From mboxrd@z Thu Jan  1 00:00:00 1970
From: Keir Fraser <keir.fraser@eu.citrix.com>
Subject: Re: [PATCH]Fix the bug of guest os
	installationfailure and win2k boot failure
Date: Tue, 18 Mar 2008 08:46:03 +0000
Message-ID: <C40531CB.151D8%keir.fraser@eu.citrix.com>
References: <FF386CB4AE0E4648B0A96060EC00F36C8AFC87@pdsmsx412.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <FF386CB4AE0E4648B0A96060EC00F36C8AFC87@pdsmsx412.ccr.corp.intel.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Xu, Dongxiao" <dongxiao.xu@intel.com>, "Cui, Dexuan" <dexuan.cui@intel.com>, xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

We're on the same page now, except that I realised there is a TOCTTOU race
introduced by relying on the processor's permission check while re-fetching
the instruction from scratch in the hypervisor. This allows, in theory, a
multi-threaded process to rewrite the I/O-port accessing instruction after
the processor has fetched the instruction, and validated the access, but
before Xen re-fetches the instruction for emulation. Possibly we do not care
too much about this, since the process must already have some
I/O-port-access permissions, but equally I don't expect we fall into the
TSS-bitmap check all that often, it's not that hard to implement, and then
we are definitely safe.

 -- Keir

On 18/3/08 01:49, "Xu, Dongxiao" <dongxiao.xu@intel.com> wrote:

> Hi, Keir, 
>     Now I understand what you mean. read_io, write_io, inject_hw_exception
> callbacks are not defined within the multi.c. So I/O instructions will not be
> emulated by it. Thanks for your comments. And the new patch is attached.
> 
> Best regards,
> -- Dongxiao
> 
> -----Original Message-----
> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
> Sent: 2008年3月17日 19:21
> To: Cui, Dexuan; Xu, Dongxiao; xen-devel@lists.xensource.com
> Subject: Re: [Xen-devel] [PATCH]Fix the bug of guest os installationfailure
> and win2k boot failure
> 
> On 17/3/08 11:16, "Cui, Dexuan" <dexuan.cui@intel.com> wrote:
> 
>>> I think you misunderstand. The shadow emulator *never* emulates I/O
>>> port accesses or exception deliveries. Those callback functions are
>>> simply not implemented and are left as NULL.
>> Those callback functions -- what are they? -- do you mean the following?
>> static struct x86_emulate_ops hvm_emulate_ops = {
>>     ....
>>     .read_io       = hvmemul_read_io,
>>     .write_io      = hvmemul_write_io,
>> ...
>> };
> 
> Yes indeed. Also, crucially, .inject_hw_exception. Without that
> x86_emulate() is unable to inject any exception into the guest, and will
> instead return X86EMUL_UNHANDLEABLE.
> 
>  -- Keir
> 
>