* [PATCH] x86/vlapic: don't silently accept bad vectors
@ 2014-09-15 11:53 Jan Beulich
2014-09-15 14:40 ` Andrew Cooper
0 siblings, 1 reply; 2+ messages in thread
From: Jan Beulich @ 2014-09-15 11:53 UTC (permalink / raw)
To: xen-devel; +Cc: Keir Fraser
[-- Attachment #1: Type: text/plain, Size: 3220 bytes --]
Vectors 0-15 are reserved, and a physical LAPIC - upon sending or
receiving one - would generate an APIC error instead of doing the
requested action. Make our emulation behave similarly.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
This only applies cleanly on top of the two earlier series
http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg01751.html
http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg02101.html
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -123,10 +123,34 @@ static int vlapic_find_highest_irr(struc
return vlapic_find_highest_vector(&vlapic->regs->data[APIC_IRR]);
}
+static void vlapic_error(struct vlapic *vlapic, unsigned int errmask)
+{
+ unsigned long flags;
+ uint32_t esr;
+
+ spin_lock_irqsave(&vlapic->esr_lock, flags);
+ esr = vlapic_get_reg(vlapic, APIC_ESR);
+ if ( (esr & errmask) != errmask )
+ {
+ uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
+
+ vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
+ if ( !(lvterr & APIC_LVT_MASKED) )
+ vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
+ }
+ spin_unlock_irqrestore(&vlapic->esr_lock, flags);
+}
+
void vlapic_set_irq(struct vlapic *vlapic, uint8_t vec, uint8_t trig)
{
struct vcpu *target = vlapic_vcpu(vlapic);
+ if ( unlikely(vec < 16) )
+ {
+ vlapic_error(vlapic, APIC_ESR_RECVILL);
+ return;
+ }
+
if ( trig )
vlapic_set_vector(vec, &vlapic->regs->data[APIC_TMR]);
@@ -459,7 +483,12 @@ void vlapic_ipi(
struct vlapic *target = vlapic_lowest_prio(
vlapic_domain(vlapic), vlapic, short_hand, dest, dest_mode);
if ( target != NULL )
- vlapic_accept_irq(vlapic_vcpu(target), icr_low);
+ {
+ if ( likely((icr_low & APIC_VECTOR_MASK) >= 16) )
+ vlapic_accept_irq(vlapic_vcpu(target), icr_low);
+ else
+ vlapic_error(vlapic, APIC_ESR_SENDILL);
+ }
break;
}
@@ -467,6 +496,11 @@ void vlapic_ipi(
struct vcpu *v;
bool_t batch = is_multicast_dest(vlapic, short_hand, dest, dest_mode);
+ if ( unlikely((icr_low & APIC_VECTOR_MASK) < 16) )
+ {
+ vlapic_error(vlapic, APIC_ESR_SENDILL);
+ break;
+ }
if ( batch )
cpu_raise_softirq_batch_begin();
for_each_vcpu ( vlapic_domain(vlapic), v )
@@ -1349,6 +1383,8 @@ int vlapic_init(struct vcpu *v)
if ( v->vcpu_id == 0 )
vlapic->hw.apic_base_msr |= MSR_IA32_APICBASE_BSP;
+ spin_lock_init(&vlapic->esr_lock);
+
tasklet_init(&vlapic->init_sipi.tasklet,
vlapic_init_sipi_action,
(unsigned long)v);
--- a/xen/include/asm-x86/hvm/vlapic.h
+++ b/xen/include/asm-x86/hvm/vlapic.h
@@ -73,6 +73,7 @@
struct vlapic {
struct hvm_hw_lapic hw;
struct hvm_hw_lapic_regs *regs;
+ spinlock_t esr_lock;
bool_t loaded;
struct periodic_time pt;
s_time_t timer_last_update;
[-- Attachment #2: x86-HVM-LAPIC-bad-vector.patch --]
[-- Type: text/plain, Size: 3261 bytes --]
x86/vlapic: don't silently accept bad vectors
Vectors 0-15 are reserved, and a physical LAPIC - upon sending or
receiving one - would generate an APIC error instead of doing the
requested action. Make our emulation behave similarly.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
This only applies cleanly on top of the two earlier series
http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg01751.html
http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg02101.html
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -123,10 +123,34 @@ static int vlapic_find_highest_irr(struc
return vlapic_find_highest_vector(&vlapic->regs->data[APIC_IRR]);
}
+static void vlapic_error(struct vlapic *vlapic, unsigned int errmask)
+{
+ unsigned long flags;
+ uint32_t esr;
+
+ spin_lock_irqsave(&vlapic->esr_lock, flags);
+ esr = vlapic_get_reg(vlapic, APIC_ESR);
+ if ( (esr & errmask) != errmask )
+ {
+ uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
+
+ vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
+ if ( !(lvterr & APIC_LVT_MASKED) )
+ vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
+ }
+ spin_unlock_irqrestore(&vlapic->esr_lock, flags);
+}
+
void vlapic_set_irq(struct vlapic *vlapic, uint8_t vec, uint8_t trig)
{
struct vcpu *target = vlapic_vcpu(vlapic);
+ if ( unlikely(vec < 16) )
+ {
+ vlapic_error(vlapic, APIC_ESR_RECVILL);
+ return;
+ }
+
if ( trig )
vlapic_set_vector(vec, &vlapic->regs->data[APIC_TMR]);
@@ -459,7 +483,12 @@ void vlapic_ipi(
struct vlapic *target = vlapic_lowest_prio(
vlapic_domain(vlapic), vlapic, short_hand, dest, dest_mode);
if ( target != NULL )
- vlapic_accept_irq(vlapic_vcpu(target), icr_low);
+ {
+ if ( likely((icr_low & APIC_VECTOR_MASK) >= 16) )
+ vlapic_accept_irq(vlapic_vcpu(target), icr_low);
+ else
+ vlapic_error(vlapic, APIC_ESR_SENDILL);
+ }
break;
}
@@ -467,6 +496,11 @@ void vlapic_ipi(
struct vcpu *v;
bool_t batch = is_multicast_dest(vlapic, short_hand, dest, dest_mode);
+ if ( unlikely((icr_low & APIC_VECTOR_MASK) < 16) )
+ {
+ vlapic_error(vlapic, APIC_ESR_SENDILL);
+ break;
+ }
if ( batch )
cpu_raise_softirq_batch_begin();
for_each_vcpu ( vlapic_domain(vlapic), v )
@@ -1349,6 +1383,8 @@ int vlapic_init(struct vcpu *v)
if ( v->vcpu_id == 0 )
vlapic->hw.apic_base_msr |= MSR_IA32_APICBASE_BSP;
+ spin_lock_init(&vlapic->esr_lock);
+
tasklet_init(&vlapic->init_sipi.tasklet,
vlapic_init_sipi_action,
(unsigned long)v);
--- a/xen/include/asm-x86/hvm/vlapic.h
+++ b/xen/include/asm-x86/hvm/vlapic.h
@@ -73,6 +73,7 @@
struct vlapic {
struct hvm_hw_lapic hw;
struct hvm_hw_lapic_regs *regs;
+ spinlock_t esr_lock;
bool_t loaded;
struct periodic_time pt;
s_time_t timer_last_update;
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] x86/vlapic: don't silently accept bad vectors
2014-09-15 11:53 [PATCH] x86/vlapic: don't silently accept bad vectors Jan Beulich
@ 2014-09-15 14:40 ` Andrew Cooper
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Cooper @ 2014-09-15 14:40 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Keir Fraser
[-- Attachment #1.1: Type: text/plain, Size: 3579 bytes --]
On 15/09/2014 12:53, Jan Beulich wrote:
> Vectors 0-15 are reserved, and a physical LAPIC - upon sending or
> receiving one - would generate an APIC error instead of doing the
> requested action. Make our emulation behave similarly.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> This only applies cleanly on top of the two earlier series
> http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg01751.html
> http://lists.xenproject.org/archives/html/xen-devel/2014-09/msg02101.html
>
> --- a/xen/arch/x86/hvm/vlapic.c
> +++ b/xen/arch/x86/hvm/vlapic.c
> @@ -123,10 +123,34 @@ static int vlapic_find_highest_irr(struc
> return vlapic_find_highest_vector(&vlapic->regs->data[APIC_IRR]);
> }
>
> +static void vlapic_error(struct vlapic *vlapic, unsigned int errmask)
> +{
> + unsigned long flags;
> + uint32_t esr;
> +
> + spin_lock_irqsave(&vlapic->esr_lock, flags);
> + esr = vlapic_get_reg(vlapic, APIC_ESR);
> + if ( (esr & errmask) != errmask )
> + {
> + uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
> +
> + vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
> + if ( !(lvterr & APIC_LVT_MASKED) )
> + vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
> + }
> + spin_unlock_irqrestore(&vlapic->esr_lock, flags);
> +}
> +
> void vlapic_set_irq(struct vlapic *vlapic, uint8_t vec, uint8_t trig)
> {
> struct vcpu *target = vlapic_vcpu(vlapic);
>
> + if ( unlikely(vec < 16) )
> + {
> + vlapic_error(vlapic, APIC_ESR_RECVILL);
> + return;
> + }
> +
> if ( trig )
> vlapic_set_vector(vec, &vlapic->regs->data[APIC_TMR]);
>
> @@ -459,7 +483,12 @@ void vlapic_ipi(
> struct vlapic *target = vlapic_lowest_prio(
> vlapic_domain(vlapic), vlapic, short_hand, dest, dest_mode);
> if ( target != NULL )
> - vlapic_accept_irq(vlapic_vcpu(target), icr_low);
> + {
> + if ( likely((icr_low & APIC_VECTOR_MASK) >= 16) )
> + vlapic_accept_irq(vlapic_vcpu(target), icr_low);
> + else
> + vlapic_error(vlapic, APIC_ESR_SENDILL);
> + }
> break;
> }
>
> @@ -467,6 +496,11 @@ void vlapic_ipi(
> struct vcpu *v;
> bool_t batch = is_multicast_dest(vlapic, short_hand, dest, dest_mode);
>
> + if ( unlikely((icr_low & APIC_VECTOR_MASK) < 16) )
> + {
> + vlapic_error(vlapic, APIC_ESR_SENDILL);
> + break;
> + }
> if ( batch )
> cpu_raise_softirq_batch_begin();
> for_each_vcpu ( vlapic_domain(vlapic), v )
> @@ -1349,6 +1383,8 @@ int vlapic_init(struct vcpu *v)
> if ( v->vcpu_id == 0 )
> vlapic->hw.apic_base_msr |= MSR_IA32_APICBASE_BSP;
>
> + spin_lock_init(&vlapic->esr_lock);
> +
> tasklet_init(&vlapic->init_sipi.tasklet,
> vlapic_init_sipi_action,
> (unsigned long)v);
> --- a/xen/include/asm-x86/hvm/vlapic.h
> +++ b/xen/include/asm-x86/hvm/vlapic.h
> @@ -73,6 +73,7 @@
> struct vlapic {
> struct hvm_hw_lapic hw;
> struct hvm_hw_lapic_regs *regs;
> + spinlock_t esr_lock;
> bool_t loaded;
> struct periodic_time pt;
> s_time_t timer_last_update;
>
>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 4614 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-09-15 14:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-15 11:53 [PATCH] x86/vlapic: don't silently accept bad vectors Jan Beulich
2014-09-15 14:40 ` Andrew Cooper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).