From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Keir Fraser <keir@xen.org>, Jan Beulich <JBeulich@suse.com>,
Jun Nakajima <jun.nakajima@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Jacob Shin <jacob.shin@amd.com>,
Eddie Dong <eddie.dong@intel.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: [PATCH] xen: Special case __HYPERVISOR_iret rather more when writing hypercall pages
Date: Mon, 15 Jul 2013 20:30:30 +0100 [thread overview]
Message-ID: <1373916630-26220-1-git-send-email-andrew.cooper3@citrix.com> (raw)
In all cases when a hypercall page is written, __HYPERVISOR_iret is first
written as a regular hypercall, then subsequently rewritten in its special
case.
For VMX and SVM, this means that following the ud2a instruction is 3 bytes of
an imm32 parameter. For a ring3 kernel, this means that following the syscall
instruction is the second half of 'pop %r11'.
For a ring1 kernel, the iret case ends up as the same number of bytes as the
rest of the hypercalls, but it is pointless writing it twice, and is changed
for consistency.
Therefore, skip the loop iteration which would write the incorrect
__HYPERVISOR_iret hypercall. This removes junk machine code from the tail and
makes disassemblers rather more happy when looking at the hypercall page.
Also, a miscellaneous whitespace fix in the comment for ring3 kernel.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Keir Fraser <keir@xen.org>
CC: Jan Beulich <JBeulich@suse.com>
CC: Boris Ostrovsky <boris.ostrovsky@oracle.com>
CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
CC: Jacob Shin <jacob.shin@amd.com>
CC: Jun Nakajima <jun.nakajima@intel.com>
CC: Eddie Dong <eddie.dong@intel.com>
---
xen/arch/x86/hvm/svm/svm.c | 3 +++
xen/arch/x86/hvm/vmx/vmx.c | 3 +++
xen/arch/x86/x86_64/compat/traps.c | 3 +++
xen/arch/x86/x86_64/traps.c | 7 +++++--
4 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 4a7aeee..4cc4b15 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -759,6 +759,9 @@ static void svm_init_hypercall_page(struct domain *d, void *hypercall_page)
for ( i = 0; i < (PAGE_SIZE / 32); i++ )
{
+ if ( i == __HYPERVISOR_iret )
+ continue;
+
p = (char *)(hypercall_page + (i * 32));
*(u8 *)(p + 0) = 0xb8; /* mov imm32, %eax */
*(u32 *)(p + 1) = i;
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 059d258..d6540e3 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -950,6 +950,9 @@ static void vmx_init_hypercall_page(struct domain *d, void *hypercall_page)
for ( i = 0; i < (PAGE_SIZE / 32); i++ )
{
+ if ( i == __HYPERVISOR_iret )
+ continue;
+
p = (char *)(hypercall_page + (i * 32));
*(u8 *)(p + 0) = 0xb8; /* mov imm32, %eax */
*(u32 *)(p + 1) = i;
diff --git a/xen/arch/x86/x86_64/compat/traps.c b/xen/arch/x86/x86_64/compat/traps.c
index 6816b0e..21a82b9 100644
--- a/xen/arch/x86/x86_64/compat/traps.c
+++ b/xen/arch/x86/x86_64/compat/traps.c
@@ -367,6 +367,9 @@ static void hypercall_page_initialise_ring1_kernel(void *hypercall_page)
for ( i = 0; i < (PAGE_SIZE / 32); i++ )
{
+ if ( i == __HYPERVISOR_iret )
+ continue;
+
p = (char *)(hypercall_page + (i * 32));
*(u8 *)(p+ 0) = 0xb8; /* mov $<i>,%eax */
*(u32 *)(p+ 1) = i;
diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c
index eec919a..bcd7609 100644
--- a/xen/arch/x86/x86_64/traps.c
+++ b/xen/arch/x86/x86_64/traps.c
@@ -590,6 +590,9 @@ static void hypercall_page_initialise_ring3_kernel(void *hypercall_page)
/* Fill in all the transfer points with template machine code. */
for ( i = 0; i < (PAGE_SIZE / 32); i++ )
{
+ if ( i == __HYPERVISOR_iret )
+ continue;
+
p = (char *)(hypercall_page + (i * 32));
*(u8 *)(p+ 0) = 0x51; /* push %rcx */
*(u16 *)(p+ 1) = 0x5341; /* push %r11 */
@@ -602,8 +605,8 @@ static void hypercall_page_initialise_ring3_kernel(void *hypercall_page)
}
/*
- * HYPERVISOR_iret is special because it doesn't return and expects a
- * special stack frame. Guests jump at this transfer point instead of
+ * HYPERVISOR_iret is special because it doesn't return and expects a
+ * special stack frame. Guests jump at this transfer point instead of
* calling it.
*/
p = (char *)(hypercall_page + (__HYPERVISOR_iret * 32));
--
1.7.10.4
reply other threads:[~2013-07-15 19:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1373916630-26220-1-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=eddie.dong@intel.com \
--cc=jacob.shin@amd.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).