohs(so->so_lport), + addr, ntohs(port), + errno, port ? " (will retry with random port)" : "")); + + if (port) /* retry without */ + status = sobindto(so, addr, 0); + + if (addr) + return status; + else + return 0; +} + + +/* + * Bind the socket to specific host address and/or port if necessary. + * We also always bind udp sockets to force the local port to be + * allocated and known in advance. + */ +int +sobind(PNATState pData, struct socket *so) +{ + uint32_t addr = pData->bindIP.s_addr; /* may be INADDR_ANY */ + bool fSamePorts = !!(pData->i32AliasMode & PKT_ALIAS_SAME_PORTS); + uint16_t port; + int status; + + if (fSamePorts) + { + int opt = 1; + setsockopt(so->s, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)); + port = so->so_lport; + } + else + { + port = 0; + } + + status = sobindto(so, addr, port); + return status; +} + + /* * Read from so's socket into sb_snd, updating all relevant sbuf fields * NOTE: This will only be called if it is select()ed for reading, so diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/socket.h virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/socket.h --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/socket.h 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/socket.h 2018-08-14 11:43:16.000000000 +0000 @@ -97,10 +97,6 @@ void (* so_timeout)(PNATState pData, struct socket *so, void *arg); void *so_timeout_arg; -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - struct socket *so_cloneOf; /* pointer to master instance */ - int so_cCloneCounter; /* number of clones */ -#endif /** These flags (''fUnderPolling'' and ''fShouldBeRemoved'') introduced to * to let polling routine gain control over freeing socket whatever level of * TCP/IP initiated socket releasing. @@ -170,6 +166,7 @@ struct socket * solookup (struct socket *, struct in_addr, u_int, struct in_addr, u_int); struct socket * socreate (void); void sofree (PNATState, struct socket *); +int sobind(PNATState, struct socket *); int soread (PNATState, struct socket *); void sorecvoob (PNATState, struct socket *); int sosendoob (struct socket *); @@ -186,16 +183,6 @@ void soisfdisconnected (struct socket *); void sofwdrain (struct socket *); -/** - * Creates copy of UDP socket with specified addr - * fBindSocket - in case we want bind a real socket. - * @return copy of the socket with f_addr equal to u32ForeignAddr - */ -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE -struct socket * soCloneUDPSocketWithForegnAddr(PNATState pData, bool fBindSocket, struct socket *pSo, uint32_t u32ForeignAddr); -struct socket *soLookUpClonedUDPSocket(PNATState pData, const struct socket *pcSo, uint32_t u32ForeignAddress); -#endif - static inline int soIgnorableErrorCode(int iErrorCode) { return ( iErrorCode == EINPROGRESS diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/tcp_subr.c virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/tcp_subr.c --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/tcp_subr.c 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/tcp_subr.c 2018-08-14 11:43:16.000000000 +0000 @@ -412,25 +412,13 @@ struct sockaddr_in addr; fd_nonblock(s); - opt = 1; - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)); + opt = 1; setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&opt, sizeof(opt)); - if (pData->bindIP.s_addr != INADDR_ANY) - { - struct sockaddr_in self; - self.sin_family = AF_INET; - self.sin_addr = pData->bindIP; - self.sin_port = 0; - - ret = bind(s, (struct sockaddr *)&self, sizeof(self)); - if (ret != 0) - { - Log2(("NAT: bind(%RTnaipv4): %s\n", pData->bindIP.s_addr, strerror(errno))); - return ret; - } - } + ret = sobind(pData, so); + if (ret != 0) + return ret; addr.sin_family = AF_INET; if ((so->so_faddr.s_addr & RT_H2N_U32(pData->netmask)) == pData->special_addr.s_addr) @@ -465,9 +453,9 @@ addr.sin_addr = so->so_faddr; addr.sin_port = so->so_fport; - Log2((" connect()ing, addr.sin_port=%d, addr.sin_addr.s_addr=%.16s\n", - RT_N2H_U16(addr.sin_port), inet_ntoa(addr.sin_addr))); - /* We don't care what port we get */ + Log2(("NAT: tcp connect to %RTnaipv4:%d\n", + addr.sin_addr.s_addr, RT_N2H_U16(addr.sin_port))); + ret = connect(s,(struct sockaddr *)&addr,sizeof (addr)); /* diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/udp.c virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/udp.c --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Network/slirp/udp.c 2018-07-16 15:01:49.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/slirp/udp.c 2018-08-14 11:43:16.000000000 +0000 @@ -270,6 +270,14 @@ Log2(("NAT: IP(id: %hd) failed to create socket\n", ip->ip_id)); goto bad_free_mbuf; } + + /* + * Setup fields + */ + so->so_laddr = ip->ip_src; + so->so_lport = uh->uh_sport; + so->so_iptos = ip->ip_tos; + if (udp_attach(pData, so) <= 0) { Log2(("NAT: IP(id: %hd) udp_attach errno = %d (%s)\n", @@ -278,15 +286,7 @@ goto bad_free_mbuf; } - /* - * Setup fields - */ /* udp_last_so = so; */ - so->so_laddr = ip->ip_src; - so->so_lport = uh->uh_sport; - - so->so_iptos = ip->ip_tos; - /* * XXXXX Here, check if it's in udpexec_list, * and if it is, do the fork_exec() etc. @@ -467,9 +467,7 @@ struct sockaddr_in *addr) { struct sockaddr_in saddr, daddr; -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - struct socket *pSocketClone = NULL; -#endif + Assert(so->so_type == IPPROTO_UDP); LogFlowFunc(("ENTER: so = %R[natsock], m = %p, saddr = %RTnaipv4\n", so, m, addr->sin_addr.s_addr)); @@ -508,17 +506,7 @@ saddr.sin_addr.s_addr = alias_addr.s_addr; else saddr.sin_addr.s_addr = addr->sin_addr.s_addr; - /* we shouldn't override initial socket */ -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - if (so->so_cCloneCounter) - pSocketClone = soLookUpClonedUDPSocket(pData, so, addr->sin_addr.s_addr); - if (!pSocketClone) - pSocketClone = soCloneUDPSocketWithForegnAddr(pData, false, so, addr->sin_addr.s_addr); - Assert((pSocketClone)); - so = pSocketClone; -#else so->so_faddr.s_addr = addr->sin_addr.s_addr; -#endif } } @@ -537,62 +525,49 @@ int udp_attach(PNATState pData, struct socket *so) { - struct sockaddr_in *addr; struct sockaddr sa_addr; socklen_t socklen = sizeof(struct sockaddr); int status; int opt = 1; - /* We attaching some olready attched socket ??? */ - Assert(so->so_type == 0); - if ((so->s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) + AssertReturn(so->so_type == 0, -1); + so->so_type = IPPROTO_UDP; + + so->s = socket(AF_INET, SOCK_DGRAM, 0); + if (so->s == -1) goto error; + fd_nonblock(so->s); + so->so_sottl = 0; so->so_sotos = 0; so->so_sodf = -1; - /* - * Here, we bind() the socket. Although not really needed - * (sendto() on an unbound socket will bind it), it's done - * here so that emulation of ytalk etc. don't have to do it - */ - memset(&sa_addr, 0, sizeof(struct sockaddr)); - addr = (struct sockaddr_in *)&sa_addr; -#ifdef RT_OS_DARWIN - addr->sin_len = sizeof(struct sockaddr_in); -#endif - addr->sin_family = AF_INET; - addr->sin_addr.s_addr = pData->bindIP.s_addr; - fd_nonblock(so->s); - if (bind(so->s, &sa_addr, sizeof(struct sockaddr_in)) < 0) - { - int lasterrno = errno; - closesocket(so->s); - so->s = -1; -#ifdef RT_OS_WINDOWS - WSASetLastError(lasterrno); -#else - errno = lasterrno; -#endif - goto error; - } + + status = sobind(pData, so); + if (status != 0) + return status; + /* success, insert in queue */ so->so_expire = curtime + SO_EXPIRE; + /* enable broadcast for later use */ setsockopt(so->s, SOL_SOCKET, SO_BROADCAST, (const char *)&opt, sizeof(opt)); + status = getsockname(so->s, &sa_addr, &socklen); - Assert(status == 0 && sa_addr.sa_family == AF_INET); - so->so_hlport = ((struct sockaddr_in *)&sa_addr)->sin_port; - so->so_hladdr.s_addr = ((struct sockaddr_in *)&sa_addr)->sin_addr.s_addr; + if (status == 0) + { + Assert(sa_addr.sa_family == AF_INET); + so->so_hlport = ((struct sockaddr_in *)&sa_addr)->sin_port; + so->so_hladdr.s_addr = ((struct sockaddr_in *)&sa_addr)->sin_addr.s_addr; + } SOCKET_LOCK_CREATE(so); QSOCKET_LOCK(udb); insque(pData, so, &udb); NSOCK_INC(); QSOCKET_UNLOCK(udb); - so->so_type = IPPROTO_UDP; return so->s; error: - Log2(("NAT: can't create datagramm socket\n")); + Log2(("NAT: can't create datagram socket\n")); return -1; } @@ -605,16 +580,6 @@ QSOCKET_LOCK(udb); SOCKET_LOCK(so); QSOCKET_UNLOCK(udb); -#ifdef VBOX_WITH_NAT_UDP_SOCKET_CLONE - if (so->so_cloneOf) - so->so_cloneOf->so_cCloneCounter--; - else if (so->so_cCloneCounter > 0) - { - /* we can't close socket yet */ - SOCKET_UNLOCK(so); - return; - } -#endif closesocket(so->s); sofree(pData, so); SOCKET_UNLOCK(so); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.asm 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.asm 2018-08-14 11:43:16.000000000 +0000 @@ -1172,7 +1172,7 @@ section CONST2 progbits vstart=0xd8e align=1 ; size=0x3fa class=DATA group=DGROUP _bios_cvs_version_string: ; 0xf0d8e LB 0x12 - db 'VirtualBox 5.2.16', 000h + db 'VirtualBox 5.2.18', 000h _bios_prefix_string: ; 0xf0da0 LB 0x8 db 'BIOS: ', 000h, 000h _isotag: ; 0xf0da8 LB 0x6 @@ -17867,4 +17867,4 @@ db 'XM' cpu_reset: ; 0xffff0 LB 0x10 jmp far 0f000h:0e05bh ; ea 5b e0 00 f0 - db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fch, 09eh + db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fch, 09ch diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.md5sum 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative286.md5sum 2018-08-14 11:43:16.000000000 +0000 @@ -1 +1 @@ -9b49870bcb971571d23343a2184d44ed *VBoxPcBios286.rom +3a8f84a8ca9d86aa854b9f9d6edc15ec *VBoxPcBios286.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.asm 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.asm 2018-08-14 11:43:16.000000000 +0000 @@ -1136,7 +1136,7 @@ section CONST2 progbits vstart=0xda0 align=1 ; size=0x3fa class=DATA group=DGROUP _bios_cvs_version_string: ; 0xf0da0 LB 0x12 - db 'VirtualBox 5.2.16', 000h + db 'VirtualBox 5.2.18', 000h _bios_prefix_string: ; 0xf0db2 LB 0x8 db 'BIOS: ', 000h, 000h _isotag: ; 0xf0dba LB 0x6 @@ -17365,4 +17365,4 @@ db 'XM' cpu_reset: ; 0xffff0 LB 0x10 jmp far 0f000h:0e05bh ; ea 5b e0 00 f0 - db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fch, 0ebh + db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fch, 0e9h diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.md5sum 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative386.md5sum 2018-08-14 11:43:16.000000000 +0000 @@ -1 +1 @@ -59ac65fb0fd6be482f17dcbdf630af0b *VBoxPcBios386.rom +724975a07fa8b070e76569b882c97e28 *VBoxPcBios386.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.asm virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.asm --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.asm 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.asm 2018-08-14 11:43:16.000000000 +0000 @@ -1172,7 +1172,7 @@ section CONST2 progbits vstart=0xd8e align=1 ; size=0x3fa class=DATA group=DGROUP _bios_cvs_version_string: ; 0xf0d8e LB 0x12 - db 'VirtualBox 5.2.16', 000h + db 'VirtualBox 5.2.18', 000h _bios_prefix_string: ; 0xf0da0 LB 0x8 db 'BIOS: ', 000h, 000h _isotag: ; 0xf0da8 LB 0x6 @@ -18294,4 +18294,4 @@ db 'XM' cpu_reset: ; 0xffff0 LB 0x10 jmp far 0f000h:0e05bh ; ea 5b e0 00 f0 - db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fbh, 005h + db 030h, 036h, 02fh, 032h, 033h, 02fh, 039h, 039h, 000h, 0fbh, 003h diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.md5sum virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.md5sum --- virtualbox-5.2.16-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.md5sum 2018-07-16 15:01:50.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/PC/BIOS/VBoxBiosAlternative8086.md5sum 2018-08-14 11:43:16.000000000 +0000 @@ -1 +1 @@ -4101cdb6407ea3334d9b6f1d064d58ac *VBoxPcBios8086.rom +28783cd0bde7a1e667d6c0dbf7482678 *VBoxPcBios8086.rom diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Devices/Storage/DrvSCSI.cpp virtualbox-5.2.18-dfsg/src/VBox/Devices/Storage/DrvSCSI.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Devices/Storage/DrvSCSI.cpp 2018-07-16 15:02:13.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Storage/DrvSCSI.cpp 2018-08-14 11:43:35.000000000 +0000 @@ -1228,11 +1228,9 @@ { PDRVSCSI pThis = PDMINS_2_DATA(pDrvIns, PDRVSCSI); + RT_NOREF(fFlags); LogFlowFunc(("pDrvIns=%#p fFlags=%#x\n", pDrvIns, fFlags)); - AssertMsgReturnVoid((fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG), - ("SCSI: Hotplugging is not supported\n")); - /* * Zero some important members. */ diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp virtualbox-5.2.18-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp 2018-07-16 15:02:43.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp 2018-08-14 11:44:01.000000000 +0000 @@ -514,6 +514,8 @@ " [--ibpb-on-vm-exit on|off]\n" " [--ibpb-on-vm-entry on|off]\n" " [--spec-ctrl on|off]\n" + " [--l1d-flush-on-sched on|off]\n" + " [--l1d-flush-on-vm-entry on|off]\n" " [--cpu-profile \"host|Intel 80[86|286|386]\"]\n" " [--cpuid-portability-level <0..3>\n" " [--cpuid-set ]\n" diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageModifyVM.cpp virtualbox-5.2.18-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageModifyVM.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageModifyVM.cpp 2018-07-16 15:02:43.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Frontends/VBoxManage/VBoxManageModifyVM.cpp 2018-08-14 11:44:01.000000000 +0000 @@ -77,6 +77,8 @@ MODIFYVM_IBPB_ON_VM_EXIT, MODIFYVM_IBPB_ON_VM_ENTRY, MODIFYVM_SPEC_CTRL, + MODIFYVM_L1D_FLUSH_ON_SCHED, + MODIFYVM_L1D_FLUSH_ON_VM_ENTRY, MODIFYVM_CPUS, MODIFYVM_CPUHOTPLUG, MODIFYVM_CPU_PROFILE, @@ -260,6 +262,8 @@ { "--ibpb-on-vm-exit", MODIFYVM_IBPB_ON_VM_EXIT, RTGETOPT_REQ_BOOL_ONOFF }, { "--ibpb-on-vm-entry", MODIFYVM_IBPB_ON_VM_ENTRY, RTGETOPT_REQ_BOOL_ONOFF }, { "--spec-ctrl", MODIFYVM_SPEC_CTRL, RTGETOPT_REQ_BOOL_ONOFF }, + { "--l1d-flush-on-sched", MODIFYVM_L1D_FLUSH_ON_SCHED, RTGETOPT_REQ_BOOL_ONOFF }, + { "--l1d-flush-on-vm-entry", MODIFYVM_L1D_FLUSH_ON_VM_ENTRY, RTGETOPT_REQ_BOOL_ONOFF }, { "--cpuid-set", MODIFYVM_SETCPUID, RTGETOPT_REQ_UINT32_OPTIONAL_PAIR | RTGETOPT_FLAG_HEX }, { "--cpuid-remove", MODIFYVM_DELCPUID, RTGETOPT_REQ_UINT32_OPTIONAL_PAIR | RTGETOPT_FLAG_HEX }, { "--cpuidset", MODIFYVM_SETCPUID_OLD, RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_HEX }, @@ -810,6 +814,14 @@ CHECK_ERROR(sessionMachine, SetCPUProperty(CPUPropertyType_SpecCtrl, ValueUnion.f)); break; + case MODIFYVM_L1D_FLUSH_ON_SCHED: + CHECK_ERROR(sessionMachine, SetCPUProperty(CPUPropertyType_L1DFlushOnEMTScheduling, ValueUnion.f)); + break; + + case MODIFYVM_L1D_FLUSH_ON_VM_ENTRY: + CHECK_ERROR(sessionMachine, SetCPUProperty(CPUPropertyType_L1DFlushOnVMEntry, ValueUnion.f)); + break; + case MODIFYVM_CPUS: { CHECK_ERROR(sessionMachine, COMSETTER(CPUCount)(ValueUnion.u32)); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Frontends/VirtualBox/src/wizards/newvm/UIWizardNewVMPageBasic1.cpp virtualbox-5.2.18-dfsg/src/VBox/Frontends/VirtualBox/src/wizards/newvm/UIWizardNewVMPageBasic1.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Frontends/VirtualBox/src/wizards/newvm/UIWizardNewVMPageBasic1.cpp 2018-07-16 15:03:01.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Frontends/VirtualBox/src/wizards/newvm/UIWizardNewVMPageBasic1.cpp 2018-08-14 11:44:17.000000000 +0000 @@ -81,6 +81,8 @@ /* Set Windows 7 as default for "Windows". */ { QRegExp( "Wi.*64", Qt::CaseInsensitive), "Windows7_64" }, { QRegExp( "Wi.*32", Qt::CaseInsensitive), "Windows7" }, + /* ReactOS wants to be considered as Windows 2003 */ + { QRegExp( "Reac.*", Qt::CaseInsensitive), "Windows2003" }, /* Solaris: */ { QRegExp("Sol.*11", Qt::CaseInsensitive), "Solaris11_64" }, Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/GuestHost/OpenGL/glapi_parser/apiutil.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/GuestHost/OpenGL/glapi_parser/apiutil.pyc differ Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/GuestHost/OpenGL/packer/pack_currenttypes.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/GuestHost/OpenGL/packer/pack_currenttypes.pyc differ Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/GuestHost/OpenGL/state_tracker/convert.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/GuestHost/OpenGL/state_tracker/convert.pyc differ Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/GuestHost/OpenGL/state_tracker/get_components.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/GuestHost/OpenGL/state_tracker/get_components.pyc differ Binary files /tmp/tmpl1t0vD/t1E7grGomx/virtualbox-5.2.16-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/get_sizes.pyc and /tmp/tmpl1t0vD/_M_sATE7q1/virtualbox-5.2.18-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/get_sizes.pyc differ diff -Nru virtualbox-5.2.16-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/presenter/display_base.cpp virtualbox-5.2.18-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/presenter/display_base.cpp --- virtualbox-5.2.16-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/presenter/display_base.cpp 2018-07-16 15:03:12.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/HostServices/SharedOpenGL/crserverlib/presenter/display_base.cpp 2018-08-14 11:44:26.000000000 +0000 @@ -326,10 +326,10 @@ WARN(("err")); break; } - - CrFbVisitCreatedEntries(mpFb, entriesDestroyCb, this); } + CrFbVisitCreatedEntries(mpFb, entriesDestroyCb, this); + return rc; } diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/idl/VirtualBox.xidl virtualbox-5.2.18-dfsg/src/VBox/Main/idl/VirtualBox.xidl --- virtualbox-5.2.16-dfsg/src/VBox/Main/idl/VirtualBox.xidl 2018-07-16 15:03:17.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/idl/VirtualBox.xidl 2018-08-14 11:44:31.000000000 +0000 @@ -1030,6 +1030,23 @@ If set, the speculation controls are managed by the host. This is intended for guests which do not set the speculation controls themselves. + Note! This has not yet been implemented beyond leaving everything to the host OS. + + + + + If set and the host is affected by CVE-2018-3646, flushes the level 1 data + cache when the EMT is scheduled to do ring-0 guest execution. There could + be a small performance penalty for certain typs of workloads. + For security reasons this setting will be enabled by default. + + + + + If set and the host is affected by CVE-2018-3646, flushes the level 1 data + on every VM entry. This setting may significantly slow down workloads + causing many VM exits, so it is only recommended for situation where there + is a real need to be paranoid. diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/include/MachineImpl.h virtualbox-5.2.18-dfsg/src/VBox/Main/include/MachineImpl.h --- virtualbox-5.2.16-dfsg/src/VBox/Main/include/MachineImpl.h 2018-07-16 15:03:18.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/include/MachineImpl.h 2018-08-14 11:44:32.000000000 +0000 @@ -291,6 +291,8 @@ BOOL mIBPBOnVMEntry; BOOL mSpecCtrl; BOOL mSpecCtrlByHost; + BOOL mL1DFlushOnSched; + BOOL mL1DFlushOnVMEntry; ULONG mCPUCount; BOOL mCPUHotPlugEnabled; ULONG mCpuExecutionCap; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/src-client/ConsoleImpl2.cpp virtualbox-5.2.18-dfsg/src/VBox/Main/src-client/ConsoleImpl2.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Main/src-client/ConsoleImpl2.cpp 2018-07-16 15:03:19.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/src-client/ConsoleImpl2.cpp 2018-08-14 11:44:32.000000000 +0000 @@ -1168,6 +1168,14 @@ hrc = pMachine->GetCPUProperty(CPUPropertyType_SpecCtrlByHost, &fSpecCtrlByHost); H(); InsertConfigInteger(pHM, "SpecCtrlByHost", fSpecCtrlByHost); + BOOL fL1DFlushOnSched = true; + hrc = pMachine->GetCPUProperty(CPUPropertyType_L1DFlushOnEMTScheduling, &fL1DFlushOnSched); H(); + InsertConfigInteger(pHM, "L1DFlushOnSched", fL1DFlushOnSched); + + BOOL fL1DFlushOnVMEntry = false; + hrc = pMachine->GetCPUProperty(CPUPropertyType_L1DFlushOnVMEntry, &fL1DFlushOnVMEntry); H(); + InsertConfigInteger(pHM, "L1DFlushOnVMEntry", fL1DFlushOnVMEntry); + /* Reset overwrite. */ if (i_isResetTurnedIntoPowerOff()) InsertConfigInteger(pRoot, "PowerOffInsteadOfReset", 1); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/src-client/ConsoleVRDPServer.cpp virtualbox-5.2.18-dfsg/src/VBox/Main/src-client/ConsoleVRDPServer.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Main/src-client/ConsoleVRDPServer.cpp 2018-07-16 15:03:19.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/src-client/ConsoleVRDPServer.cpp 2018-08-14 11:44:32.000000000 +0000 @@ -1851,8 +1851,8 @@ H3DORLOG(("H3DORGeometry: ins %p %d,%d %dx%d\n", pvInstance, x, y, w, h)); H3DORInstance *p = (H3DORInstance *)pvInstance; - Assert(p); - Assert(p->pThis); + AssertPtrReturnVoid(p); + AssertPtrReturnVoid(p->pThis); /** @todo find out what to do if size changes to 0x0 from non zero */ if (w == 0 || h == 0) @@ -1974,8 +1974,8 @@ H3DORLOG(("H3DORVisibleRegion: ins %p %d\n", pvInstance, cRects)); H3DORInstance *p = (H3DORInstance *)pvInstance; - Assert(p); - Assert(p->pThis); + AssertPtrReturnVoid(p); + AssertPtrReturnVoid(p->pThis); if (cRects == 0) { @@ -2005,8 +2005,8 @@ H3DORLOG(("H3DORFrame: ins %p %p %d\n", pvInstance, pvData, cbData)); H3DORInstance *p = (H3DORInstance *)pvInstance; - Assert(p); - Assert(p->pThis); + AssertPtrReturnVoid(p); + AssertPtrReturnVoid(p->pThis); /* Currently only a topdown BGR0 bitmap format is supported. */ VRDEIMAGEBITMAP image; @@ -2038,11 +2038,12 @@ H3DORLOG(("H3DOREnd: ins %p\n", pvInstance)); H3DORInstance *p = (H3DORInstance *)pvInstance; - Assert(p); - Assert(p->pThis); + AssertPtrReturnVoid(p); + AssertPtrReturnVoid(p->pThis); p->pThis->m_interfaceImage.VRDEImageHandleClose(p->hImageBitmap); + RT_ZERO(*p); RTMemFree(p); H3DORLOG(("H3DOREnd: ins %p completed\n", pvInstance)); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/src-server/MachineImpl.cpp virtualbox-5.2.18-dfsg/src/VBox/Main/src-server/MachineImpl.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Main/src-server/MachineImpl.cpp 2018-07-16 15:03:21.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/src-server/MachineImpl.cpp 2018-08-14 11:44:34.000000000 +0000 @@ -198,6 +198,8 @@ mIBPBOnVMEntry = false; mSpecCtrl = false; mSpecCtrlByHost = false; + mL1DFlushOnSched = true; + mL1DFlushOnVMEntry = false; mHPETEnabled = false; mCpuExecutionCap = 100; /* Maximum CPU execution cap by default. */ mCpuIdPortabilityLevel = 0; @@ -2274,6 +2276,14 @@ *aValue = mHWData->mSpecCtrlByHost; break; + case CPUPropertyType_L1DFlushOnEMTScheduling: + *aValue = mHWData->mL1DFlushOnSched; + break; + + case CPUPropertyType_L1DFlushOnVMEntry: + *aValue = mHWData->mL1DFlushOnVMEntry; + break; + default: return E_INVALIDARG; } @@ -2347,6 +2357,18 @@ mHWData->mSpecCtrlByHost = !!aValue; break; + case CPUPropertyType_L1DFlushOnEMTScheduling: + i_setModified(IsModified_MachineData); + mHWData.backup(); + mHWData->mL1DFlushOnSched = !!aValue; + break; + + case CPUPropertyType_L1DFlushOnVMEntry: + i_setModified(IsModified_MachineData); + mHWData.backup(); + mHWData->mL1DFlushOnVMEntry = !!aValue; + break; + default: return E_INVALIDARG; } @@ -4475,15 +4497,41 @@ AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); - HRESULT rc = i_checkStateDependency(MutableStateDep); + HRESULT rc = i_checkStateDependency(MutableOrRunningStateDep); if (FAILED(rc)) return rc; AssertReturn(mData->mMachineState != MachineState_Saved, E_FAIL); - if (Global::IsOnlineOrTransient(mData->mMachineState)) + /* Check for an existing controller. */ + ComObjPtr ctl; + rc = i_getStorageControllerByName(aName, ctl, true /* aSetError */); + if (FAILED(rc)) return rc; + + StorageControllerType_T ctrlType; + rc = ctl->COMGETTER(ControllerType)(&ctrlType); + if (FAILED(rc)) + return setError(E_FAIL, + tr("Could not get type of controller '%s'"), + aName.c_str()); + + bool fSilent = false; + Utf8Str strReconfig; + + /* Check whether the flag to allow silent storage attachment reconfiguration is set. */ + strReconfig = i_getExtraData(Utf8Str("VBoxInternal2/SilentReconfigureWhilePaused")); + if ( mData->mMachineState == MachineState_Paused + && strReconfig == "1") + fSilent = true; + + /* Check that the controller can do hotplugging if we detach the device while the VM is running. */ + bool fHotplug = false; + if (!fSilent && Global::IsOnlineOrTransient(mData->mMachineState)) + fHotplug = true; + + if (fHotplug && !i_isControllerHotplugCapable(ctrlType)) return setError(VBOX_E_INVALID_VM_STATE, - tr("Invalid machine state: %s"), - Global::stringifyMachineState(mData->mMachineState)); + tr("Controller '%s' does not support hotplugging which is required to change the passthrough setting while the VM is running"), + aName.c_str()); MediumAttachment *pAttach = i_findAttachment(*mMediumAttachments.data(), aName, @@ -4506,7 +4554,11 @@ aDevice, aControllerPort, aName.c_str()); pAttach->i_updatePassthrough(!!aPassthrough); - return S_OK; + attLock.release(); + alock.release(); + rc = i_onStorageDeviceChange(pAttach, FALSE /* aRemove */, FALSE /* aSilent */); + + return rc; } HRESULT Machine::temporaryEjectDevice(const com::Utf8Str &aName, LONG aControllerPort, @@ -8946,6 +8998,8 @@ mHWData->mIBPBOnVMEntry = data.fIBPBOnVMEntry; mHWData->mSpecCtrl = data.fSpecCtrl; mHWData->mSpecCtrlByHost = data.fSpecCtrlByHost; + mHWData->mL1DFlushOnSched = data.fL1DFlushOnSched; + mHWData->mL1DFlushOnVMEntry = data.fL1DFlushOnVMEntry; mHWData->mCPUCount = data.cCPUs; mHWData->mCPUHotPlugEnabled = data.fCpuHotPlug; mHWData->mCpuExecutionCap = data.ulCpuExecutionCap; @@ -10273,6 +10327,8 @@ data.fIBPBOnVMEntry = !!mHWData->mIBPBOnVMEntry; data.fSpecCtrl = !!mHWData->mSpecCtrl; data.fSpecCtrlByHost = !!mHWData->mSpecCtrlByHost; + data.fL1DFlushOnSched = !!mHWData->mL1DFlushOnSched; + data.fL1DFlushOnVMEntry = !!mHWData->mL1DFlushOnVMEntry; data.cCPUs = mHWData->mCPUCount; data.fCpuHotPlug = !!mHWData->mCPUHotPlugEnabled; data.ulCpuExecutionCap = mHWData->mCpuExecutionCap; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Main/xml/Settings.cpp virtualbox-5.2.18-dfsg/src/VBox/Main/xml/Settings.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Main/xml/Settings.cpp 2018-07-16 15:03:23.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Main/xml/Settings.cpp 2018-08-14 11:44:36.000000000 +0000 @@ -2781,6 +2781,8 @@ fIBPBOnVMEntry(false), fSpecCtrl(false), fSpecCtrlByHost(false), + fL1DFlushOnSched(true), + fL1DFlushOnVMEntry(false), enmLongMode(HC_ARCH_BITS == 64 ? Hardware::LongMode_Enabled : Hardware::LongMode_Disabled), cCPUs(1), fCpuHotPlug(false), @@ -2938,6 +2940,8 @@ && fIBPBOnVMEntry == h.fIBPBOnVMEntry && fSpecCtrl == h.fSpecCtrl && fSpecCtrlByHost == h.fSpecCtrlByHost + && fL1DFlushOnSched == h.fL1DFlushOnSched + && fL1DFlushOnVMEntry == h.fL1DFlushOnVMEntry && cCPUs == h.cCPUs && fCpuHotPlug == h.fCpuHotPlug && ulCpuExecutionCap == h.ulCpuExecutionCap @@ -3952,6 +3956,12 @@ pelmCPUChild = pelmHwChild->findChildElement("SpecCtrlByHost"); if (pelmCPUChild) pelmCPUChild->getAttributeValue("enabled", hw.fSpecCtrlByHost); + pelmCPUChild = pelmHwChild->findChildElement("L1DFlushOn"); + if (pelmCPUChild) + { + pelmCPUChild->getAttributeValue("scheduling", hw.fL1DFlushOnSched); + pelmCPUChild->getAttributeValue("vmentry", hw.fL1DFlushOnVMEntry); + } if ((pelmCPUChild = pelmHwChild->findChildElement("CpuIdTree"))) readCpuIdTree(*pelmCPUChild, hw.llCpuIdLeafs); @@ -5286,11 +5296,19 @@ if (hw.fIBPBOnVMEntry) pelmChild->setAttribute("vmentry", hw.fIBPBOnVMEntry); } + if (hw.fSpecCtrl) + pelmCPU->createChild("SpecCtrl")->setAttribute("enabled", hw.fSpecCtrl); + if (hw.fSpecCtrlByHost) + pelmCPU->createChild("SpecCtrlByHost")->setAttribute("enabled", hw.fSpecCtrlByHost); + if (!hw.fL1DFlushOnSched || hw.fL1DFlushOnVMEntry) + { + xml::ElementNode *pelmChild = pelmCPU->createChild("L1DFlushOn"); + if (!hw.fL1DFlushOnSched) + pelmChild->setAttribute("scheduling", hw.fL1DFlushOnSched); + if (hw.fL1DFlushOnVMEntry) + pelmChild->setAttribute("vmentry", hw.fL1DFlushOnVMEntry); + } } - if (m->sv >= SettingsVersion_v1_16 && hw.fSpecCtrl) - pelmCPU->createChild("SpecCtrl")->setAttribute("enabled", hw.fSpecCtrl); - if (m->sv >= SettingsVersion_v1_16 && hw.fSpecCtrlByHost) - pelmCPU->createChild("SpecCtrlByHost")->setAttribute("enabled", hw.fSpecCtrlByHost); if (m->sv >= SettingsVersion_v1_14 && hw.enmLongMode != Hardware::LongMode_Legacy) { // LongMode has too crazy default handling, must always save this setting. @@ -6965,7 +6983,9 @@ || hardwareMachine.fIBPBOnVMExit || hardwareMachine.fIBPBOnVMEntry || hardwareMachine.fSpecCtrl - || hardwareMachine.fSpecCtrlByHost) + || hardwareMachine.fSpecCtrlByHost + || !hardwareMachine.fL1DFlushOnSched + || hardwareMachine.fL1DFlushOnVMEntry) { m->sv = SettingsVersion_v1_16; return; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Runtime/common/crypto/store-cert-add-basic.cpp virtualbox-5.2.18-dfsg/src/VBox/Runtime/common/crypto/store-cert-add-basic.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Runtime/common/crypto/store-cert-add-basic.cpp 2018-07-16 15:03:30.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Runtime/common/crypto/store-cert-add-basic.cpp 2018-08-14 11:44:42.000000000 +0000 @@ -4,7 +4,7 @@ */ /* - * Copyright (C) 2006-2017 Oracle Corporation + * Copyright (C) 2006-2018 Oracle Corporation * * This file is part of VirtualBox Open Source Edition (OSE), as * available from http://www.virtualbox.org. This file is free software; @@ -412,7 +412,7 @@ /* * No assume PEM or DER encoded binary certificate. */ - else + else if (cbContent) { PCRTCRPEMSECTION pSectionHead; rc = RTCrPemParseContent(pvContent, cbContent, @@ -441,6 +441,8 @@ RTCrPemFreeSections(pSectionHead); } } + else /* Will happen if proxy not set / no connection available. */ + rc = RTErrInfoSetF(pErrInfo, VERR_EOF, "Certificate '%s' is empty", pszFilename); RTFileReadAllFree(pvContent, cbContent); } else @@ -507,7 +509,7 @@ /* * No assume PEM or DER encoded binary certificate. Inspect them one by one. */ - else + else if (cbContent) { PCRTCRPEMSECTION pSectionHead; rc = RTCrPemParseContent(pvContent, cbContent, @@ -592,6 +594,8 @@ RTCrPemFreeSections(pSectionHead); } } + else /* Will happen if proxy not set / no connection available. */ + rc = RTErrInfoSetF(pErrInfo, VERR_EOF, "Certificate '%s' is empty", pszFilename); RTFileReadAllFree(pvContent, cbContent); } else diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Runtime/common/fs/isomaker.cpp virtualbox-5.2.18-dfsg/src/VBox/Runtime/common/fs/isomaker.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Runtime/common/fs/isomaker.cpp 2018-07-16 15:03:31.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Runtime/common/fs/isomaker.cpp 2018-08-14 11:44:42.000000000 +0000 @@ -6735,7 +6735,6 @@ pCurDirRec->offExtent.le = RT_H2LE_U32(offExtent); cbReturn += cbOne; - iDirRec++; } Assert(cbReturn <= pName->cbDirRecTotal); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/Runtime/r3/test.cpp virtualbox-5.2.18-dfsg/src/VBox/Runtime/r3/test.cpp --- virtualbox-5.2.16-dfsg/src/VBox/Runtime/r3/test.cpp 2018-07-16 15:03:45.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/Runtime/r3/test.cpp 2018-08-14 11:44:55.000000000 +0000 @@ -1217,13 +1217,13 @@ { rtTestXmlElem(pTest, "Passed", NULL); rtTestXmlElemEnd(pTest, "Test"); - cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-50s: PASSED\n", pTest->pszSubTest); + cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-60s: PASSED\n", pTest->pszSubTest); } else { rtTestXmlElem(pTest, "Skipped", NULL); rtTestXmlElemEnd(pTest, "Test"); - cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-50s: SKIPPED\n", pTest->pszSubTest); + cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-60s: SKIPPED\n", pTest->pszSubTest); } } else @@ -1231,7 +1231,7 @@ pTest->cSubTestsFailed++; rtTestXmlElem(pTest, "Failed", "errors=\"%u\"", cErrors); rtTestXmlElemEnd(pTest, "Test"); - cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-50s: FAILED (%u errors)\n", + cch += RTTestPrintfNl(pTest, RTTESTLVL_SUB_TEST, "%-60s: FAILED (%u errors)\n", pTest->pszSubTest, cErrors); } } @@ -1609,7 +1609,7 @@ RTCritSectLeave(&pTest->Lock); RTCritSectEnter(&pTest->OutputLock); - rtTestPrintf(pTest, " %-48s: %'16llu %s\n", pszName, u64Value, pszUnit); + rtTestPrintf(pTest, " %-58s: %'16llu %s\n", pszName, u64Value, pszUnit); RTCritSectLeave(&pTest->OutputLock); return VINF_SUCCESS; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/include/CPUMInternal.h virtualbox-5.2.18-dfsg/src/VBox/VMM/include/CPUMInternal.h --- virtualbox-5.2.16-dfsg/src/VBox/VMM/include/CPUMInternal.h 2018-07-16 15:03:57.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/include/CPUMInternal.h 2018-08-14 11:45:06.000000000 +0000 @@ -536,6 +536,7 @@ int cpumR3DbGetCpuInfo(const char *pszName, PCPUMINFO pInfo); int cpumR3MsrRangesInsert(PVM pVM, PCPUMMSRRANGE *ppaMsrRanges, uint32_t *pcMsrRanges, PCCPUMMSRRANGE pNewRange); +int cpumR3MsrReconcileWithCpuId(PVM pVM); int cpumR3MsrApplyFudge(PVM pVM); int cpumR3MsrRegStats(PVM pVM); int cpumR3MsrStrictInitChecks(void); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/include/HMInternal.h virtualbox-5.2.18-dfsg/src/VBox/VMM/include/HMInternal.h --- virtualbox-5.2.16-dfsg/src/VBox/VMM/include/HMInternal.h 2018-07-16 15:03:58.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/include/HMInternal.h 2018-08-14 11:45:06.000000000 +0000 @@ -420,10 +420,12 @@ bool fIbpbOnVmExit; /** Set if indirect branch prediction barrier on VM entry. */ bool fIbpbOnVmEntry; + /** Set if level 1 data cache should be flushed on VM entry. */ + bool fL1dFlushOnVmEntry; + /** Set if level 1 data cache should be flushed on EMT scheduling. */ + bool fL1dFlushOnSched; /** Set if host manages speculation control settings. */ bool fSpecCtrlByHost; - /** Explicit padding. */ - bool afPadding[2]; /** Maximum ASID allowed. */ uint32_t uMaxAsid; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMAll/CPUMAllMsrs.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMAll/CPUMAllMsrs.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMAll/CPUMAllMsrs.cpp 2018-07-16 15:03:51.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMAll/CPUMAllMsrs.cpp 2018-08-14 11:45:01.000000000 +0000 @@ -1465,13 +1465,15 @@ } - - - - - - - +/** @callback_method_impl{FNCPUMWRMSR} */ +static DECLCALLBACK(VBOXSTRICTRC) cpumMsrWr_Ia32FlushCmd(PVMCPU pVCpu, uint32_t idMsr, PCCPUMMSRRANGE pRange, uint64_t uValue, uint64_t uRawValue) +{ + RT_NOREF_PV(pVCpu); RT_NOREF_PV(idMsr); RT_NOREF_PV(pRange); RT_NOREF_PV(uRawValue); + if ((uValue & ~MSR_IA32_FLUSH_CMD_F_L1D) == 0) + return VINF_SUCCESS; + Log(("CPUM: Invalid MSR_IA32_FLUSH_CMD_ bits (trying to write %#llx)\n", uValue)); + return VERR_CPUM_RAISE_GP_0; +} @@ -5269,6 +5271,7 @@ cpumMsrWr_Ia32DebugInterface, cpumMsrWr_Ia32SpecCtrl, cpumMsrWr_Ia32PredCmd, + cpumMsrWr_Ia32FlushCmd, cpumMsrWr_Amd64Efer, cpumMsrWr_Amd64SyscallTarget, @@ -5975,6 +5978,7 @@ CPUM_ASSERT_WR_MSR_FN(Ia32DebugInterface); CPUM_ASSERT_WR_MSR_FN(Ia32SpecCtrl); CPUM_ASSERT_WR_MSR_FN(Ia32PredCmd); + CPUM_ASSERT_WR_MSR_FN(Ia32FlushCmd); CPUM_ASSERT_WR_MSR_FN(Amd64Efer); CPUM_ASSERT_WR_MSR_FN(Amd64SyscallTarget); diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/CPUMR0.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/CPUMR0.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/CPUMR0.cpp 2018-07-16 15:03:53.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/CPUMR0.cpp 2018-08-14 11:45:02.000000000 +0000 @@ -215,7 +215,7 @@ */ uint32_t u32CpuVersion; uint32_t u32Dummy; - uint32_t fFeatures; + uint32_t fFeatures; /* (Used further down to check for MSRs, so don't clobber.) */ ASMCpuId(1, &u32CpuVersion, &u32Dummy, &u32Dummy, &fFeatures); uint32_t const u32Family = u32CpuVersion >> 8; uint32_t const u32Model = (u32CpuVersion >> 4) & 0xF; @@ -268,6 +268,31 @@ } /* + * Copy MSR_IA32_ARCH_CAPABILITIES bits over into the host feature structure. + */ + pVM->cpum.s.HostFeatures.fArchRdclNo = 0; + pVM->cpum.s.HostFeatures.fArchIbrsAll = 0; + pVM->cpum.s.HostFeatures.fArchRsbOverride = 0; + pVM->cpum.s.HostFeatures.fArchVmmNeedNotFlushL1d = 0; + uint32_t const cStdRange = ASMCpuId_EAX(0); + if ( ASMIsValidStdRange(cStdRange) + && cStdRange >= 7) + { + uint32_t fEdxFeatures = ASMCpuId_EDX(7); + if ( (fEdxFeatures & X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP) + && (fFeatures & X86_CPUID_FEATURE_EDX_MSR)) + { + uint64_t const fArchVal = ASMRdMsr(MSR_IA32_ARCH_CAPABILITIES); + pVM->cpum.s.HostFeatures.fArchRdclNo = RT_BOOL(fArchVal & MSR_IA32_ARCH_CAP_F_RDCL_NO); + pVM->cpum.s.HostFeatures.fArchIbrsAll = RT_BOOL(fArchVal & MSR_IA32_ARCH_CAP_F_IBRS_ALL); + pVM->cpum.s.HostFeatures.fArchRsbOverride = RT_BOOL(fArchVal & MSR_IA32_ARCH_CAP_F_RSBO); + pVM->cpum.s.HostFeatures.fArchVmmNeedNotFlushL1d = RT_BOOL(fArchVal & MSR_IA32_ARCH_CAP_F_VMM_NEED_NOT_FLUSH_L1D); + } + else + pVM->cpum.s.HostFeatures.fArchCap = 0; + } + + /* * Unify/cross check some CPUID feature bits on all available CPU cores * and threads. We've seen CPUs where the monitor support differed. * diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/HMR0A.asm virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/HMR0A.asm --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/HMR0A.asm 2018-07-16 15:03:53.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/HMR0A.asm 2018-08-14 11:45:02.000000000 +0000 @@ -253,6 +253,39 @@ %%no_indirect_branch_barrier: %endmacro +;; +; Creates an indirect branch prediction and L1D barrier on CPUs that need and supports that. +; @clobbers eax, edx, ecx +; @param 1 How to address CPUMCTX. +; @param 2 Which IBPB flag to test for (CPUMCTX_WSF_IBPB_ENTRY or CPUMCTX_WSF_IBPB_EXIT) +; @param 3 Which FLUSH flag to test for (CPUMCTX_WSF_L1D_ENTRY) +%macro INDIRECT_BRANCH_PREDICTION_AND_L1_CACHE_BARRIER 3 + ; Only one test+jmp when disabled CPUs. + test byte [%1 + CPUMCTX.fWorldSwitcher], (%2 | %3) + jz %%no_barrier_needed + + ; The eax:edx value is the same for both. + AssertCompile(MSR_IA32_PRED_CMD_F_IBPB == MSR_IA32_FLUSH_CMD_F_L1D) + mov eax, MSR_IA32_PRED_CMD_F_IBPB + xor edx, edx + + ; Indirect branch barrier. + test byte [%1 + CPUMCTX.fWorldSwitcher], %2 + jz %%no_indirect_branch_barrier + mov ecx, MSR_IA32_PRED_CMD + wrmsr +%%no_indirect_branch_barrier: + + ; Level 1 data cache flush. + test byte [%1 + CPUMCTX.fWorldSwitcher], %3 + jz %%no_cache_flush_barrier + mov ecx, MSR_IA32_FLUSH_CMD + wrmsr +%%no_cache_flush_barrier: + +%%no_barrier_needed: +%endmacro + ;********************************************************************************************************************************* ;* External Symbols * @@ -1453,8 +1486,8 @@ ; Note: assumes success! ; Don't mess with ESP anymore!!! - ; Fight spectre. - INDIRECT_BRANCH_PREDICTION_BARRIER xSI, CPUMCTX_WSF_IBPB_ENTRY + ; Fight spectre and similar. + INDIRECT_BRANCH_PREDICTION_AND_L1_CACHE_BARRIER xSI, CPUMCTX_WSF_IBPB_ENTRY, CPUMCTX_WSF_L1D_ENTRY ; Load guest general purpose registers. mov eax, [xSI + CPUMCTX.eax] @@ -1762,8 +1795,8 @@ ; Note: assumes success! ; Don't mess with ESP anymore!!! - ; Fight spectre. - INDIRECT_BRANCH_PREDICTION_BARRIER xSI, CPUMCTX_WSF_IBPB_ENTRY + ; Fight spectre and similar. + INDIRECT_BRANCH_PREDICTION_AND_L1_CACHE_BARRIER xSI, CPUMCTX_WSF_IBPB_ENTRY, CPUMCTX_WSF_L1D_ENTRY ; Load guest general purpose registers. mov rax, qword [xSI + CPUMCTX.eax] diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/HMVMXR0.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/HMVMXR0.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR0/HMVMXR0.cpp 2018-07-16 15:03:53.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR0/HMVMXR0.cpp 2018-08-14 11:45:02.000000000 +0000 @@ -2463,11 +2463,14 @@ } #endif /* - * The IA32_PRED_CMD MSR is write-only and has no state associated with it. We never need to intercept - * access (writes need to be executed without exiting, reds will #GP-fault anyway). + * The IA32_PRED_CMD and IA32_FLUSH_CMD MSRs are write-only and has no state + * associated with then. We never need to intercept access (writes need to + * be executed without exiting, reads will #GP-fault anyway). */ if (pVM->cpum.ro.GuestFeatures.fIbpb) hmR0VmxSetMsrPermission(pVCpu, MSR_IA32_PRED_CMD, VMXMSREXIT_PASSTHRU_READ, VMXMSREXIT_PASSTHRU_WRITE); + if (pVM->cpum.ro.GuestFeatures.fFlushCmd) + hmR0VmxSetMsrPermission(pVCpu, MSR_IA32_FLUSH_CMD, VMXMSREXIT_PASSTHRU_READ, VMXMSREXIT_PASSTHRU_WRITE); /* Though MSR_IA32_PERF_GLOBAL_CTRL is saved/restored lazily, we want intercept reads/write to it for now. */ } @@ -7992,6 +7995,7 @@ { NOREF(pMixedCtx); uint32_t u32IntInfo = X86_XCPT_UD | VMX_EXIT_INTERRUPTION_INFO_VALID; + u32IntInfo |= (VMX_EXIT_INTERRUPTION_INFO_TYPE_HW_XCPT << VMX_EXIT_INTERRUPTION_INFO_TYPE_SHIFT); hmR0VmxSetPendingEvent(pVCpu, u32IntInfo, 0 /* cbInstr */, 0 /* u32ErrCode */, 0 /* GCPtrFaultAddress */); } @@ -8440,6 +8444,12 @@ pVCpu->hm.s.fLeaveDone = false; Log4Func(("Activated Vmcs. HostCpuId=%u\n", RTMpCpuId())); + /* + * Do the EMT scheduled L1D flush here if needed. + */ + if (pVM->hm.s.fL1dFlushOnSched) + ASMWrMsr(MSR_IA32_FLUSH_CMD, MSR_IA32_FLUSH_CMD_F_L1D); + return VINF_SUCCESS; } @@ -8517,6 +8527,10 @@ } pVCpu->hm.s.fLeaveDone = false; + /* Do the EMT scheduled L1D flush if needed. */ + if (pVCpu->CTX_SUFF(pVM)->hm.s.fL1dFlushOnSched) + ASMWrMsr(MSR_IA32_FLUSH_CMD, MSR_IA32_FLUSH_CMD_F_L1D); + /* Restore longjmp state. */ VMMRZCallRing3Enable(pVCpu); break; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/CPUMR3CpuId.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/CPUMR3CpuId.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/CPUMR3CpuId.cpp 2018-07-16 15:03:54.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/CPUMR3CpuId.cpp 2018-08-14 11:45:03.000000000 +0000 @@ -1749,18 +1749,15 @@ pFeatures->fIbpb = RT_BOOL(pSxfLeaf0->uEdx & X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB); pFeatures->fIbrs = pFeatures->fIbpb; pFeatures->fStibp = RT_BOOL(pSxfLeaf0->uEdx & X86_CPUID_STEXT_FEATURE_EDX_STIBP); -#if 0 // Disabled until IA32_ARCH_CAPABILITIES support can be tested + pFeatures->fFlushCmd = RT_BOOL(pSxfLeaf0->uEdx & X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD); pFeatures->fArchCap = RT_BOOL(pSxfLeaf0->uEdx & X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP); -#endif } /* MWAIT/MONITOR leaf. */ PCCPUMCPUIDLEAF const pMWaitLeaf = cpumR3CpuIdFindLeaf(paLeaves, cLeaves, 5); if (pMWaitLeaf) - { pFeatures->fMWaitExtensions = (pMWaitLeaf->uEcx & (X86_CPUID_MWAIT_ECX_EXT | X86_CPUID_MWAIT_ECX_BREAKIRQIF0)) - == (X86_CPUID_MWAIT_ECX_EXT | X86_CPUID_MWAIT_ECX_BREAKIRQIF0); - } + == (X86_CPUID_MWAIT_ECX_EXT | X86_CPUID_MWAIT_ECX_BREAKIRQIF0); /* Extended features. */ PCCPUMCPUIDLEAF const pExtLeaf = cpumR3CpuIdFindLeaf(paLeaves, cLeaves, 0x80000001); @@ -2344,6 +2341,7 @@ CPUMISAEXTCFG enmFsGsBase; CPUMISAEXTCFG enmPcid; CPUMISAEXTCFG enmInvpcid; + CPUMISAEXTCFG enmFlushCmdMsr; CPUMISAEXTCFG enmAbm; CPUMISAEXTCFG enmSse4A; @@ -3137,6 +3135,7 @@ pCurLeaf->uEdx &= 0 //| X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB RT_BIT(26) //| X86_CPUID_STEXT_FEATURE_EDX_STIBP RT_BIT(27) + | (pConfig->enmFlushCmdMsr ? X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD : 0) //| X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP RT_BIT(29) ; @@ -3165,6 +3164,7 @@ PORTABLE_DISABLE_FEATURE_BIT( 1, pCurLeaf->uEbx, SMAP, X86_CPUID_STEXT_FEATURE_EBX_SMAP); PORTABLE_DISABLE_FEATURE_BIT( 1, pCurLeaf->uEbx, SHA, X86_CPUID_STEXT_FEATURE_EBX_SHA); PORTABLE_DISABLE_FEATURE_BIT( 1, pCurLeaf->uEcx, PREFETCHWT1, X86_CPUID_STEXT_FEATURE_ECX_PREFETCHWT1); + PORTABLE_DISABLE_FEATURE_BIT_CFG(3, pCurLeaf->uEdx, FLUSH_CMD, X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD, pConfig->enmFlushCmdMsr); } /* Force standard feature bits. */ @@ -3178,6 +3178,8 @@ pCurLeaf->uEbx |= X86_CPUID_STEXT_FEATURE_EBX_CLFLUSHOPT; if (pConfig->enmInvpcid == CPUMISAEXTCFG_ENABLED_ALWAYS) pCurLeaf->uEbx |= X86_CPUID_STEXT_FEATURE_EBX_INVPCID; + if (pConfig->enmFlushCmdMsr == CPUMISAEXTCFG_ENABLED_ALWAYS) + pCurLeaf->uEdx |= X86_CPUID_STEXT_FEATURE_EDX_FLUSH_CMD; break; } @@ -3947,6 +3949,7 @@ "|FSGSBASE" "|PCID" "|INVPCID" + "|FlushCmdMsr" "|ABM" "|SSE4A" "|MISALNSSE" @@ -4102,6 +4105,12 @@ rc = cpumR3CpuIdReadIsaExtCfg(pVM, pIsaExts, "INVPCID", &pConfig->enmInvpcid, pConfig->enmFsGsBase); AssertLogRelRCReturn(rc, rc); + /** @cfgm{/CPUM/IsaExts/FlushCmdMsr, isaextcfg, true} + * Whether to expose the IA32_FLUSH_CMD MSR to the guest. + */ + rc = cpumR3CpuIdReadIsaExtCfg(pVM, pIsaExts, "FlushCmdMsr", &pConfig->enmFlushCmdMsr, CPUMISAEXTCFG_ENABLED_SUPPORTED); + AssertLogRelRCReturn(rc, rc); + /* AMD: */ @@ -4246,6 +4255,12 @@ } /* + * Setup MSRs introduced in microcode updates or that are otherwise not in + * the CPU profile, but are advertised in the CPUID info we just sanitized. + */ + if (RT_SUCCESS(rc)) + rc = cpumR3MsrReconcileWithCpuId(pVM); + /* * MSR fudging. */ if (RT_SUCCESS(rc)) @@ -4637,6 +4652,7 @@ pMsrRange = cpumLookupMsrRange(pVM, MSR_IA32_PRED_CMD); if (!pMsrRange) { + /** @todo incorrect fWrGpMask. */ static CPUMMSRRANGE const s_SpecCtrl = { /*.uFirst =*/ MSR_IA32_PRED_CMD, /*.uLast =*/ MSR_IA32_PRED_CMD, @@ -4650,7 +4666,8 @@ } - if (pVM->cpum.s.HostFeatures.fArchCap) { + if (pVM->cpum.s.HostFeatures.fArchCap) + { pLeaf->uEdx |= X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP; /* Install the architectural capabilities MSR. */ @@ -4831,7 +4848,8 @@ case CPUMCPUIDFEATURE_SPEC_CTRL: pLeaf = cpumR3CpuIdGetExactLeaf(&pVM->cpum.s, UINT32_C(0x00000007), 0); if (pLeaf) - /*pVM->cpum.s.aGuestCpuIdPatmStd[7].uEdx =*/ pLeaf->uEdx &= ~(X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB | X86_CPUID_STEXT_FEATURE_EDX_STIBP | X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP); + pLeaf->uEdx &= ~( X86_CPUID_STEXT_FEATURE_EDX_IBRS_IBPB | X86_CPUID_STEXT_FEATURE_EDX_STIBP + | X86_CPUID_STEXT_FEATURE_EDX_ARCHCAP); pVM->cpum.s.GuestFeatures.fSpeculationControl = 0; Log(("CPUM: ClearGuestCpuIdFeature: Disabled speculation control!\n")); break; @@ -6146,6 +6164,7 @@ { DBGFREGSUBFIELD_RO("IBRS_IBPB\0" "IA32_SPEC_CTRL.IBRS and IA32_PRED_CMD.IBPB", 26, 1, 0), DBGFREGSUBFIELD_RO("STIBP\0" "Supports IA32_SPEC_CTRL.STIBP", 27, 1, 0), + DBGFREGSUBFIELD_RO("FLUSH_CMD\0" "Supports IA32_FLUSH_CMD", 28, 1, 0), DBGFREGSUBFIELD_RO("ARCHCAP\0" "Supports IA32_ARCH_CAP", 29, 1, 0), DBGFREGSUBFIELD_TERMINATOR() }; diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/CPUMR3Db.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/CPUMR3Db.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/CPUMR3Db.cpp 2018-07-16 15:03:54.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/CPUMR3Db.cpp 2018-08-14 11:45:03.000000000 +0000 @@ -577,6 +577,54 @@ /** + * Reconciles CPUID info with MSRs (selected ones). + * + * @returns VBox status code. + * @param pVM The cross context VM structure. + */ +int cpumR3MsrReconcileWithCpuId(PVM pVM) +{ + PCCPUMMSRRANGE papToAdd[10]; + uint32_t cToAdd = 0; + + /* + * The IA32_FLUSH_CMD MSR was introduced in MCUs for CVS-2018-3646 and associates. + */ + if (pVM->cpum.s.GuestFeatures.fFlushCmd && !cpumLookupMsrRange(pVM, MSR_IA32_FLUSH_CMD)) + { + static CPUMMSRRANGE const s_FlushCmd = + { + /*.uFirst =*/ MSR_IA32_FLUSH_CMD, + /*.uLast =*/ MSR_IA32_FLUSH_CMD, + /*.enmRdFn =*/ kCpumMsrRdFn_WriteOnly, + /*.enmWrFn =*/ kCpumMsrWrFn_Ia32FlushCmd, + /*.offCpumCpu =*/ UINT16_MAX, + /*.fReserved =*/ 0, + /*.uValue =*/ 0, + /*.fWrIgnMask =*/ 0, + /*.fWrGpMask =*/ ~MSR_IA32_FLUSH_CMD_F_L1D, + /*.szName = */ "IA32_FLUSH_CMD" + }; + papToAdd[cToAdd++] = &s_FlushCmd; + } + + /* + * Do the adding. + */ + for (uint32_t i = 0; i < cToAdd; i++) + { + PCCPUMMSRRANGE pRange = papToAdd[i]; + LogRel(("CPUM: MSR/CPUID reconciliation insert: %#010x %s\n", pRange->uFirst, pRange->szName)); + int rc = cpumR3MsrRangesInsert(NULL /* pVM */, &pVM->cpum.s.GuestInfo.paMsrRangesR3, &pVM->cpum.s.GuestInfo.cMsrRanges, + pRange); + if (RT_FAILURE(rc)) + return rc; + } + return VINF_SUCCESS; +} + + +/** * Worker for cpumR3MsrApplyFudge that applies one table. * * @returns VBox status code. diff -Nru virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/HM.cpp virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/HM.cpp --- virtualbox-5.2.16-dfsg/src/VBox/VMM/VMMR3/HM.cpp 2018-07-16 15:03:54.000000000 +0000 +++ virtualbox-5.2.18-dfsg/src/VBox/VMM/VMMR3/HM.cpp 2018-08-14 11:45:03.000000000 +0000 @@ -455,6 +455,8 @@ "|IBPBOnVMExit" "|IBPBOnVMEntry" "|SpecCtrlByHost" + "|L1DFlushOnSched" + "|L1DFlushOnVMEntry" "|TPRPatchingEnabled" "|64bitEnabled" "|VmxPleGap" @@ -611,6 +613,20 @@ rc = CFGMR3QueryBoolDef(pCfgHm, "IBPBOnVMEntry", &pVM->hm.s.fIbpbOnVmEntry, false); AssertLogRelRCReturn(rc, rc); + /** @cfgm{/HM/L1DFlushOnSched, bool, true} + * CVS-2018-3646 workaround, ignored on CPUs that aren't affected. */ + rc = CFGMR3QueryBoolDef(pCfgHm, "L1DFlushOnSched", &pVM->hm.s.fL1dFlushOnSched, true); + AssertLogRelRCReturn(rc, rc); + + /** @cfgm{/HM/L1DFlushOnVMEntry, bool} + * CVS-2018-3646 workaround, ignored on CPUs that aren't affected. */ + rc = CFGMR3QueryBoolDef(pCfgHm, "L1DFlushOnVMEntry", &pVM->hm.s.fL1dFlushOnVmEntry, false); + AssertLogRelRCReturn(rc, rc); + + /* Disable L1DFlushOnSched if L1DFlushOnVMEntry is enabled. */ + if (pVM->hm.s.fL1dFlushOnVmEntry) + pVM->hm.s.fL1dFlushOnSched = false; + /** @cfgm{/HM/SpecCtrlByHost, bool} * Another expensive paranoia setting. */ rc = CFGMR3QueryBoolDef(pCfgHm, "SpecCtrlByHost", &pVM->hm.s.fSpecCtrlByHost, false); @@ -1169,6 +1185,16 @@ } /* + * Check if L1D flush is needed/possible. + */ + if ( !pVM->cpum.ro.HostFeatures.fFlushCmd + || pVM->cpum.ro.HostFeatures.enmMicroarch < kCpumMicroarch_Intel_Core7_Nehalem + || pVM->cpum.ro.HostFeatures.enmMicroarch >= kCpumMicroarch_Intel_Core7_End + || pVM->cpum.ro.HostFeatures.fArchVmmNeedNotFlushL1d + || pVM->cpum.ro.HostFeatures.fArchRdclNo) + pVM->hm.s.fL1dFlushOnSched = pVM->hm.s.fL1dFlushOnVmEntry = false; + + /* * Sync options. */ /** @todo Move this out of of CPUMCTX and into some ring-0 only HM structure. @@ -1185,9 +1211,12 @@ if (pVM->hm.s.fIbpbOnVmEntry) pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_IBPB_ENTRY; } + if (pVM->cpum.ro.HostFeatures.fFlushCmd && pVM->hm.s.fL1dFlushOnVmEntry) + pCpuCtx->fWorldSwitcher |= CPUMCTX_WSF_L1D_ENTRY; if (iCpu == 0) - LogRel(("HM: fWorldSwitcher=%#x (fIbpbOnVmExit=%d fIbpbOnVmEntry=%d)\n", - pCpuCtx->fWorldSwitcher, pVM->hm.s.fIbpbOnVmExit, pVM->hm.s.fIbpbOnVmEntry)); + LogRel(("HM: fWorldSwitcher=%#x (fIbpbOnVmExit=%d fIbpbOnVmEntry=%d fL1dFlushOnVmEntry=%d); fL1dFlushOnSched=%d\n", + pCpuCtx->fWorldSwitcher, pVM->hm.s.fIbpbOnVmExit, pVM->hm.s.fIbpbOnVmEntry, pVM->hm.s.fL1dFlushOnVmEntry, + pVM->hm.s.fL1dFlushOnSched)); } /* diff -Nru virtualbox-5.2.16-dfsg/Version.kmk virtualbox-5.2.18-dfsg/Version.kmk --- virtualbox-5.2.16-dfsg/Version.kmk 2018-07-16 14:56:47.000000000 +0000 +++ virtualbox-5.2.18-dfsg/Version.kmk 2018-08-14 11:38:13.000000000 +0000 @@ -25,7 +25,7 @@ # This is the current build number. It should be increased every time we publish a # new build. The define is available in every source file. Only even build numbers # will be published, odd numbers are set during development. -VBOX_VERSION_BUILD = 16 +VBOX_VERSION_BUILD = 18 # This can be overridden in LocalConfig.kmk or elsewhere. # For the convention, see checks near the end of Config.kmk. VBOX_BUILD_PUBLISHER =