WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-3.4-testing] vmx: Fix handling of FS/GS base MSRs.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.4-testing] vmx: Fix handling of FS/GS base MSRs.
From: "Xen patchbot-3.4-testing" <patchbot-3.4-testing@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jul 2009 04:46:06 -0700
Delivery-date: Mon, 20 Jul 2009 04:48:37 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1247737016 -3600
# Node ID 2ad2238c38ae9535802c0d270f3f5854886a5065
# Parent  22ef8e900a6d126f908fdd406754515558d1aa0a
vmx: Fix handling of FS/GS base MSRs.

Firstly, these MSRs are always accessible if the CPU supports them --
we should not check for EFER.LMA.

Secondly, we should not use teh cached value of shadow_gs while the
VCPU is running. It can be stale if the guest has executed SWAPGS
(which we cannot trap). Hence always access the underlying host MSR
when emulating guest accesses.

The latter bug was found and a patch proposed by <leonid@xxxxxxxxx>

Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
xen-unstable changeset:   19953:fe4c6845a9d7
xen-unstable date:        Thu Jul 16 10:26:55 2009 +0100
---
 xen/arch/x86/hvm/vmx/vmx.c |   24 +++++++-----------------
 1 files changed, 7 insertions(+), 17 deletions(-)

diff -r 22ef8e900a6d -r 2ad2238c38ae xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c        Wed Jul 15 13:26:50 2009 +0100
+++ b/xen/arch/x86/hvm/vmx/vmx.c        Thu Jul 16 10:36:56 2009 +0100
@@ -176,20 +176,14 @@ static enum handler_return long_mode_do_
 
     case MSR_FS_BASE:
         msr_content = __vmread(GUEST_FS_BASE);
-        goto check_long_mode;
+        break;
 
     case MSR_GS_BASE:
         msr_content = __vmread(GUEST_GS_BASE);
-        goto check_long_mode;
+        break;
 
     case MSR_SHADOW_GS_BASE:
-        msr_content = v->arch.hvm_vmx.shadow_gs;
-    check_long_mode:
-        if ( !(hvm_long_mode_enabled(v)) )
-        {
-            vmx_inject_hw_exception(TRAP_gp_fault, 0);
-            return HNDL_exception_raised;
-        }
+        rdmsrl(MSR_SHADOW_GS_BASE, msr_content);
         break;
 
     case MSR_STAR:
@@ -240,9 +234,6 @@ static enum handler_return long_mode_do_
     case MSR_FS_BASE:
     case MSR_GS_BASE:
     case MSR_SHADOW_GS_BASE:
-        if ( !hvm_long_mode_enabled(v) )
-            goto gp_fault;
-
         if ( !is_canonical_address(msr_content) )
             goto uncanonical_address;
 
@@ -251,10 +242,7 @@ static enum handler_return long_mode_do_
         else if ( ecx == MSR_GS_BASE )
             __vmwrite(GUEST_GS_BASE, msr_content);
         else
-        {
-            v->arch.hvm_vmx.shadow_gs = msr_content;
             wrmsrl(MSR_SHADOW_GS_BASE, msr_content);
-        }
 
         break;
 
@@ -283,7 +271,6 @@ static enum handler_return long_mode_do_
 
  uncanonical_address:
     HVM_DBG_LOG(DBG_LEVEL_0, "Not cano address of msr write %x", ecx);
- gp_fault:
     vmx_inject_hw_exception(TRAP_gp_fault, 0);
  exception_raised:
     return HNDL_exception_raised;
@@ -310,7 +297,10 @@ static void vmx_restore_host_msrs(void)
 
 static void vmx_save_guest_msrs(struct vcpu *v)
 {
-    /* MSR_SHADOW_GS_BASE may have been changed by swapgs instruction. */
+    /*
+     * We cannot cache SHADOW_GS_BASE while the VCPU runs, as it can
+     * be updated at any time via SWAPGS, which we cannot trap.
+     */
     rdmsrl(MSR_SHADOW_GS_BASE, v->arch.hvm_vmx.shadow_gs);
 }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.4-testing] vmx: Fix handling of FS/GS base MSRs., Xen patchbot-3.4-testing <=