Re: [Xen-devel] [PATCH 3/3] x86/HVM: don't crash guest upon problems occurring in user mode

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 20.11.14 at 12:34, <tim@xxxxxxx> wrote:
> At 11:13 +0100 on 20 Nov (1416478386), Jan Beulich wrote:
>> This extends commit 5283b310 ("x86/HVM: only kill guest when unknown VM
>> exit occurred in guest kernel mode") to further cases, including the
>> failed VM entry one that XSA-110 was needed to be issued for.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> This seems like a good idea in general, but I'm not sure it's
> appropriate for _all_ of these.  Unhandled exit types and 
> overlong instruction decode seem obviously good. 
> 
> hvm_hap_nested_page_fault() returns 0: seems only to happen for pvh
> guests that write to read-only memory (?).  That seems like a
> different class of failure.  I don't think our response should be
> different based on the privilege level here, although domain_crash()
> does seem harsh.  (I presume this is to avoid emulating an instruction
> in PVH mode?)  If we're changing this, I think it should be to #GP
> rather than #UD.

I dropped those for now. We should re-evaluate this once we
have #VE support on VMX (i.e. we may want to inject that one
there instead).

> p2m_pt_handle_deferred_changes() returns < 0: AFAICS this is basically
> ENOMEM when trying to update p2m tables.  It's so unlikely to be
> caused by userspace activity that disguising it with #UD is probably
> just unhelpful.  It turns a clean failure into an undebuggable
> intermittent glitch.

Dropped too.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel