From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Tian, Kevin" <kevin.tian@intel.com>,
Xen-devel <xen-devel@lists.xen.org>
Cc: "Nakajima, Jun" <jun.nakajima@intel.com>,
Jan Beulich <JBeulich@suse.com>
Subject: Re: [PATCH] x86/vmx: Fix injection of #DB traps following XSA-165
Date: Tue, 29 Dec 2015 10:50:30 +0000 [thread overview]
Message-ID: <56826576.6060505@citrix.com> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D15F755BD3@SHSMSX101.ccr.corp.intel.com>
On 25/12/2015 01:36, Tian, Kevin wrote:
>> From: Andrew Cooper [mailto:andrew.cooper3@citrix.com]
>> Sent: Friday, December 25, 2015 2:23 AM
>>
>> Most debug exceptions are traps rather than faults. Blindly re-injecting them
>> as hardware exception causes the instruction pointer in the exception frame
>> to point at the target instruct, rather than after it. This in turn breaks
>> debuggers in the guests.
>>
>> Introduce a helper which copies VM_EXIT_INTR_INTO to VM_ENTRY_INTR_INFO, and
>> use it to mirror the intercepted interrupt back to the guest. As part of
>> doing so, introduce vmx_intr_info_t with a bitfield representation of an
>> INTR_INFO field.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> ---
>> CC: Jan Beulich <JBeulich@suse.com>
>> CC: Jun Nakajima <jun.nakajima@intel.com>
>> CC: Kevin Tian <kevin.tian@intel.com>
>> ---
>> xen/arch/x86/hvm/vmx/vmx.c | 33
>> ++++++++++++++++++++++++++++++---
>> xen/include/asm-x86/hvm/vmx/vmx.h | 12 ++++++++++++
>> 2 files changed, 42 insertions(+), 3 deletions(-)
>>
>> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
>> index b918b8a..aacf07a 100644
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -2877,6 +2877,34 @@ static int vmx_handle_eoi_write(void)
>> return 0;
>> }
>>
>> +/*
>> + * Propagate VM_EXIT_INTR_INFO to VM_ENTRY_INTR_INFO. Used to mirror an
>> + * intercepted exception back to the guest as if Xen hadn't intercepted it.
>> + *
>> + * It is the callers responsibility to ensure that this function is only used
>> + * in the context of an appropriate vmexit.
>> + */
>> +static void vmx_propagate_intr(void)
>> +{
>> + vmx_intr_info_t intr;
>> + unsigned long tmp;
>> +
>> + __vmread(VM_EXIT_INTR_INFO, &intr.raw);
>> +
>> + ASSERT(intr.valid);
>> +
>> + __vmwrite(VM_ENTRY_INTR_INFO, intr.raw);
>> +
>> + if ( intr.ec_valid )
>> + {
>> + __vmread(VM_EXIT_INTR_ERROR_CODE, &tmp);
>> + __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, tmp);
>> + }
>> +
>> + __vmread(VM_EXIT_INSTRUCTION_LEN, &tmp);
>> + __vmwrite(VM_ENTRY_INSTRUCTION_LEN, tmp);
>> +}
>> +
>> static void vmx_idtv_reinject(unsigned long idtv_info)
>> {
>>
>> @@ -3137,7 +3165,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>> HVMTRACE_1D(TRAP_DEBUG, exit_qualification);
>> write_debugreg(6, exit_qualification | DR_STATUS_RESERVED_ONE);
>> if ( !v->domain->debugger_attached )
>> - hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE);
>> + vmx_propagate_intr();
>> else
>> domain_pause_for_debugger();
>> break;
>> @@ -3206,8 +3234,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>> break;
>> case TRAP_alignment_check:
>> HVMTRACE_1D(TRAP, vector);
>> - __vmread(VM_EXIT_INTR_ERROR_CODE, &ecode);
>> - hvm_inject_hw_exception(vector, ecode);
>> + vmx_propagate_intr();
>> break;
>> case TRAP_nmi:
>> if ( MASK_EXTR(intr_info, INTR_INFO_INTR_TYPE_MASK) !=
>> diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h
>> b/xen/include/asm-x86/hvm/vmx/vmx.h
>> index 1719965..ad2018f 100644
>> --- a/xen/include/asm-x86/hvm/vmx/vmx.h
>> +++ b/xen/include/asm-x86/hvm/vmx/vmx.h
>> @@ -224,6 +224,18 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc)
>> #define INTR_INFO_VALID_MASK 0x80000000 /* 31 */
>> #define INTR_INFO_RESVD_BITS_MASK 0x7ffff000
>>
>> +typedef union vmx_intr_info {
>> + unsigned long raw;
>> + struct {
>> + uint8_t vector;
>> + uint32_t type: 3,
>> + ec_valid: 1,
>> + nmi_unblocked: 1,
>> + rsvd: 18,
>> + valid: 1;
>> + };
>> +} vmx_intr_info_t;
>> +
> Is there a value to separate vector from bitfield definition? Although
> it works, spec defines all fields in one 32bits format...
Not specifically - I can certainly replace it with a single bitfield list.
>
> btw seems there's no other users of this new structure. To be consistent
> I'd suggest either staying same with other place reading intr_info or
> split into a new patch to change all references together.
I will split into two patches. A bugfix first, and a cleanup second.
The former will then be easier to backport.
~Andrew
prev parent reply other threads:[~2015-12-29 10:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-24 18:23 [PATCH] x86/vmx: Fix injection of #DB traps following XSA-165 Andrew Cooper
2015-12-24 18:54 ` AMD #DB interception (was [PATCH] x86/vmx: Fix injection of #DB traps following XSA-165) Andrew Cooper
2015-12-25 1:36 ` [PATCH] x86/vmx: Fix injection of #DB traps following XSA-165 Tian, Kevin
2015-12-29 10:50 ` Andrew Cooper [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56826576.6060505@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.