WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-3.4-testing] vmx: During task-switch, read instr-le

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.4-testing] vmx: During task-switch, read instr-len VMCS field only when valid.
From: "Xen patchbot-3.4-testing" <patchbot-3.4-testing@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 02 Dec 2009 06:10:17 -0800
Delivery-date: Wed, 02 Dec 2009 06:15:29 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1259762818 0
# Node ID 072eb8f654df4a14782e3ed12e9c4d1b8a8d6ca0
# Parent  7e64a8e666b8326ee82ea2c2b60fb90fddd91af8
vmx: During task-switch, read instr-len VMCS field only when valid.

Otherwise we can crash on the BUG_ON() in __get_instruction_length().

Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
xen-unstable changeset:   20561:28d967d08cd9
xen-unstable date:        Wed Dec 02 13:39:07 2009 +0000
---
 xen/arch/x86/hvm/vmx/vmx.c |   22 ++++++++++++----------
 1 files changed, 12 insertions(+), 10 deletions(-)

diff -r 7e64a8e666b8 -r 072eb8f654df xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c        Wed Dec 02 14:06:04 2009 +0000
+++ b/xen/arch/x86/hvm/vmx/vmx.c        Wed Dec 02 14:06:58 2009 +0000
@@ -2417,16 +2417,18 @@ asmlinkage void vmx_vmexit_handler(struc
         int32_t ecode = -1, source;
         exit_qualification = __vmread(EXIT_QUALIFICATION);
         source = (exit_qualification >> 30) & 3;
-        inst_len = __get_instruction_length(); /* Safe: See SDM 3B 23.2.4 */
-        if ( (source == 3) && (idtv_info & INTR_INFO_VALID_MASK) )
-        {
-            /* ExtInt, NMI, HWException: no instruction to skip over. */
-            if ( !(idtv_info & (1u<<10)) ) /* 0 <= IntrType <= 3? */
-                inst_len = 0;
-            /* If there's an error code then we pass it along. */
-            if ( idtv_info & INTR_INFO_DELIVER_CODE_MASK )
-                ecode = __vmread(IDT_VECTORING_ERROR_CODE);
-        }
+        /* Vectored event should fill in interrupt information. */
+        WARN_ON((source == 3) && !(idtv_info & INTR_INFO_VALID_MASK));
+        /*
+         * In the following cases there is an instruction to skip over:
+         *  - TSW is due to a CALL, IRET or JMP instruction.
+         *  - TSW is a vectored event due to a SW exception or SW interrupt.
+         */
+        inst_len = ((source != 3) ||        /* CALL, IRET, or JMP? */
+                    (idtv_info & (1u<<10))) /* IntrType > 3? */
+            ? __get_instruction_length() /* Safe: SDM 3B 23.2.4 */ : 0;
+        if ( (source == 3) && (idtv_info & INTR_INFO_DELIVER_CODE_MASK) )
+            ecode = __vmread(IDT_VECTORING_ERROR_CODE);
         regs->eip += inst_len;
         hvm_task_switch((uint16_t)exit_qualification, reasons[source], ecode);
         break;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.4-testing] vmx: During task-switch, read instr-len VMCS field only when valid., Xen patchbot-3.4-testing <=