|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [BUG] x86/hvm/vioapic: 8-Bit IOREGSEL write does not work
On 05/09/17 19:26, Christian Prochaska wrote: > I've seen this problem with Xen 4.6.5 from the Xubuntu 16.04 > distribution and from a quick look over the current vioapic code it > seems to be still present. > > From the IOAPIC datasheet [1]: "To reference an IOAPIC register, a byte > memory write that the PIIX3 decodes for the IOAPIC loads the IOREGSEL > Register with an 8-bit value that specifies the IOAPIC register (address > offset in Table 3.2) to be accessed." > > But the 'vioapic_write()' function does not consider the 'length' argument > and always copies 4 Bytes from the unsigned long 'val' argument into the > virtual 32-Bit IOREGSEL register. In the error case I've seen, 'length' > was 1 and 'val' was 0xffff8300bb0cf801 and the IOAPIC version register > with address offset 0x01 was not read correctly. That looks suspiciously like a Xen pointer, not a plausible val. Irrespective, it is an error for the guest to issue anything other than a 4 byte write into the IOREGSEL field, so we ought to be rejecting length-1 accesses. What instruction is the guest using to cause this behaviour to occur? ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |