[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.9] x86/pv: Introduce and use x86emul_write_dr()
commit d674b6ea010abd809c1c5efcd828235a89416890 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Fri May 18 11:54:43 2018 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Fri May 18 11:54:43 2018 +0200 x86/pv: Introduce and use x86emul_write_dr() set_debugreg() has several bugs: * %dr4/5 should function correctly as aliases of %dr6/7 when CR4.DE is clear. * Attempting to set the upper 32 bits of %dr6/7 should fail with #GP[0] rather than be silently corrected and complete. * For emulation, the #UD and #GP[0] cases need properly distinguishing. Use -ENODEV for #UD cases, leaving -EINVAL (bad bits) and -EPERM (not allowed to use that valid bit) as before for hypercall callers. * A write which clears %dr7.L/G leaves the IO shadow intact, meaning that subsequent reads of %dr7 will see stale IO watchpoint configuration. Implement x86emul_write_dr() as a thin wrapper around set_debugreg(). Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: f539ae27061c6811fd5e80e0755bf0514e22b977 master date: 2018-04-17 15:12:36 +0100 --- xen/arch/x86/traps.c | 41 ++++++++++++++++++++++++++-------- xen/arch/x86/x86_emulate.c | 24 ++++++++++++++++++++ xen/arch/x86/x86_emulate/x86_emulate.h | 2 ++ 3 files changed, 58 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 1f3881e5b3..6b7d075d9f 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2494,13 +2494,6 @@ static int priv_op_write_cr(unsigned int reg, unsigned long val, return X86EMUL_UNHANDLEABLE; } -static int priv_op_write_dr(unsigned int reg, unsigned long val, - struct x86_emulate_ctxt *ctxt) -{ - return do_set_debugreg(reg, val) == 0 - ? X86EMUL_OKAY : X86EMUL_UNHANDLEABLE; -} - static inline uint64_t guest_misc_enable(uint64_t val) { val &= ~(MSR_IA32_MISC_ENABLE_PERF_AVAIL | @@ -3011,7 +3004,7 @@ static const struct x86_emulate_ops priv_op_ops = { .read_cr = priv_op_read_cr, .write_cr = priv_op_write_cr, .read_dr = x86emul_read_dr, - .write_dr = priv_op_write_dr, + .write_dr = x86emul_write_dr, .read_msr = priv_op_read_msr, .write_msr = priv_op_write_msr, .cpuid = pv_emul_cpuid, @@ -4187,6 +4180,12 @@ void activate_debugregs(const struct vcpu *curr) } } +/* + * Used by hypercalls and the emulator. + * -ENODEV => #UD + * -EINVAL => #GP Invalid bit + * -EPERM => #GP Valid bit, but not permitted to use + */ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) { int i; @@ -4218,7 +4217,17 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) if ( v == curr ) write_debugreg(3, value); break; + + case 4: + if ( v->arch.pv_vcpu.ctrlreg[4] & X86_CR4_DE ) + return -ENODEV; + + /* Fallthrough */ case 6: + /* The upper 32 bits are strictly reserved. */ + if ( value != (uint32_t)value ) + return -EINVAL; + /* * DR6: Bits 4-11,16-31 reserved (set to 1). * Bit 12 reserved (set to 0). @@ -4228,7 +4237,17 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) if ( v == curr ) write_debugreg(6, value); break; + + case 5: + if ( v->arch.pv_vcpu.ctrlreg[4] & X86_CR4_DE ) + return -ENODEV; + + /* Fallthrough */ case 7: + /* The upper 32 bits are strictly reserved. */ + if ( value != (uint32_t)value ) + return -EINVAL; + /* * DR7: Bit 10 reserved (set to 1). * Bits 11-12,14-15 reserved (set to 0). @@ -4241,6 +4260,10 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) */ if ( value & DR_GENERAL_DETECT ) return -EPERM; + + /* Zero the IO shadow before recalculating the real %dr7 */ + v->arch.debugreg[5] = 0; + /* DR7.{G,L}E = 0 => debugging disabled for this domain. */ if ( value & DR7_ACTIVE_MASK ) { @@ -4273,7 +4296,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value) write_debugreg(7, value); break; default: - return -EINVAL; + return -ENODEV; } v->arch.debugreg[reg] = value; diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index d3155a09d5..9125c67c9e 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -14,6 +14,7 @@ #include <asm/processor.h> /* current_cpu_info */ #include <asm/xstate.h> #include <asm/amd.h> /* cpu_has_amd_erratum() */ +#include <asm/debugreg.h> /* Avoid namespace pollution. */ #undef cmpxchg @@ -81,6 +82,29 @@ int x86emul_read_dr(unsigned int reg, unsigned long *val, return X86EMUL_OKAY; } +int x86emul_write_dr(unsigned int reg, unsigned long val, + struct x86_emulate_ctxt *ctxt) +{ + struct vcpu *curr = current; + + /* HVM support requires a bit more plumbing before it will work. */ + ASSERT(is_pv_vcpu(curr)); + + switch ( set_debugreg(curr, reg, val) ) + { + case 0: + return X86EMUL_OKAY; + + case -ENODEV: + x86_emul_hw_exception(TRAP_invalid_op, X86_EVENT_NO_EC, ctxt); + return X86EMUL_EXCEPTION; + + default: + x86_emul_hw_exception(TRAP_gp_fault, 0, ctxt); + return X86EMUL_EXCEPTION; + } +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 1c9331c897..d1f9b85f3b 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -654,6 +654,8 @@ void x86_emulate_free_state(struct x86_emulate_state *state); int x86emul_read_dr(unsigned int reg, unsigned long *val, struct x86_emulate_ctxt *ctxt); +int x86emul_write_dr(unsigned int reg, unsigned long val, + struct x86_emulate_ctxt *ctxt); #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.9 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |