[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc

  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
  • Date: Wed, 02 Jul 2014 19:06:05 +0300
  • Cc: tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx
  • Comment: DomainKeys? See http://domainkeys.sourceforge.net/
  • Delivery-date: Wed, 02 Jul 2014 16:05:28 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=tgpsGb72JFNuRSXMGSrXk8ci1UYBXfu51dlZNxP/h7K5rYAggrxDJZnOg6vNaYjYc0W5W4Ld9X9SxOOWmG8EP1UJlxNDLaJ1eEPtZX4MGfCyQfBQuLElnGGiBXFUb7Qj3b97laZjKs84VTd8t9oY4mSbnVfrrd8znfFfli7/84k5rHtyUngxvl85/3lY21Ui01QiCEjbY0aelhistsSX9Hmp0z0YBzZaEw6HxZkDX1jj4YBFTJ/rTqKZWW4n3xxiaqxkmSxNdjfI+yVD1JHJvEEatwxXSwFMnCpOjPE6M7uBgyGayeEZ8A7KU4uwzeaS/lYLI07BWJBb6EFiZReI9Q==; h=Received:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 07/02/2014 06:51 PM, Jan Beulich wrote:
>>>> On 02.07.14 at 15:33, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> Added new XEN_DOMCTL_set_pagefault_info hypercall, used by libxc's
>> new xc_domain_set_pagefault_info() function to set per-domain page
>> fault injection information. This information is then used to call
>> hvm_inject_page_fault() at the first VMENTRY where the guest status
>> matches and there are no other pending traps.
> 
> So the first question that strikes me here: What good can it do to be
> able to inject arbitrary page faults, possibly at times where the guest
> OS is absolutely not expecting them?

The guest, as Andrew Cooper said, is waiting for a mem_event reply.

>> @@ -430,6 +431,9 @@ static void vmx_vmcs_save(struct vcpu *v, struct 
>> hvm_hw_cpu *c)
>>      __vmread(GUEST_SYSENTER_CS, &c->sysenter_cs);
>>      __vmread(GUEST_SYSENTER_ESP, &c->sysenter_esp);
>>      __vmread(GUEST_SYSENTER_EIP, &c->sysenter_eip);
>> +    __vmread(GUEST_CS_AR_BYTES, &cs_arbytes);
>> +
>> +    c->cs_arbytes = (uint32_t)cs_arbytes;
> 
> This again looks like an unrelated change without any explanation.

It's used here, to check if we're in user mode before injecting the page
fault:

 92 +static void check_pf_injection(void)
 93 +{
 94 +    struct vcpu *curr = current;
 95 +    struct domain *d = curr->domain;
 96 +    struct hvm_hw_cpu ctxt;
 97 +    uint32_t cs_dpl;
 98 +
 99 +    if ( !is_hvm_domain(d) || d->fault_info.virtual_address == 0 )
100 +        return;
101 +
102 +    memset(&ctxt, 0, sizeof(struct hvm_hw_cpu));
103 +    hvm_funcs.save_cpu_ctxt(curr, &ctxt);
104 +
105 +    cs_dpl = (ctxt.cs_arbytes >> 5) & 3;
106 +
107 +    if ( cs_dpl == 3 /* Guest is in user mode */
108 +         && !ctxt.pending_event
109 +         && ctxt.cr3 == d->fault_info.address_space )
110 +    {
111 +        /* Cache */
112 +        uint64_t virtual_address = d->fault_info.virtual_address;
113 +        uint32_t write_access = d->fault_info.write_access;
114 +
115 +        /* Reset */
116 +        d->fault_info.address_space = 0;
117 +        d->fault_info.virtual_address = 0;
118 +        d->fault_info.write_access = 0;
119 +
120 +        hvm_inject_page_fault((write_access << 1) | PFEC_user_mode,
121 +            virtual_address);
122 +    }
123 +}


Thanks,
Razvan Cojocaru

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.