From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH v2 3/3] x86/HVM: don't crash guest upon problems occurring in user mode Date: Thu, 20 Nov 2014 15:42:02 +0000 Message-ID: <546E0BCA.5080902@citrix.com> References: <546DCAB102000078000493E0@smtp.nue.novell.com> <546DCCC202000078000493F8@smtp.nue.novell.com> <20141120113458.GC91061@deinos.phlegethon.org> <546DF69E0200007800049579@smtp.nue.novell.com> <546E18BD020000780004966B@smtp.nue.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9160022290349708393==" Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XrTs0-00049c-Nb for xen-devel@lists.xenproject.org; Thu, 20 Nov 2014 15:42:08 +0000 In-Reply-To: <546E18BD020000780004966B@smtp.nue.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , xen-devel Cc: Keir Fraser , Tim Deegan List-Id: xen-devel@lists.xenproject.org --===============9160022290349708393== Content-Type: multipart/alternative; boundary="------------020900000200060000010206" --------------020900000200060000010206 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit On 20/11/14 15:37, Jan Beulich wrote: > This extends commit 5283b310 ("x86/HVM: only kill guest when unknown VM > exit occurred in guest kernel mode") to a few more cases, including the > failed VM entry one that XSA-110 was needed to be issued for. > > Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper > --- > v2: - s/crash_or_gp/crash_or_fault/ > - drop changes to svm_do_nested_pgfault(), svm_vmexit_handler()'s > VMEXIT_NPF handling, and ept_handle_violation() > > --- a/xen/arch/x86/hvm/svm/svm.c > +++ b/xen/arch/x86/hvm/svm/svm.c > @@ -90,6 +90,15 @@ static bool_t amd_erratum383_found __rea > static uint64_t osvw_length, osvw_status; > static DEFINE_SPINLOCK(osvw_lock); > > +/* Only crash the guest if the problem originates in kernel mode. */ > +static void svm_crash_or_fault(struct vcpu *v) > +{ > + if ( vmcb_get_cpl(v->arch.hvm_svm.vmcb) ) > + hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE); > + else > + domain_crash(v->domain); > +} > + > void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len) > { > struct vcpu *curr = current; > @@ -100,7 +109,7 @@ void __update_guest_eip(struct cpu_user_ > if ( unlikely(inst_len > 15) ) > { > gdprintk(XENLOG_ERR, "Bad instruction length %u\n", inst_len); > - domain_crash(curr->domain); > + svm_crash_or_fault(curr); > return; > } > > @@ -2680,11 +2689,7 @@ void svm_vmexit_handler(struct cpu_user_ > "exitinfo1 = %#"PRIx64", exitinfo2 = %#"PRIx64"\n", > exit_reason, > (u64)vmcb->exitinfo1, (u64)vmcb->exitinfo2); > - if ( vmcb_get_cpl(vmcb) ) > - hvm_inject_hw_exception(TRAP_invalid_op, > - HVM_DELIVER_NO_ERROR_CODE); > - else > - domain_crash(v->domain); > + svm_crash_or_fault(v); > break; > } > > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@ -134,6 +134,18 @@ static void vmx_vcpu_destroy(struct vcpu > passive_domain_destroy(v); > } > > +/* Only crash the guest if the problem originates in kernel mode. */ > +static void vmx_crash_or_fault(struct vcpu *v) > +{ > + struct segment_register ss; > + > + vmx_get_segment_register(v, x86_seg_ss, &ss); > + if ( ss.attr.fields.dpl ) > + hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE); > + else > + domain_crash(v->domain); > +} > + > static DEFINE_PER_CPU(struct vmx_msr_state, host_msr_state); > > static const u32 msr_index[] = > @@ -2508,7 +2520,7 @@ static void vmx_failed_vmentry(unsigned > vmcs_dump_vcpu(curr); > printk("**************************************\n"); > > - domain_crash(curr->domain); > + vmx_crash_or_fault(curr); > } > > void vmx_enter_realmode(struct cpu_user_regs *regs) > @@ -3161,19 +3173,8 @@ void vmx_vmexit_handler(struct cpu_user_ > /* fall through */ > default: > exit_and_crash: > - { > - struct segment_register ss; > - > - gdprintk(XENLOG_WARNING, "Bad vmexit (reason %#lx)\n", > - exit_reason); > - > - vmx_get_segment_register(v, x86_seg_ss, &ss); > - if ( ss.attr.fields.dpl ) > - hvm_inject_hw_exception(TRAP_invalid_op, > - HVM_DELIVER_NO_ERROR_CODE); > - else > - domain_crash(v->domain); > - } > + gdprintk(XENLOG_WARNING, "Bad vmexit (reason %#lx)\n", exit_reason); > + vmx_crash_or_fault(v); > break; > } > > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel --------------020900000200060000010206 Content-Type: text/html; charset="windows-1252" Content-Transfer-Encoding: 7bit
On 20/11/14 15:37, Jan Beulich wrote:
This extends commit 5283b310 ("x86/HVM: only kill guest when unknown VM
exit occurred in guest kernel mode") to a few more cases, including the
failed VM entry one that XSA-110 was needed to be issued for.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

---
v2: - s/crash_or_gp/crash_or_fault/
    - drop changes to svm_do_nested_pgfault(), svm_vmexit_handler()'s
      VMEXIT_NPF handling, and ept_handle_violation()

--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -90,6 +90,15 @@ static bool_t amd_erratum383_found __rea
 static uint64_t osvw_length, osvw_status;
 static DEFINE_SPINLOCK(osvw_lock);
 
+/* Only crash the guest if the problem originates in kernel mode. */
+static void svm_crash_or_fault(struct vcpu *v)
+{
+    if ( vmcb_get_cpl(v->arch.hvm_svm.vmcb) )
+        hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE);
+    else
+        domain_crash(v->domain);
+}
+
 void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len)
 {
     struct vcpu *curr = current;
@@ -100,7 +109,7 @@ void __update_guest_eip(struct cpu_user_
     if ( unlikely(inst_len > 15) )
     {
         gdprintk(XENLOG_ERR, "Bad instruction length %u\n", inst_len);
-        domain_crash(curr->domain);
+        svm_crash_or_fault(curr);
         return;
     }
 
@@ -2680,11 +2689,7 @@ void svm_vmexit_handler(struct cpu_user_
                  "exitinfo1 = %#"PRIx64", exitinfo2 = %#"PRIx64"\n",
                  exit_reason, 
                  (u64)vmcb->exitinfo1, (u64)vmcb->exitinfo2);
-        if ( vmcb_get_cpl(vmcb) )
-            hvm_inject_hw_exception(TRAP_invalid_op,
-                                    HVM_DELIVER_NO_ERROR_CODE);
-        else
-            domain_crash(v->domain);
+        svm_crash_or_fault(v);
         break;
     }
 
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -134,6 +134,18 @@ static void vmx_vcpu_destroy(struct vcpu
     passive_domain_destroy(v);
 }
 
+/* Only crash the guest if the problem originates in kernel mode. */
+static void vmx_crash_or_fault(struct vcpu *v)
+{
+    struct segment_register ss;
+
+    vmx_get_segment_register(v, x86_seg_ss, &ss);
+    if ( ss.attr.fields.dpl )
+        hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE);
+    else
+        domain_crash(v->domain);
+}
+
 static DEFINE_PER_CPU(struct vmx_msr_state, host_msr_state);
 
 static const u32 msr_index[] =
@@ -2508,7 +2520,7 @@ static void vmx_failed_vmentry(unsigned 
     vmcs_dump_vcpu(curr);
     printk("**************************************\n");
 
-    domain_crash(curr->domain);
+    vmx_crash_or_fault(curr);
 }
 
 void vmx_enter_realmode(struct cpu_user_regs *regs)
@@ -3161,19 +3173,8 @@ void vmx_vmexit_handler(struct cpu_user_
     /* fall through */
     default:
     exit_and_crash:
-        {
-            struct segment_register ss;
-
-            gdprintk(XENLOG_WARNING, "Bad vmexit (reason %#lx)\n",
-                     exit_reason);
-
-            vmx_get_segment_register(v, x86_seg_ss, &ss);
-            if ( ss.attr.fields.dpl )
-                hvm_inject_hw_exception(TRAP_invalid_op,
-                                        HVM_DELIVER_NO_ERROR_CODE);
-            else
-                domain_crash(v->domain);
-        }
+        gdprintk(XENLOG_WARNING, "Bad vmexit (reason %#lx)\n", exit_reason);
+        vmx_crash_or_fault(v);
         break;
     }
 






_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--------------020900000200060000010206-- --===============9160022290349708393== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============9160022290349708393==--