[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes

To: Paul Durrant <paul.durrant@xxxxxxxxxx>
From: Olaf Hering <olaf@xxxxxxxxx>
Date: Thu, 30 Aug 2018 10:10:34 +0200
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, george.dunlap@xxxxxxxxxx, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 30 Aug 2018 08:10:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Aug 29, Olaf Hering wrote:

> On Mon, Aug 13, Jan Beulich wrote:
> 
> > And hence the consideration of mapping in an all zeros page
> > instead. This is because of the way __hvmemul_read() /
> > __hvm_copy() work: The latter doesn't tell its caller how many
> > bytes it was able to read, and hence the former considers the
> > entire range MMIO (and forwards the request for emulation).
> > Of course all of this is an issue only because
> > hvmemul_virtual_to_linear() sees no need to split the request
> > at the page boundary, due to the balloon driver having left in
> > place the mapping of the ballooned out page.

So how is this bug supposed to be fixed?

What I see in my tracing is that __hvmemul_read gets called with
gla==ffff880223bffff9/bytes==8. Then hvm_copy_from_guest_linear fills
the buffer from gpa 223bffff9 with data, but finally it returns
HVMTRANS_bad_gfn_to_mfn, which it got from a failed get_page_from_gfn
for the second page.

Now things go downhill. hvmemul_linear_mmio_read is called, which calls
hvmemul_do_io/hvm_io_intercept. That returns X86EMUL_UNHANDLEABLE. As a
result hvm_process_io_intercept(null_handler) is called, which
overwrites the return buffer with 0xff.

Olaf

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Paul Durrant
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Paul Durrant
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Paul Durrant
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
  - From: Olaf Hering

Prev by Date: Re: [Xen-devel] [PATCH] xen/grant: Mute gcc warning in steal_linear_address()
Next by Date: Re: [Xen-devel] [PATCH 1/2] tools/libxl: correct vcpu affinity output with sparse physical cpu map
Previous by thread: Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
Next by thread: Re: [Xen-devel] [PATCH 0/2] MMIO emulation fixes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.