[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] another state machine issue?

To: Jan Beulich <JBeulich@xxxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 20 Apr 2018 13:43:23 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 20 Apr 2018 12:44:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Openpgp: preference=signencrypt

On 20/04/18 13:33, Jan Beulich wrote:
>>>> On 20.04.18 at 11:25, <JBeulich@xxxxxxxx> wrote:
>> @@ -7692,12 +7693,23 @@ x86_emulate(
>>                                 ea.mem.off + (idx << state->sib_scale),
>>                                 (void *)mmvalp + i * op_bytes, op_bytes, 
>> ctxt);
>>                  if ( rc != X86EMUL_OKAY )
>> +                {
>> +                    /*
>> +                     * If we've made any progress and the access did not 
>> fault,
>> +                     * force a retry instead. This is for example necessary 
>> to
>> +                     * cope with the limited capacity of HVM's MMIO cache.
>> +                     */
>> +                    if ( rc != X86EMUL_EXCEPTION && done )
>> +                        rc = X86EMUL_RETRY;
>>                      break;
>> +                }
>>  
>>  #ifdef __XEN__
>>                  if ( i + 1 < n && local_events_need_delivery() )
>>                      rc = X86EMUL_RETRY;
>>  #endif
> I've just noticed that these two as well as any other current or future
> X86EMUL_RETRY returns (at least ones directly from the emulator) are
> in conflict with _hvm_emulate_one() having
>
>     case X86EMUL_RETRY:
>         BUILD_BUG_ON(sizeof(vio->mmio_insn) < sizeof(hvmemul_ctxt->insn_buf));
>         vio->mmio_insn_bytes = hvmemul_ctxt->insn_buf_bytes;
>         memcpy(vio->mmio_insn, hvmemul_ctxt->insn_buf, vio->mmio_insn_bytes);
>         break;
>
> when processing the result of x86_emulate(). I think we need to distinguish
> here whether we are going to return to guest context (in which case we
> need to discard all cached data, as done a few lines above) or whether
> we're going to sleep. When exiting to guest, the guest may take an interrupt
> before resuming the instruction we've been emulating, and if the interrupt
> handler incurs emulation, we'd wrongly use the cached insn. If I'm not
> mistaken, simply keying this off of hvm_vcpu_io_need_completion()'s result
> should do.

Yes - we must not cache anything across a return-to-guest.  The guests
interrupt/exception handler is at liberty to rewrite the instruction stream.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH] x86emul: adjust handling of AVX2 gathers
  - From: Jan Beulich
- [Xen-devel] another state machine issue? (was: [PATCH] x86emul: adjust handling of AVX2 gathers)
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH] xen-netfront: Fix hang on device removal
Next by Date: Re: [Xen-devel] [PATCH 1/3] xen: add generic fault injection facility
Previous by thread: Re: [Xen-devel] another state machine issue? (was: [PATCH] x86emul: adjust handling of AVX2 gathers)
Next by thread: Re: [Xen-devel] [PATCH] x86emul: adjust handling of AVX2 gathers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.