[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN v3] xen/arm64: io: Decode ldr/str post-indexing instructions

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 25 Jan 2022 09:55:19 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+67q8GZx1mxeatuTqvwtC3MLyEd68icKe5zBuWa0rKo=; b=PzmMtv+lsijYqYh7CTuDl+uqj/ScGoi5Okkw8FSuIpYatpGcrMVE9R+O3V+PoHbXs0OajsjN27xq7/lWViwE+rgdi1eyF5q+feo4EBktH7l+ka8yYDLMWa7Yk44CtRFd5FevRRTi3VenMOWCQOyvJBgH7mRc2XPIm7fy9PtEQaKBRPA4z2M9L64XQe83Auel0+W76NQG7OWXlUQdwVGGT3kignHx5+5yX6umdHb/NrCB2ujfE43ot8oEOb+EXV6DWM8hJctrvxZ7v0RMx0H9UgNSvek5Y+4TuxFXbrx7vZ/acrH/yWAKJ+5Y1FB1fCk7SVOyAFafSyVXsZ6bcO//7w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ITkM38T43qvx0T8NSk/c8clzsPX43UnNR2H8wehsWYW80IocJRLgD+4mNUbb0EIUIA+QPB6azAN5ci0XWfw05XM8hureyhThY+uSxPKjsa6g27RhhtgMkbAn9T75JHJGZsut0omy90mq2xctzmm9FBcw9Ond9jYH8odg7G4NiTilspKaRUlD/omcajsIy5LNF2beqUxjrfpKyr62yP7dbuicgDRwrjiAkQwNfXvpTPedXONoSBw9lF1Jn9CYm0qtmRq1rn3NBX3SPGwXT5ni1TZ4WrzfvBBUOn7oe0VXmzfngO1u0L1gquK1o045N5Yq08nXYNXSum43/mwAyrZH8Q==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andre Przywara <andre.przywara@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, stefanos@xxxxxxxxxx, julien@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, bertrand.marquis@xxxxxxx, wei.chen@xxxxxxx, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx>
  • Delivery-date: Tue, 25 Jan 2022 08:55:44 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24.01.2022 19:41, Stefano Stabellini wrote:
> On Mon, 24 Jan 2022, Ayan Kumar Halder wrote:
>> As for the patch, I will mention this issue (as a comment in the code) where
>> we are loading the instruction from PC. Stefano/Julien/Bertrand/Volodymyr:-
>> Does it look fine with you ?
> 
> As this issue could happen on any architecture (the guest could change
> the instruction from another vcpu while the other is trapping in Xen)
> and given that we do quite a bit of emulation on x86 I asked Jan on IRC
> how do we handle this kind of things on x86 today. He had a good answer:
> "By not making any assumptions on what we're going to find."
> 
> In other words, don't assume you are going to find a store or a load
> instruction at the memory location pointed by the PC. You could find
> total garbage (because it was changed in between). Make sure to check
> everything is as expected before taking any actions.
> 
> And I think you are already doing that in decode_loadstore_postindexing.
> 
> These are the fields:
> 
> + * 31 30 29  27 26 25  23   21 20              11   9         4       0
> + * ___________________________________________________________________
> + * |size|1 1 1 |V |0 0 |opc |0 |      imm9     |0 1 |  Rn     |  Rt   |
> + * |____|______|__|____|____|__|_______________|____|_________|_______|
> + */
> +union ldr_str_instr_class {
> +    uint32_t value;
> +    struct ldr_str {
> +        unsigned int rt:5;     /* Rt register */
> +        unsigned int rn:5;     /* Rn register */
> +        unsigned int fixed1:2; /* value == 01b */
> +        signed int imm9:9;            /* imm9 */
> +        unsigned int fixed2:1; /* value == 0b */
> +        unsigned int opc:2;    /* opc */
> +        unsigned int fixed3:2; /* value == 00b */
> +        unsigned int v:1;      /* vector */
> +        unsigned int fixed4:3; /* value == 111b */
> +        unsigned int size:2;   /* size */
> +    } code;
> +};
> 
> 
> This patch already checks for:
> - the fixed values
> - v
> - opc
> - some special rt and rn values
> 
> Considering that:
> - size is fine either way
> - as rt and rn are 5 bits wide, all values are acceptable (x0->x31)
> 
> It doesn't look like we are missing anything, unless imm9 is restricted
> to some ranges only.

Beyond decoding there's at least one further assumption one may
mistakenly make: The address may not be suitably aligned and it may
not reference MMIO (or, should that matter, not the specific region
of MMIO that other trap-provided info my hint at).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.