Xen project Mailing List

[Xen-changelog] [xen-3.4-testing] vmx: During task-switch, read instr-len VMCS field only when valid.

From: "Xen patchbot-3.4-testing" <patchbot-3.4-testing@xxxxxxxxxxxxxxxxxxx>

Date: Wed, 02 Dec 2009 06:10:17 -0800

Delivery-date: Wed, 02 Dec 2009 06:15:29 -0800

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Keir Fraser <keir.fraser@xxxxxxxxxx> # Date 1259762818 0 # Node ID 072eb8f654df4a14782e3ed12e9c4d1b8a8d6ca0 # Parent 7e64a8e666b8326ee82ea2c2b60fb90fddd91af8 vmx: During task-switch, read instr-len VMCS field only when valid. Otherwise we can crash on the BUG_ON() in __get_instruction_length(). Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx> xen-unstable changeset: 20561:28d967d08cd9 xen-unstable date: Wed Dec 02 13:39:07 2009 +0000 --- xen/arch/x86/hvm/vmx/vmx.c | 22 ++++++++++++---------- 1 files changed, 12 insertions(+), 10 deletions(-) diff -r 7e64a8e666b8 -r 072eb8f654df xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c Wed Dec 02 14:06:04 2009 +0000 +++ b/xen/arch/x86/hvm/vmx/vmx.c Wed Dec 02 14:06:58 2009 +0000 @@ -2417,16 +2417,18 @@ asmlinkage void vmx_vmexit_handler(struc int32_t ecode = -1, source; exit_qualification = __vmread(EXIT_QUALIFICATION); source = (exit_qualification >> 30) & 3; - inst_len = __get_instruction_length(); /* Safe: See SDM 3B 23.2.4 */ - if ( (source == 3) && (idtv_info & INTR_INFO_VALID_MASK) ) - { - /* ExtInt, NMI, HWException: no instruction to skip over. */ - if ( !(idtv_info & (1u<<10)) ) /* 0 <= IntrType <= 3? */ - inst_len = 0; - /* If there's an error code then we pass it along. */ - if ( idtv_info & INTR_INFO_DELIVER_CODE_MASK ) - ecode = __vmread(IDT_VECTORING_ERROR_CODE); - } + /* Vectored event should fill in interrupt information. */ + WARN_ON((source == 3) && !(idtv_info & INTR_INFO_VALID_MASK)); + /* + * In the following cases there is an instruction to skip over: + * - TSW is due to a CALL, IRET or JMP instruction. + * - TSW is a vectored event due to a SW exception or SW interrupt. + */ + inst_len = ((source != 3) || /* CALL, IRET, or JMP? */ + (idtv_info & (1u<<10))) /* IntrType > 3? */ + ? __get_instruction_length() /* Safe: SDM 3B 23.2.4 */ : 0; + if ( (source == 3) && (idtv_info & INTR_INFO_DELIVER_CODE_MASK) ) + ecode = __vmread(IDT_VECTORING_ERROR_CODE); regs->eip += inst_len; hvm_task_switch((uint16_t)exit_qualification, reasons[source], ecode); break; _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.