[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Sat, 21 May 2016 15:51:04 +0100 (BST)
Cc: andre.przywara@xxxxxxx, Julien Grall <julien.grall@xxxxxxx>, steve.capper@xxxxxxx, wei.chen@xxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Sat, 21 May 2016 14:51:28 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Sat, 21 May 2016, Stefano Stabellini wrote:
> On Thu, 5 May 2016, Julien Grall wrote:
> > Based on ARM ARM (D4.5.3 in ARM DDI 0486A and B3.12.7 in ARM DDI 0406C.c),
> > a Stage 1 translation error has priority over a Stage 2 translation error.
> > 
> > Therefore gva_to_ipa can only fail if another vCPU is playing with the
> > page table.
> > 
> > Rather than injecting a custom fault, replay the instruction and let the
> > processor injecting the correct fault.
> > 
> > Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
> 
> Couldn't a guest purposely cause a DoS in the hypervisor this way?

Just double-checking. I am pretty sure it cannot, because the replayed
instruction won't cause another hypervisor trap the second time around.


> >  xen/arch/arm/traps.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> > 
> > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> > index c0325d5..3acdba0 100644
> > --- a/xen/arch/arm/traps.c
> > +++ b/xen/arch/arm/traps.c
> > @@ -2410,7 +2410,7 @@ static void do_trap_instr_abort_guest(struct 
> > cpu_user_regs *regs,
> >  
> >              rc = gva_to_ipa(gva, &gpa, GV2M_READ);
> >              if ( rc == -EFAULT )
> > -                goto bad_insn_abort;
> > +                return; /* Try again */
> >          }
> >  
> >          rc = p2m_mem_access_check(gpa, gva, npfec);
> > @@ -2422,7 +2422,6 @@ static void do_trap_instr_abort_guest(struct 
> > cpu_user_regs *regs,
> >      break;
> >      }
> >  
> > -bad_insn_abort:
> >      inject_iabt_exception(regs, gva, hsr.len);
> >  }
> >  
> > @@ -2452,7 +2451,7 @@ static void do_trap_data_abort_guest(struct 
> > cpu_user_regs *regs,
> >      {
> >          rc = gva_to_ipa(info.gva, &info.gpa, GV2M_READ);
> >          if ( rc == -EFAULT )
> > -            goto bad_data_abort;
> > +            return; /* Try again */
> >      }
> >  
> >      switch ( dabt.dfsc & 0x3f )
> > -- 
> > 1.9.1
> > 
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
  - From: Julien Grall

References:
- [Xen-devel] [RFC 00/16] xen/arm: Introduce alternative runtime patching for ARM64
  - From: Julien Grall
- [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
  - From: Julien Grall
- Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
Next by Date: Re: [Xen-devel] [Embedded-pv-devel] [PATCH RFC 00/18] System adjustment to customer needs.
Previous by thread: Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
Next by thread: Re: [Xen-devel] [RFC 15/16] xen/arm: traps: Don't inject a fault if the translation VA -> IPA fails
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.