[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN v3] xen/arm64: io: Decode ldr/str post-indexing instructions


  • To: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx>
  • Date: Tue, 25 Jan 2022 10:56:53 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.199.80.198) smtp.rcpttodomain=suse.com smtp.mailfrom=xilinx.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=xilinx.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=icF+imYJpg5Gvlb+9QtQvCSbOGEJRz5Z67Vwa0rdAwg=; b=P0c1koHZfHGNH8tg7t/g7LKRRZS9B9eMy4KiTMET3PU0KC2j1m7Bf035JtqM68rh66N2L9yGRMKA+NAdw7SPCnY8j5r7kjuNETVtZvnpXGb6Cp9HfZiFkWKuAVHHIqPoRk8a/yqhPm08rpMpIhnRZTfKJiRm/3/0JWfZd7JFRZ/x/FimGsZ6v0rVEsua0BVfaqYyYU6M02jwuUyVUjKqQJdH0WB41qQdr5FLmW4QK9+VfmKZXDunmEvYmG0Hhe4BZ5Y8dit0BhmS4dC5c0NgWzJbR5d6EweMDo8Kv0Yti3iGuSpIzSYJRT3PwkZWxzOyQnV06DD25ywz4GYdpIZzsg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RbTincjohojwxS6r+PX5GBvrNQKmnesizKbK9jY8q7jDWHUNl6MgANcoy0YK0odKGi6gWAP3PQVGaQ2ze2avjuFBEN66QCVPCsdBJ/hEmjKUF2zF44UvrWTYsEFfkRUsGT/mWvJ61hiyiYVJrOWLGnswHx3RpTUVIglN5QXVasbw1rX5WrUB9C61pqXGr0JOp3qmUTnv9bwFh5MGzRdCcullSPTgDIW4mp2S3LrZdxvxuNpXjGwEKoB9A4d5vTCzR2A7YnmS4eHnP0E3tJTIhu8RmbbNQUsTous5qhi0FWLmVDHfitWfBwP5j/KD8wvy0Y4vgilLndBhr4MPgKre6Q==
  • Cc: Andre Przywara <andre.przywara@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <stefanos@xxxxxxxxxx>, <julien@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, <wei.chen@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx>
  • Delivery-date: Tue, 25 Jan 2022 10:57:12 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Jan/All,

On 25/01/2022 08:55, Jan Beulich wrote:
On 24.01.2022 19:41, Stefano Stabellini wrote:
On Mon, 24 Jan 2022, Ayan Kumar Halder wrote:
As for the patch, I will mention this issue (as a comment in the code) where
we are loading the instruction from PC. Stefano/Julien/Bertrand/Volodymyr:-
Does it look fine with you ?
As this issue could happen on any architecture (the guest could change
the instruction from another vcpu while the other is trapping in Xen)
and given that we do quite a bit of emulation on x86 I asked Jan on IRC
how do we handle this kind of things on x86 today. He had a good answer:
"By not making any assumptions on what we're going to find."

In other words, don't assume you are going to find a store or a load
instruction at the memory location pointed by the PC. You could find
total garbage (because it was changed in between). Make sure to check
everything is as expected before taking any actions.

And I think you are already doing that in decode_loadstore_postindexing.

These are the fields:

+ * 31 30 29  27 26 25  23   21 20              11   9         4       0
+ * ___________________________________________________________________
+ * |size|1 1 1 |V |0 0 |opc |0 |      imm9     |0 1 |  Rn     |  Rt   |
+ * |____|______|__|____|____|__|_______________|____|_________|_______|
+ */
+union ldr_str_instr_class {
+    uint32_t value;
+    struct ldr_str {
+        unsigned int rt:5;     /* Rt register */
+        unsigned int rn:5;     /* Rn register */
+        unsigned int fixed1:2; /* value == 01b */
+        signed int imm9:9;            /* imm9 */
+        unsigned int fixed2:1; /* value == 0b */
+        unsigned int opc:2;    /* opc */
+        unsigned int fixed3:2; /* value == 00b */
+        unsigned int v:1;      /* vector */
+        unsigned int fixed4:3; /* value == 111b */
+        unsigned int size:2;   /* size */
+    } code;
+};


This patch already checks for:
- the fixed values
- v
- opc
- some special rt and rn values

Considering that:
- size is fine either way
- as rt and rn are 5 bits wide, all values are acceptable (x0->x31)

It doesn't look like we are missing anything, unless imm9 is restricted
to some ranges only.
Beyond decoding there's at least one further assumption one may
mistakenly make: The address may not be suitably aligned and it may
not reference MMIO (or, should that matter, not the specific region
of MMIO that other trap-provided info my hint at).

As I see, Xen will read/write to the MMIO address provided either by gva_to_ipa_pa() or HPFAR_EL2.

However, (you are correct), that the address pointed by Rn might not point to the same address (assuming that the instruction was changed after being loaded in I cache). In any case, Xen will simply increment (or decrement) Rn. The guest will find this new value of Rn (and that should be fine it was the guest who had changed the instruction).

In any case, I don't see Xen doing something erroneous.

I will send out a v4 patch addressing the issues pointed by Stefano and Andre (commit message).

- Ayan


Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.