[Xen-changelog] [xen-3.1-testing] hvm: Inject #UD for un-emulated instructions rather than crash guest

["Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1196960567 0
# Node ID 3c61b65b87c7e774401c1a0015d931b20fdedfef
# Parent  8cf7f24330ff3248557c3766166336987c530bb9
hvm: Inject #UD for un-emulated instructions rather than crash guest

The CrashMe stress test (a process repeatedly forks child processes,
and
the child processes initialize a buffer with random numbers, then
treat
the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest
easily; this is because we haven't emulated all the instructions in
handle_mmio() yet.

The CrashMe process runs with root rights, and can access MMIO space
in
an unknown way ("strace -f" shows the random codes running at CPL=3D3
don't call mmap(), and don't open any special files in /dev/ "); the
gpa
may look like 0xa**** or  0xb****, or 0xfee0****. =20

Signed-off-by: Dexuan Cui <dexuan.cui@xxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
xen-unstable changeset:   16485:c76a9aa12d2e37ed5c6c2a3562c755ec3828af8a
xen-unstable date:        Wed Nov 28 13:04:47 2007 +0000
---
 xen/arch/x86/hvm/platform.c |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diff -r 8cf7f24330ff -r 3c61b65b87c7 xen/arch/x86/hvm/platform.c
--- a/xen/arch/x86/hvm/platform.c       Thu Dec 06 17:02:12 2007 +0000
+++ b/xen/arch/x86/hvm/platform.c       Thu Dec 06 17:02:47 2007 +0000
@@ -1051,13 +1051,18 @@ void handle_mmio(unsigned long gpa)
     }
 
     if ( mmio_decode(address_bytes, inst, mmio_op, &ad_size,
-                     &op_size, &seg_sel) == DECODE_failure ) {
-        printk("handle_mmio: failed to decode instruction\n");
-        printk("mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len);
+                     &op_size, &seg_sel) == DECODE_failure )
+    {
+        gdprintk(XENLOG_WARNING,
+                 "handle_mmio: failed to decode instruction\n");
+        gdprintk(XENLOG_WARNING,
+                 "mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len);
         for ( i = 0; i < inst_len; i++ )
             printk(" %02x", inst[i] & 0xFF);
         printk("\n");
-        domain_crash_synchronous();
+
+        hvm_inject_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE, 0);
+        return;
     }
 
     regs->eip += inst_len; /* advance %eip */

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog