[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation

To: jbeulich@xxxxxxxx, ian.jackson@xxxxxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, ian.campbell@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, kevin.tian@xxxxxxxxx, tim@xxxxxxx, yang.z.zhang@xxxxxxxxx
From: Tiejun Chen <tiejun.chen@xxxxxxxxx>
Date: Mon, 1 Dec 2014 17:24:30 +0800
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 01 Dec 2014 09:30:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

We always reserve these ranges since we never allow any stuff to
poke them.

But in theory some untrusted VM can maliciously access them. So we
need to intercept this approach. But we just don't want to leak
anything or introduce any side affect since other OSs may touch them
by careless behavior, so its enough to have a lightweight way, and
it shouldn't be same as those broken pages which cause domain crush.

So we just need to return with next eip then let VM/OS itself handle
such a scenario as its own logic.

Signed-off-by: Tiejun Chen <tiejun.chen@xxxxxxxxx>
---
 xen/arch/x86/hvm/vmx/vmx.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 2907afa..3ee884a 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2403,6 +2403,7 @@ static void ept_handle_violation(unsigned long 
qualification, paddr_t gpa)
     p2m_type_t p2mt;
     int ret;
     struct domain *d = current->domain;
+    struct p2m_get_reserved_device_memory pgrdm;
 
     /*
      * We treat all write violations also as read violations.
@@ -2438,6 +2439,23 @@ static void ept_handle_violation(unsigned long 
qualification, paddr_t gpa)
         __trace_var(TRC_HVM_NPF, 0, sizeof(_d), &_d);
     }
 
+    /* This means some untrusted VM can maliciously access reserved
+     * device memory. But we just don't want to leak anything or
+     * introduce any side affect since other OSs may touch them by
+     * careless behavior, so its enough to have a lightweight way.
+     * Here we just need to return with next eip then let VM/OS itself
+     * handle such a scenario as its own logic.
+     */
+    pgrdm.gfn = gfn;
+    pgrdm.domain = d;
+    ret = iommu_get_reserved_device_memory(p2m_check_reserved_device_memory,
+                                           &pgrdm);
+    if ( ret )
+    {
+        update_guest_eip();
+        return;
+    }
+
     if ( qualification & EPT_GLA_VALID )
     {
         __vmread(GUEST_LINEAR_ADDRESS, &gla);
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation
  - From: Jan Beulich
- Re: [Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation
  - From: Tian, Kevin

References:
- [Xen-devel] [v8][PATCH 00/17] xen: RMRR fix
  - From: Tiejun Chen

Prev by Date: [Xen-devel] [v8][PATCH 11/17] xen/x86/p2m: reject populating for reserved device memory mapping
Next by Date: [Xen-devel] [v8][PATCH 13/17] xen/mem_access: don't allow accessing reserved device memory
Previous by thread: Re: [Xen-devel] [v8][PATCH 11/17] xen/x86/p2m: reject populating for reserved device memory mapping
Next by thread: Re: [Xen-devel] [v8][PATCH 12/17] xen/x86/ept: handle reserved device memory in ept_handle_violation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.