From: Olaf Hering <olaf@aepfle.de>
To: xen-devel@lists.xen.org
Subject: [PATCH v4] xen: handle paged gfn in wrmsr_hypervisor_regs
Date: Fri, 03 May 2013 17:43:29 +0200 [thread overview]
Message-ID: <4b7f3f754c015e0c2012.1367595809@probook.site> (raw)
In-Reply-To: <19777301f89653c640de.1367511891@probook.site>
# HG changeset patch
# User Olaf Hering <olaf@aepfle.de>
# Date 1367595698 -7200
# Node ID 4b7f3f754c015e0c2012d4b8ef4faf89ba18a3bf
# Parent 9df019eef776d129c2abb130d1458914fe1ecac4
xen: handle paged gfn in wrmsr_hypervisor_regs
If xenpaging is started very early for a guest the gfn for the hypercall
page may be paged-out already. This leads to a guest crash:
...
(XEN) HVM10: Allocated Xen hypercall page at 169ff000
(XEN) traps.c:654:d10 Bad GMFN 169ff (MFN 3e900000000) to MSR 40000000
(XEN) HVM10: Detected Xen v4.3
(XEN) io.c:201:d10 MMIO emulation failed @ 0008:c2c2c2c2: 18 7c 55 6d 03 83 ff ff 10 7c
(XEN) hvm.c:1253:d10 Triple fault on VCPU0 - invoking HVM shutdown action 1.
(XEN) HVM11: HVM Loader
...
Update return codes of wrmsr_hypervisor_regs, update callers to deal
with the new return codes:
0: not handled
1: handled
-EINVAL: error during handling
-EAGAIN: retry
Also update the gdprintk to handle a page value of NULL to avoid
printing a bogus MFN value. Update also computing of MSR value in
gdprintk, the idx was always zero.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
diff -r 9df019eef776 -r 4b7f3f754c01 xen/arch/x86/hvm/svm/svm.c
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1569,7 +1569,7 @@ static int svm_msr_read_intercept(unsign
static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content)
{
- int ret;
+ int ret, result = X86EMUL_OKAY;
struct vcpu *v = current;
struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
int sync = 0;
@@ -1682,14 +1682,24 @@ static int svm_msr_write_intercept(unsig
if ( wrmsr_viridian_regs(msr, msr_content) )
break;
- wrmsr_hypervisor_regs(msr, msr_content);
+ switch ( wrmsr_hypervisor_regs(msr, msr_content) )
+ {
+ case -EAGAIN:
+ result = X86EMUL_RETRY;
+ break;
+ case 0:
+ case 1:
+ break;
+ default:
+ goto gpf;
+ }
break;
}
if ( sync )
svm_vmload(vmcb);
- return X86EMUL_OKAY;
+ return result;
gpf:
hvm_inject_hw_exception(TRAP_gp_fault, 0);
diff -r 9df019eef776 -r 4b7f3f754c01 xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2088,7 +2088,16 @@ static int vmx_msr_write_intercept(unsig
case HNDL_unhandled:
if ( (vmx_write_guest_msr(msr, msr_content) != 0) &&
!is_last_branch_msr(msr) )
- wrmsr_hypervisor_regs(msr, msr_content);
+ switch ( wrmsr_hypervisor_regs(msr, msr_content) )
+ {
+ case -EAGAIN:
+ return X86EMUL_RETRY;
+ case 0:
+ case 1:
+ break;
+ default:
+ goto gp_fault;
+ }
break;
case HNDL_exception_raised:
return X86EMUL_EXCEPTION;
diff -r 9df019eef776 -r 4b7f3f754c01 xen/arch/x86/traps.c
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -634,6 +634,7 @@ int wrmsr_hypervisor_regs(uint32_t idx,
unsigned long gmfn = val >> 12;
unsigned int idx = val & 0xfff;
struct page_info *page;
+ p2m_type_t t;
if ( idx > 0 )
{
@@ -643,15 +644,22 @@ int wrmsr_hypervisor_regs(uint32_t idx,
return 0;
}
- page = get_page_from_gfn(d, gmfn, NULL, P2M_ALLOC);
+ page = get_page_from_gfn(d, gmfn, &t, P2M_ALLOC);
if ( !page || !get_page_type(page, PGT_writable_page) )
{
if ( page )
put_page(page);
+
+ if ( p2m_is_paging(t) )
+ {
+ p2m_mem_paging_populate(d, gmfn);
+ return -EAGAIN;
+ }
+
gdprintk(XENLOG_WARNING,
"Bad GMFN %lx (MFN %lx) to MSR %08x\n",
- gmfn, page_to_mfn(page), base + idx);
+ gmfn, page ? page_to_mfn(page) : -1UL, base);
return 0;
}
@@ -2490,7 +2498,7 @@ static int emulate_privileged_op(struct
goto fail;
break;
default:
- if ( wrmsr_hypervisor_regs(regs->ecx, msr_content) )
+ if ( wrmsr_hypervisor_regs(regs->ecx, msr_content) == 1 )
break;
rc = vmce_wrmsr(regs->ecx, msr_content);
next prev parent reply other threads:[~2013-05-03 15:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-02 16:24 [PATCH] xen: handle paged gfn in wrmsr_hypervisor_regs Olaf Hering
2013-05-03 7:12 ` Jan Beulich
2013-05-03 12:58 ` Olaf Hering
2013-05-03 13:40 ` Olaf Hering
2013-05-03 13:53 ` Jan Beulich
2013-05-03 12:57 ` [PATCH v2] " Olaf Hering
2013-05-03 13:58 ` Jan Beulich
2013-05-03 14:11 ` Olaf Hering
2013-05-03 14:24 ` Jan Beulich
2013-05-03 14:26 ` Keir Fraser
2013-05-03 14:31 ` Jan Beulich
2013-05-03 15:19 ` Olaf Hering
2013-05-03 15:55 ` Keir Fraser
2013-05-03 15:17 ` [PATCH v3] " Olaf Hering
2013-05-03 15:30 ` Jan Beulich
2013-05-03 15:48 ` Olaf Hering
2013-05-03 15:53 ` Jan Beulich
2013-05-03 15:58 ` Keir Fraser
2013-05-03 16:03 ` Jan Beulich
2013-05-03 16:06 ` Keir Fraser
2013-05-03 15:55 ` Keir Fraser
2013-05-03 15:43 ` Olaf Hering [this message]
2013-05-03 16:29 ` [PATCH v5] " Olaf Hering
2013-05-08 9:27 ` Jan Beulich
2013-05-08 10:51 ` Olaf Hering
2013-05-08 11:41 ` Jan Beulich
2013-05-08 11:45 ` Olaf Hering
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4b7f3f754c015e0c2012.1367595809@probook.site \
--to=olaf@aepfle.de \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.