From patchwork Wed Nov 30 13:50:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 9454425 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CE88460585 for ; Wed, 30 Nov 2016 14:18:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C927F28441 for ; Wed, 30 Nov 2016 14:18:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BE10228445; Wed, 30 Nov 2016 14:18:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5A0C228441 for ; Wed, 30 Nov 2016 14:18:44 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cC5gR-0003si-Cp; Wed, 30 Nov 2016 14:16:27 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cC5gP-0003rN-7d for xen-devel@lists.xen.org; Wed, 30 Nov 2016 14:16:25 +0000 Received: from [85.158.137.68] by server-12.bemta-3.messagelabs.com id 6D/9E-28947-83FDE385; Wed, 30 Nov 2016 14:16:24 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmkeJIrShJLcpLzFFi42JxWrrBXtf8vl2 EQfc+a4slHxezODB6HN39mymAMYo1My8pvyKBNWPG/q8sBT+VKtas2cDUwLhfqouRk0NCwF/i 0KG9TCA2m4C+xO4Xn8BsEQF1idMdF1lBbGaBTIkjtzeD2cICIRIT3/9jB7FZBFQlpu5pZQSxe QU8JY6u28gOMVNO4vzxn8wgNidQ/FRrO1AvB4eQgIfEi6ecIGEhATWJa/2X2CFaBSVOznzCAr FKQuLgixfMExh5ZyFJzUKSWsDItIpRvTi1qCy1SNdUL6koMz2jJDcxM0fX0MBYLze1uDgxPTU nMalYLzk/dxMjMHDqGRgYdzBe/up0iFGSg0lJlJev0y5CiC8pP6UyI7E4I76oNCe1+BCjDAeH kgRv+D2gnGBRanpqRVpmDjCEYdISHDxKIryL7gKleYsLEnOLM9MhUqcYFaXEeRlA+gRAEhmle XBtsLi5xCgrJczLyMDAIMRTkFqUm1mCKv+KUZyDUUmY9xjIeJ7MvBK46a+AFjMBLX772hpkcU kiQkqqgbHjwLZeruMrWVMernbYy3xKMCk5Mec/h2OA8MHkJZP80k5ZyUbem5257veJC5o7LWZ wplQcOFpx9difw9xVn1VY7268r3XZee+ufWWzp2e8O5Ei468ScO75R6nk7a/bvv4+kbbP9pvz JH3nANGgd1tui7KKsyZH6nKf3578R2wjZ9eGa3EcHRZKLMUZiYZazEXFiQCU/50UlgIAAA== X-Env-Sender: prvs=135e2d9de=Andrew.Cooper3@citrix.com X-Msg-Ref: server-4.tower-31.messagelabs.com!1480515378!15643500!3 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.0.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18704 invoked from network); 30 Nov 2016 14:16:23 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-4.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 30 Nov 2016 14:16:23 -0000 X-IronPort-AV: E=Sophos;i="5.31,574,1473120000"; d="scan'208";a="401005706" From: Andrew Cooper To: Xen-devel Date: Wed, 30 Nov 2016 13:50:35 +0000 Message-ID: <1480513841-7565-19-git-send-email-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1480513841-7565-1-git-send-email-andrew.cooper3@citrix.com> References: <1480513841-7565-1-git-send-email-andrew.cooper3@citrix.com> MIME-Version: 1.0 Cc: Andrew Cooper , Tim Deegan , Jan Beulich Subject: [Xen-devel] [PATCH v3 18/24] x86/shadow: Avoid raising faults behind the emulators back X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Use x86_emul_{hw_exception,pagefault}() rather than {pv,hvm}_inject_page_fault() and hvm_inject_hw_exception() to cause raised faults to be known to the emulator. This requires altering the callers of x86_emulate() to properly re-inject the event. While fixing this, fix the singlestep behaviour. Previously, an otherwise successful emulation would fail if singlestepping was active, as the emulator couldn't raise #DB. This is unreasonable from the point of view of the guest. We therefore tolerate #PF/#GP/SS and #DB being raised by the emulator, but reject anything else as unexpected. Signed-off-by: Andrew Cooper Acked-by: Tim Deegan --- CC: Jan Beulich CC: Tim Deegan v3: * Split out #DB handling to an earlier part of the series * Don't inject #GP faults for unexpected events, but do reenter the guest. v2: * New --- xen/arch/x86/mm/shadow/common.c | 13 ++++++------- xen/arch/x86/mm/shadow/multi.c | 39 ++++++++++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index f07803b..e509cc1 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -162,8 +162,9 @@ static int hvm_translate_linear_addr( if ( !okay ) { - hvm_inject_hw_exception( - (seg == x86_seg_ss) ? TRAP_stack_error : TRAP_gp_fault, 0); + x86_emul_hw_exception( + (seg == x86_seg_ss) ? TRAP_stack_error : TRAP_gp_fault, + 0, &sh_ctxt->ctxt); return X86EMUL_EXCEPTION; } @@ -323,7 +324,7 @@ pv_emulate_read(enum x86_segment seg, if ( (rc = copy_from_user(p_data, (void *)offset, bytes)) != 0 ) { - pv_inject_page_fault(0, offset + bytes - rc); /* Read fault. */ + x86_emul_pagefault(0, offset + bytes - rc, ctxt); /* Read fault. */ return X86EMUL_EXCEPTION; } @@ -1720,10 +1721,8 @@ static mfn_t emulate_gva_to_mfn(struct vcpu *v, unsigned long vaddr, gfn = paging_get_hostmode(v)->gva_to_gfn(v, NULL, vaddr, &pfec); if ( gfn == gfn_x(INVALID_GFN) ) { - if ( is_hvm_vcpu(v) ) - hvm_inject_page_fault(pfec, vaddr); - else - pv_inject_page_fault(pfec, vaddr); + x86_emul_pagefault(pfec, vaddr, &sh_ctxt->ctxt); + return _mfn(BAD_GVA_TO_GFN); } diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 56c40f8..098b653 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -3373,18 +3373,35 @@ static int sh_page_fault(struct vcpu *v, r = x86_emulate(&emul_ctxt.ctxt, emul_ops); - /* - * The previous lack of inject_{sw,hw}*() hooks caused exceptions raised - * by the emulator itself to become X86EMUL_UNHANDLEABLE. Such exceptions - * now set event_pending instead. Exceptions raised behind the back of - * the emulator don't yet set event_pending. - * - * For now, cause such cases to return to the X86EMUL_UNHANDLEABLE path, - * for no functional change from before. Future patches will fix this - * properly. - */ if ( r == X86EMUL_EXCEPTION && emul_ctxt.ctxt.event_pending ) - r = X86EMUL_UNHANDLEABLE; + { + /* + * This emulation covers writes to shadow pagetables. We tolerate #PF + * (from hitting adjacent pages) and #GP/#SS (from segmentation + * errors). Anything else is an emulation bug, or a guest playing + * with the instruction stream under Xen's feet. + */ + if ( emul_ctxt.ctxt.event.type == X86_EVENTTYPE_HW_EXCEPTION && + (emul_ctxt.ctxt.event.vector < 32) && + ((1u << emul_ctxt.ctxt.event.vector) & + ((1u << TRAP_stack_error) | (1u << TRAP_gp_fault) | + (1u << TRAP_page_fault))) ) + { + if ( is_hvm_vcpu(v) ) + hvm_inject_event(&emul_ctxt.ctxt.event); + else + pv_inject_event(&emul_ctxt.ctxt.event); + + goto emulate_done; + } + else + { + SHADOW_PRINTK( + "Unexpected event (type %u, vector %#x) from emulation\n", + emul_ctxt.ctxt.event.type, emul_ctxt.ctxt.event.vector); + r = X86EMUL_UNHANDLEABLE; + } + } /* * NB. We do not unshadow on X86EMUL_EXCEPTION. It's not clear that it