WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] do_iret bug in xen

from [Daniel Stodden] [Permanent Link][Original]
To: Ashish Bijlani <ashish.bijlani@xxxxxxxxx>
Subject: Re: [Xen-devel] do_iret bug in xen
From: Daniel Stodden <stodden@xxxxxxxxxx>
Date: Wed, 28 Nov 2007 01:51:19 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Tue, 27 Nov 2007 16:52:01 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <ec55b17e0711271530t5032aba9p991c8f94362179de@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Fakultät für Informatik I10, Technische Universität Münche
References: <E1Ix7Vw-000810-RL@host-192-168-0-1-bcn-london> <474C912B.2040401@xxxxxxxxxxxxxx> <ec55b17e0711271441l6145399fu963553fceb67694e@xxxxxxxxxxxxxx> <1196205436.29110.26.camel@xxxxxxxxxxxxxxxxxxxxx> <ec55b17e0711271530t5032aba9p991c8f94362179de@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Tue, 2007-11-27 at 18:30 -0500, Ashish Bijlani wrote:
> yeah but the do_iret function is done on behalf of a guest, therefore
> do_iret function forces user cs and user ss
> 
> code excerpt 
> "
>     regs->rip    = iret_saved.rip;
>     regs->cs     = iret_saved.cs | 3; /* force guest privilege */ 
>     regs->rflags = (iret_saved.rflags & ~(EF_IOPL|EF_VM)) | EF_IE;
>     regs->rsp    = iret_saved.rsp;
>     regs->ss     = iret_saved.ss | 3; /* force guest privilege */
> "
> this can cause ret_from_intr go to test_all_events and finally go to
> __enter_scheduler 

that's the guest context saved in _memory_ (xen stack) which gets
modified -- user or kernel. that's where what it ultimately returns _to_
upon return _from_ do_iret. with an interrupted do_iret, the switch in
ret_from_intr would be yet another stack frame above, and that would be
xen being interrupted.

regards,
daniel
 
-- 
Daniel Stodden
LRR     -      Lehrstuhl für Rechnertechnik und Rechnerorganisation
Institut für Informatik der TU München             D-85748 Garching
http://www.lrr.in.tum.de/~stodden         mailto:stodden@xxxxxxxxxx
PGP Fingerprint: F5A4 1575 4C56 E26A 0B33  3D80 457E 82AE B0D8 735B



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Xen unstable full validation results for cset: #16379, Ian Pratt
Next by Date:  Re: [Xen-devel] HVM PCI passthrough NON VT-d, Mark Williamson
Previous by Thread:  Re: [Xen-devel] do_iret bug in xen, Ashish Bijlani
Next by Thread:  Re: [Xen-devel] do_iret bug in xen, Ashish Bijlani
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy