xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC
@ 2016-12-21 16:32 Andrew Cooper
  2016-12-21 16:32 ` [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook Andrew Cooper
  2016-12-22  8:25 ` [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Jan Beulich
  0 siblings, 2 replies; 5+ messages in thread
From: Andrew Cooper @ 2016-12-21 16:32 UTC (permalink / raw)
  To: Xen-devel; +Cc: Andrew Cooper, Paul Durrant, Jan Beulich

The bracketing of x86_emulate() calling the ops->vmfunc() hook is wrong with
respect to the assignment to rc, which can trip the new assertions in
x86_emulate_wrapper().

The hvmemul_vmfunc() hook should only raise #UD if X86EMUL_EXCEPTION is
returned.  This is only a latent bug at the moment.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Paul Durrant <paul.durrant@citrix.com>
---
 xen/arch/x86/hvm/emulate.c             | 2 +-
 xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index 24754d3..aa1b716 100644
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -1653,7 +1653,7 @@ static int hvmemul_vmfunc(
     if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
         return X86EMUL_UNHANDLEABLE;
     rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
-    if ( rc != X86EMUL_OKAY )
+    if ( rc == X86EMUL_EXCEPTION )
         x86_emul_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC, ctxt);
 
     return rc;
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index b6d7358..3076c0c 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -4463,7 +4463,7 @@ x86_emulate(
             generate_exception_if(lock_prefix | rep_prefix() | (vex.pfx == vex_66),
                                   EXC_UD);
             fail_if(!ops->vmfunc);
-            if ( (rc = ops->vmfunc(ctxt) != X86EMUL_OKAY) )
+            if ( (rc = ops->vmfunc(ctxt)) != X86EMUL_OKAY )
                 goto done;
             goto no_writeback;
 
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook
  2016-12-21 16:32 [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Andrew Cooper
@ 2016-12-21 16:32 ` Andrew Cooper
  2016-12-22  8:27   ` Jan Beulich
  2016-12-22  8:25 ` [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Jan Beulich
  1 sibling, 1 reply; 5+ messages in thread
From: Andrew Cooper @ 2016-12-21 16:32 UTC (permalink / raw)
  To: Xen-devel; +Cc: Andrew Cooper, Paul Durrant, Jan Beulich

vmfunc can in principle modify register state, so should operate on the shadow
register state rather than the starting state of emulation.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Paul Durrant <paul.durrant@citrix.com>
---
 xen/arch/x86/hvm/emulate.c             | 3 ++-
 xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
 xen/arch/x86/x86_emulate/x86_emulate.h | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index aa1b716..fae666a 100644
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -1646,13 +1646,14 @@ static int hvmemul_invlpg(
 }
 
 static int hvmemul_vmfunc(
+    struct cpu_user_regs *regs,
     struct x86_emulate_ctxt *ctxt)
 {
     int rc;
 
     if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
         return X86EMUL_UNHANDLEABLE;
-    rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
+    rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(regs);
     if ( rc == X86EMUL_EXCEPTION )
         x86_emul_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC, ctxt);
 
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 3076c0c..c9ffc56 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -4463,7 +4463,7 @@ x86_emulate(
             generate_exception_if(lock_prefix | rep_prefix() | (vex.pfx == vex_66),
                                   EXC_UD);
             fail_if(!ops->vmfunc);
-            if ( (rc = ops->vmfunc(ctxt)) != X86EMUL_OKAY )
+            if ( (rc = ops->vmfunc(&_regs, ctxt)) != X86EMUL_OKAY )
                 goto done;
             goto no_writeback;
 
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h
index 75f57ba..d70b534 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.h
+++ b/xen/arch/x86/x86_emulate/x86_emulate.h
@@ -448,6 +448,7 @@ struct x86_emulate_ops
 
     /* vmfunc: Emulate VMFUNC via given set of EAX ECX inputs */
     int (*vmfunc)(
+        struct cpu_user_regs *regs,
         struct x86_emulate_ctxt *ctxt);
 };
 
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC
  2016-12-21 16:32 [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Andrew Cooper
  2016-12-21 16:32 ` [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook Andrew Cooper
@ 2016-12-22  8:25 ` Jan Beulich
  1 sibling, 0 replies; 5+ messages in thread
From: Jan Beulich @ 2016-12-22  8:25 UTC (permalink / raw)
  To: Andrew Cooper; +Cc: Paul Durrant, Xen-devel

>>> On 21.12.16 at 17:32, <andrew.cooper3@citrix.com> wrote:
> The bracketing of x86_emulate() calling the ops->vmfunc() hook is wrong with
> respect to the assignment to rc, which can trip the new assertions in
> x86_emulate_wrapper().
> 
> The hvmemul_vmfunc() hook should only raise #UD if X86EMUL_EXCEPTION is
> returned.  This is only a latent bug at the moment.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

> --- a/xen/arch/x86/hvm/emulate.c
> +++ b/xen/arch/x86/hvm/emulate.c
> @@ -1653,7 +1653,7 @@ static int hvmemul_vmfunc(
>      if ( !hvm_funcs.altp2m_vcpu_emulate_vmfunc )
>          return X86EMUL_UNHANDLEABLE;
>      rc = hvm_funcs.altp2m_vcpu_emulate_vmfunc(ctxt->regs);
> -    if ( rc != X86EMUL_OKAY )
> +    if ( rc == X86EMUL_EXCEPTION )
>          x86_emul_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC, ctxt);

Great - saves me from submitting one of my follow-up patches.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook
  2016-12-21 16:32 ` [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook Andrew Cooper
@ 2016-12-22  8:27   ` Jan Beulich
  2016-12-22 12:44     ` Andrew Cooper
  0 siblings, 1 reply; 5+ messages in thread
From: Jan Beulich @ 2016-12-22  8:27 UTC (permalink / raw)
  To: Andrew Cooper; +Cc: Paul Durrant, Xen-devel

>>> On 21.12.16 at 17:32, <andrew.cooper3@citrix.com> wrote:
> vmfunc can in principle modify register state, so should operate on the shadow
> register state rather than the starting state of emulation.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

While in principle this is fine, I'd rather see the register state
constified for now, to demonstrate it is not being modified. I'll
submit my two remaining follow-up patches in a minute, and
we can then discuss which of the two to take.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook
  2016-12-22  8:27   ` Jan Beulich
@ 2016-12-22 12:44     ` Andrew Cooper
  0 siblings, 0 replies; 5+ messages in thread
From: Andrew Cooper @ 2016-12-22 12:44 UTC (permalink / raw)
  To: Jan Beulich; +Cc: Paul Durrant, Xen-devel

On 22/12/16 08:27, Jan Beulich wrote:
>>>> On 21.12.16 at 17:32, <andrew.cooper3@citrix.com> wrote:
>> vmfunc can in principle modify register state, so should operate on the shadow
>> register state rather than the starting state of emulation.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> While in principle this is fine, I'd rather see the register state
> constified for now, to demonstrate it is not being modified. I'll
> submit my two remaining follow-up patches in a minute, and
> we can then discuss which of the two to take.

The question here is how likely it is that new functionality for VMFUNC 
will be defined, which starts mutating the values.

I am not aware of anything new, so lets go with the const version for 
now (as it is one fewer parameters).  If this changes in the future, we 
can easily switch back to passing the shadow register block.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-12-22 12:44 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-21 16:32 [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Andrew Cooper
2016-12-21 16:32 ` [PATCH 2/2] x86/emul: Pass shadow register state to the vmfunc() hook Andrew Cooper
2016-12-22  8:27   ` Jan Beulich
2016-12-22 12:44     ` Andrew Cooper
2016-12-22  8:25 ` [PATCH 1/2] x86/emul: Correct the return value handling of VMFUNC Jan Beulich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).