[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc

To: "Razvan Cojocaru" <rcojocaru@xxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 02 Jul 2014 17:13:43 +0100
Cc: tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 02 Jul 2014 16:13:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 02.07.14 at 18:06, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
> On 07/02/2014 06:51 PM, Jan Beulich wrote:
>>>>> On 02.07.14 at 15:33, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>> Added new XEN_DOMCTL_set_pagefault_info hypercall, used by libxc's
>>> new xc_domain_set_pagefault_info() function to set per-domain page
>>> fault injection information. This information is then used to call
>>> hvm_inject_page_fault() at the first VMENTRY where the guest status
>>> matches and there are no other pending traps.
>> 
>> So the first question that strikes me here: What good can it do to be
>> able to inject arbitrary page faults, possibly at times where the guest
>> OS is absolutely not expecting them?
> 
> The guest, as Andrew Cooper said, is waiting for a mem_event reply.
> 
>>> @@ -430,6 +431,9 @@ static void vmx_vmcs_save(struct vcpu *v, struct 
> hvm_hw_cpu *c)
>>>      __vmread(GUEST_SYSENTER_CS, &c->sysenter_cs);
>>>      __vmread(GUEST_SYSENTER_ESP, &c->sysenter_esp);
>>>      __vmread(GUEST_SYSENTER_EIP, &c->sysenter_eip);
>>> +    __vmread(GUEST_CS_AR_BYTES, &cs_arbytes);
>>> +
>>> +    c->cs_arbytes = (uint32_t)cs_arbytes;
>> 
>> This again looks like an unrelated change without any explanation.
> 
> It's used here, to check if we're in user mode before injecting the page
> fault:

Okay.

>  92 +static void check_pf_injection(void)
>  93 +{
>  94 +    struct vcpu *curr = current;
>  95 +    struct domain *d = curr->domain;
>  96 +    struct hvm_hw_cpu ctxt;
>  97 +    uint32_t cs_dpl;
>  98 +
>  99 +    if ( !is_hvm_domain(d) || d->fault_info.virtual_address == 0 )
> 100 +        return;
> 101 +
> 102 +    memset(&ctxt, 0, sizeof(struct hvm_hw_cpu));
> 103 +    hvm_funcs.save_cpu_ctxt(curr, &ctxt);
> 104 +
> 105 +    cs_dpl = (ctxt.cs_arbytes >> 5) & 3;
> 106 +
> 107 +    if ( cs_dpl == 3 /* Guest is in user mode */

Which is yet another example of trying to determine the CPL by
looking at CS.DPL - SS.DPL is the canonical value for that.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH RFC 1/9] xen: Emulate with no writes; compute current instruction length
  - From: Razvan Cojocaru
- [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
  - From: Razvan Cojocaru
- Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
  - From: Razvan Cojocaru

Prev by Date: Re: [Xen-devel] [PATCH RFC 5/9] xen: Support for VMCALL mem_events
Next by Date: [Xen-devel] [PATCH 2/2] make: Make "src-tarball" target actually make a source tarball
Previous by thread: Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
Next by thread: [Xen-devel] [PATCH RFC 4/9] xenctrl: Make the headers C++ friendly
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.