Xen project Mailing List

[Xen-changelog] [xen-3.0.3-testing] [HVM] Mov to/from CR8 must be gated on whether VLAPIC device is created.

From: "Xen patchbot-3.0.3-testing" <patchbot-3.0.3-testing@xxxxxxxxxxxxxxxxxxx>

Date: Mon, 02 Oct 2006 12:41:05 -0700

Delivery-date: Tue, 03 Oct 2006 01:20:51 -0700

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User kaf24@xxxxxxxxxxxxxxxxxxxx # Date 1159612209 -3600 # Node ID 82983c636549fdbae3868f44da8b4191b606bec9 # Parent 96a6649fa691b78fcc6af0bb6618940982d72537 [HVM] Mov to/from CR8 must be gated on whether VLAPIC device is created. If APIC=0 in VMX configuration file, VLAPIC(v) in mov_from_cr()/mov_to_cr() will be NULL, so calling vlapic_get_reg()/vlapic_set_reg()/vlapic_update_ppr() would crash Xen. Original patch from Dexuan Cui <dexuan.cui@xxxxxxxxx> Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx> --- xen/arch/x86/hvm/svm/svm.c | 27 ++++++++++++++++----------- xen/arch/x86/hvm/vmx/vmx.c | 29 ++++++++++++++++++----------- 2 files changed, 34 insertions(+), 22 deletions(-) diff -r 96a6649fa691 -r 82983c636549 xen/arch/x86/hvm/svm/svm.c --- a/xen/arch/x86/hvm/svm/svm.c Sat Sep 30 11:11:54 2006 +0100 +++ b/xen/arch/x86/hvm/svm/svm.c Sat Sep 30 11:30:09 2006 +0100 @@ -57,7 +57,7 @@ extern void do_nmi(struct cpu_user_regs extern void do_nmi(struct cpu_user_regs *, unsigned long); extern int inst_copy_from_guest(unsigned char *buf, unsigned long guest_eip, int inst_len); - extern uint32_t vlapic_update_ppr(struct vlapic *vlapic); +extern uint32_t vlapic_update_ppr(struct vlapic *vlapic); extern asmlinkage void do_IRQ(struct cpu_user_regs *); extern void send_pio_req(struct cpu_user_regs *regs, unsigned long port, unsigned long count, int size, long value, int dir, int pvalid); @@ -904,9 +904,9 @@ static void svm_relinquish_guest_resourc destroy_vmcb(&v->arch.hvm_svm); kill_timer(&v->arch.hvm_vcpu.hlt_timer); - if ( hvm_apic_support(v->domain) && (VLAPIC(v) != NULL) ) - { - kill_timer( &(VLAPIC(v)->vlapic_timer) ); + if ( VLAPIC(v) != NULL ) + { + kill_timer(&VLAPIC(v)->vlapic_timer); unmap_domain_page_global(VLAPIC(v)->regs); free_domheap_page(VLAPIC(v)->regs_page); xfree(VLAPIC(v)); @@ -930,12 +930,13 @@ static void svm_migrate_timers(struct vc struct periodic_time *pt = &(v->domain->arch.hvm_domain.pl_time.periodic_tm); - if ( pt->enabled ) { - migrate_timer( &pt->timer, v->processor ); - migrate_timer( &v->arch.hvm_vcpu.hlt_timer, v->processor ); - } - if ( hvm_apic_support(v->domain) && VLAPIC( v )) - migrate_timer( &(VLAPIC(v)->vlapic_timer ), v->processor ); + if ( pt->enabled ) + { + migrate_timer(&pt->timer, v->processor); + migrate_timer(&v->arch.hvm_vcpu.hlt_timer, v->processor); + } + if ( VLAPIC(v) != NULL ) + migrate_timer(&VLAPIC(v)->vlapic_timer, v->processor); } @@ -1634,9 +1635,11 @@ static void mov_from_cr(int cr, int gp, case 4: value = (unsigned long) v->arch.hvm_svm.cpu_shadow_cr4; if (svm_dbg_on) - printk( "CR4 read=%lx\n", value ); + printk("CR4 read=%lx\n", value); break; case 8: + if ( vlapic == NULL ) + break; value = (unsigned long)vlapic_get_reg(vlapic, APIC_TASKPRI); value = (value & 0xF0) >> 4; break; @@ -1814,6 +1817,8 @@ static int mov_to_cr(int gpreg, int cr, case 8: { + if ( vlapic == NULL ) + break; vlapic_set_reg(vlapic, APIC_TASKPRI, ((value & 0x0F) << 4)); vlapic_update_ppr(vlapic); break; diff -r 96a6649fa691 -r 82983c636549 xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c Sat Sep 30 11:11:54 2006 +0100 +++ b/xen/arch/x86/hvm/vmx/vmx.c Sat Sep 30 11:30:09 2006 +0100 @@ -135,7 +135,7 @@ static void vmx_relinquish_guest_resourc if ( !test_bit(_VCPUF_initialised, &v->vcpu_flags) ) continue; kill_timer(&v->arch.hvm_vcpu.hlt_timer); - if ( hvm_apic_support(v->domain) && (VLAPIC(v) != NULL) ) + if ( VLAPIC(v) != NULL ) { kill_timer(&VLAPIC(v)->vlapic_timer); unmap_domain_page_global(VLAPIC(v)->regs); @@ -495,12 +495,13 @@ void vmx_migrate_timers(struct vcpu *v) { struct periodic_time *pt = &(v->domain->arch.hvm_domain.pl_time.periodic_tm); - if ( pt->enabled ) { + if ( pt->enabled ) + { migrate_timer(&pt->timer, v->processor); migrate_timer(&v->arch.hvm_vcpu.hlt_timer, v->processor); } - if ( hvm_apic_support(v->domain) && VLAPIC(v)) - migrate_timer(&(VLAPIC(v)->vlapic_timer), v->processor); + if ( VLAPIC(v) != NULL ) + migrate_timer(&VLAPIC(v)->vlapic_timer, v->processor); } static void vmx_store_cpu_guest_regs( @@ -1767,6 +1768,8 @@ static int mov_to_cr(int gp, int cr, str } case 8: { + if ( vlapic == NULL ) + break; vlapic_set_reg(vlapic, APIC_TASKPRI, ((value & 0x0F) << 4)); vlapic_update_ppr(vlapic); break; @@ -1788,15 +1791,19 @@ static void mov_from_cr(int cr, int gp, struct vcpu *v = current; struct vlapic *vlapic = VLAPIC(v); - if ( cr != 3 && cr != 8) - __hvm_bug(regs); - - if ( cr == 3 ) - value = (unsigned long) v->arch.hvm_vmx.cpu_cr3; - else if ( cr == 8 ) - { + switch ( cr ) + { + case 3: + value = (unsigned long)v->arch.hvm_vmx.cpu_cr3; + break; + case 8: + if ( vlapic == NULL ) + break; value = (unsigned long)vlapic_get_reg(vlapic, APIC_TASKPRI); value = (value & 0xF0) >> 4; + break; + default: + __hvm_bug(regs); } switch ( gp ) { _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.