WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH 5 of 6] REDO: mem_access & mem_access 2: added IN

from [Tim Deegan] [Permanent Link][Original]
To: Joe Epstein <jepstein98@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 5 of 6] REDO: mem_access & mem_access 2: added INT3/CRx capture
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Wed, 5 Jan 2011 14:39:54 +0000
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 05 Jan 2011 06:40:35 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTikd_Qp-uy-+AmCBTFaUbmhRc7J3TbVMdREBgvJX@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTikd_Qp-uy-+AmCBTFaUbmhRc7J3TbVMdREBgvJX@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14) 
Hi, 

At 22:07 +0000 on 04 Jan (1294178845), Joe Epstein wrote:
> diff -r 3500724e8052 -r c1866aff7a5f xen/arch/x86/hvm/hvm.c
> --- a/xen/arch/x86/hvm/hvm.c    Tue Jan 04 12:34:06 2011 -0800
> +++ b/xen/arch/x86/hvm/hvm.c    Tue Jan 04 12:35:49 2011 -0800
> @@ -309,6 +309,15 @@
>              return; /* bail */
>          }
>      }
> +
> +    /* Inject pending hw/sw trap */
> +    if (v->arch.hvm_vcpu.inject_trap != -1)
> +    {
> +        hvm_inject_exception(v->arch.hvm_vcpu.inject_trap,
> +                             v->arch.hvm_vcpu.inject_error_code,
> +                             v->arch.hvm_vcpu.inject_cr2);
> +        v->arch.hvm_vcpu.inject_trap = -1;
> +    }

What if the guest already has a trap pending for some reason?  This
could turn it into a double-fault, which is probably not what the caller
wanted. 

>  }
> 
>  static void hvm_init_ioreq_page(
> @@ -949,6 +958,8 @@
>      spin_lock_init(&v->arch.hvm_vcpu.tm_lock);
>      INIT_LIST_HEAD(&v->arch.hvm_vcpu.tm_list);
> 
> +    v->arch.hvm_vcpu.inject_trap = -1;
> +
>  #ifdef CONFIG_COMPAT
>      rc = setup_compat_arg_xlat(v);
>      if ( rc != 0 )
> @@ -3216,10 +3227,34 @@
>              case HVM_PARAM_ACPI_IOPORTS_LOCATION:
>                  rc = pmtimer_change_ioport(d, a.value);
>                  break;
> +            case HVM_PARAM_MEMORY_EVENT_INT3:
> +                if ( a.value & HVMPME_onchangeonly )
> +                    rc = -EINVAL;
> +                break;
>              }
> 
> -            if ( rc == 0 )
> +            if ( rc == 0 )
> +            {
>                  d->arch.hvm_domain.params[a.index] = a.value;
> +
> +                switch( a.index )
> +                {
> +                case HVM_PARAM_MEMORY_EVENT_INT3:
> +                {
> +                    domain_pause(d);

You need to make sure a VM can't set this param on itself, or else this
domain_pause() can deadlock Xen.   Also, you probably don't want the
daomin turning these intercepts off anyway. :)

Now that I think of it, it's worth checking your other hypercalls to
check that a VM can't change its own p2m mapping types.

[...]

> @@ -1589,13 +1601,25 @@
>      switch ( cr )
>      {
>      case 0:
> -        return !hvm_set_cr0(value);
> +        old = v->arch.hvm_vcpu.guest_cr[0];
> +        rc = !hvm_set_cr0(value);
> +        if (rc)
> +            hvm_memory_event_cr0(value, old);

You defined the hvm_memory_event_foo() functions to return error codes
but you don't handle them in the caller.  Please either handle them or
arrange for the functions to return void. 

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Xen 4.0.1 "xc_map_foreign_batch: mmap failed: Cannot allocate memory", Stefano Stabellini
Next by Date:  Re: [Xen-devel] [PATCH 6 of 6] REDO: mem_access & mem_access 2: added trap injection to libxc, Tim Deegan
Previous by Thread:  Re: [Xen-devel] [PATCH 5 of 6] REDO: mem_access & mem_access 2: added INT3/CRx capture, Keir Fraser
Next by Thread:  Re: [Xen-devel] [PATCH 5 of 6] REDO: mem_access & mem_access 2: added INT3/CRx capture, Joe Epstein
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy