Re: [Xen-devel] do_iret bug in xen

To:	"Daniel Stodden" <stodden@xxxxxxxxxx>
Subject:	Re: [Xen-devel] do_iret bug in xen
From:	"Ashish Bijlani" <ashish.bijlani@xxxxxxxxx>
Date:	Tue, 27 Nov 2007 20:15:12 -0500
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date:	Tue, 27 Nov 2007 17:16:02 -0800
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=ovkFLz9HVEIgPA94wB7NPUxGXwbloVYJqky38pVqJK4=; b=qPS+q6/5Bi1vAWF7lK4Z/C6oekn7272UkRVGO6IkAPbibvcMYeYRIiRVPiQ19HyKErATeb9wpv8FOQPBZmALN8ui2+fRqXwtXB4QrAbVrAxs5JQLdbvksUbz3/pWrVgC6f/clV1MGoeWOpVtH59f1cCc4t/JJBKxor1UY9dv8U8=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Q/NwfgcdR3QbW1h2b8rvYkzxVUJxTrI3lIjt0ckiLa45AGMZbSojEADHgQ8JEXJwmKkAEWg/JeCzL+XrEqT4tAg+krbPqvTjiyPcthrbuilRM1eT/lh/Or1NmtGlkvfv05sNUd+5Co/bV4jaU5XCaVj8XaQTTUALVG0Jjw0/CzA=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<1196211079.4632.41.camel@xxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<E1Ix7Vw-000810-RL@host-192-168-0-1-bcn-london> <474C912B.2040401@xxxxxxxxxxxxxx> <ec55b17e0711271441l6145399fu963553fceb67694e@xxxxxxxxxxxxxx> <1196205436.29110.26.camel@xxxxxxxxxxxxxxxxxxxxx> <ec55b17e0711271530t5032aba9p991c8f94362179de@xxxxxxxxxxxxxx> <1196211079.4632.41.camel@xxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

current is extracted from per processor stack area. so are the registers. right? do_iret gets current and regs from the processor's stack area. so does ret_from_intr. so they both point to a fixed per processor stack area. there are not _different_ stack frames.

On Nov 27, 2007 7:51 PM, Daniel Stodden < stodden@xxxxxxxxxx> wrote:

On Tue, 2007-11-27 at 18:30 -0500, Ashish Bijlani wrote:
> yeah but the do_iret function is done on behalf of a guest, therefore
> do_iret function forces user cs and user ss
>
> code excerpt
> "
> regs->rip = iret_saved.rip;
> regs->cs = iret_saved.cs | 3; /* force guest privilege */
> regs->rflags = (iret_saved.rflags & ~(EF_IOPL|EF_VM)) | EF_IE;
> regs->rsp = iret_saved.rsp;
> regs->ss = iret_saved.ss | 3; /* force guest privilege */
> "
> this can cause ret_from_intr go to test_all_events and finally go to
> __enter_scheduler

that's the guest context saved in _memory_ (xen stack) which gets
modified -- user or kernel. that's where what it ultimately returns _to_
upon return _from_ do_iret. with an interrupted do_iret, the switch in
ret_from_intr would be yet another stack frame above, and that would be
xen being interrupted.

regards,
daniel

--
Daniel Stodden
LRR - Lehrstuhl für Rechnertechnik und Rechnerorganisation
Institut für Informatik der TU München D-85748 Garching
http://www.lrr.in.tum.de/~stodden mailto:stodden@xxxxxxxxxx
PGP Fingerprint: F5A4 1575 4C56 E26A 0B33 3D80 457E 82AE B0D8 735B

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] do_iret bug in xen