[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 3/3] x86/hvm: Implement hvmemul_write() using real mappings

To: "Alexandru Isaila" <aisaila@xxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 19 Sep 2017 08:38:32 -0600
Cc: tim@xxxxxxx, kevin.tian@xxxxxxxxx, sstabellini@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, jun.nakajima@xxxxxxxxx, george.dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, paul.durrant@xxxxxxxxxx, suravee.suthikulpanit@xxxxxxx, boris.ostrovsky@xxxxxxxxxx
Delivery-date: Tue, 19 Sep 2017 14:38:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 19.09.17 at 16:14, <aisaila@xxxxxxxxxxxxxxx> wrote:
> From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> 
> An access which crosses a page boundary is performed atomically by x86
> hardware, albeit with a severe performance penalty.  An important corner 
> case
> is when a straddled access hits two pages which differ in whether a
> translation exists, or in net access rights.
> 
> The use of hvm_copy*() in hvmemul_write() is problematic, because it 
> performs
> a translation then completes the partial write, before moving onto the next
> translation.
> 
> If an individual emulated write straddles two pages, the first of which is
> writable, and the second of which is not, the first half of the write will
> complete before #PF is raised from the second half.
> 
> This results in guest state corruption as a side effect of emulation, which
> has been observed to cause windows to crash while under introspection.
> 
> Introduce the hvmemul_{,un}map_linear_addr() helpers, which translate an
> entire contents of a linear access, and vmap() the underlying frames to
> provide a contiguous virtual mapping for the emulator to use.  This is the
> same mechanism as used by the shadow emulation code.
> 
> This will catch any translation issues and abort the emulation before any
> modifications occur.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
despite me being unhappy about ...

> +static void hvmemul_unmap_linear_addr(
> +    void *mapping, unsigned long linear, unsigned int bytes,

... "mapping" still being non-const here.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3 0/3] Various XSA followups
  - From: Alexandru Isaila
- [Xen-devel] [PATCH v3 3/3] x86/hvm: Implement hvmemul_write() using real mappings
  - From: Alexandru Isaila

Prev by Date: Re: [Xen-devel] [PATCH v3 0/3] docs: convert manpages to pod
Next by Date: Re: [Xen-devel] [PATCH v3 1/3] x86/hvm: Rename enum hvm_copy_result to hvm_translation_result
Previous by thread: [Xen-devel] [PATCH v3 3/3] x86/hvm: Implement hvmemul_write() using real mappings
Next by thread: Re: [Xen-devel] [PATCH v3 3/3] x86/hvm: Implement hvmemul_write() using real mappings
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.