[Xen-devel] [PATCH]Fix the bug of guest os installation failure

To:	"Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] [PATCH]Fix the bug of guest os installation failure and win2k boot failure
From:	"Xu, Dongxiao" <dongxiao.xu@xxxxxxxxx>
Date:	Mon, 17 Mar 2008 16:08:01 +0800
Delivery-date:	Mon, 17 Mar 2008 01:10:48 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AciIBgTbUv10I0dQRSWDUmWTZvY2cw==
Thread-topic:	[Xen-devel] [PATCH]Fix the bug of guest os installation failure and win2k boot failure

Hi, Keir,

      This patch is to fix the problem of Linux guest installation failure and 
Windows 2000 boot failure.

      In the early code, we use vmx_vmexit_handler() -> vmx_io_instruction() 
function to emulate I/O instructions. But now, we use vmx_vmexit_handler() -> 
handle_mmio -> hvm_emulate_one() -> x86_emulate() to emulate I/O instructions. 
Also nowadays, the realmode emulation code walks through the path: 
vmx_realmode() -> realmode_emulate_one() -> hvm_emulate_one() -> x86_emulate().

      The I/O handle code in x86_emulate() checks the cpl and iopl value, and 
if cpl > iopl, it will generate a GP fault. This causes Linux guest 
installation failure and Windows 2000 boot failure. I think this check code may 
be not reasonable for two aspects: 

      1. If x86_emulate() is called from vmexit or from realmode emulation, I 
think this line of code is not needed, because:

            a). In I/O emulation, the cpu has already checked the cpl, iopl, 
and also the I/O bitmap before vmx_vmexit_handler() is called,
            b). For realmode, we shouldn't check the cpl and iopl, because any 
I/O operation is permitted in realmode.

      2. If x86_emulate() is called from multi.c, which emulates up to four 
instructions when dealing with PAE guest page tables. In this condition, the 
check is needed, but it is not correct, it should follow the code as follows, 
which is stated in the Intel SDM:

　If (cpl <= iopl)
　    Do I/O operation;
　Else {
　    If (I/O permission bit for the port == 0)
　        Do I/O operation;
　    Else 
　        Generate GP fault;
　} 

      Now this patch remove the cpl and iopl check in I/O handler code in 
x86_emulate() function. And it checks the four instructions which would be 
emulated by multi.c, if any of them is IN/INS/OUT/OUTS, or REP IN/INS/OUT/OUTS, 
we will break that four-instruction emulation, and let the I/O instruction walk 
through the path of vmx_vmexit_handler() -> handle_mmio -> hvm_emulate_one() -> 
x86_emulate().

      Another way to solve this issue could be that, we put the entire io 
permission check in x86_emulate(), and use a flag to indicate whether we should 
do the check. If x86_emulate() is called by vmexit or realmode emulation, we 
skip this check; if it is called by multi.c, then we do the io permission 
check. But it may be a bit complex for hypervisor to read guest process’s TSS 
and find and check its io bitmap. 

BTW: Why the existence code doesn't check the LOCK prefix (which should cause 
#UD injected to guest)
      
      Welcome for your comment, thanks! 

Signed-off-by: Xu Dongxiao <dongxiao.xu@xxxxxxxxx>

Best Regards,
--Dongxiao

io_check.patch
Description: io_check.patch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] [PATCH]Fix the bug of guest os installation failure and win2