| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dpci_ioport_{read,write}() guest memory access failure handling should
be modelled after process_portio_intercept()'s (and others): Upon
encountering an error on other than the first iteration, the count
successfully handled needs to be stored and X86EMUL_OKAY returned, in
order for the generic instruction emulator to update register state
correctly before reporting failure or retrying (both of which would
only happen after re-invoking emulation).
Further we leverage (and slightly extend, due to the above mentioned
need to return X86EMUL_OKAY) the "large MMIO" retry model.
Note that there is still a special case not explicitly taken care of
here: While the first retry on the last iteration of a "rep ins"
correctly recovers the already read data, an eventual subsequent retry
is being handled by the pre-existing mmio-large logic (through
hvmemul_do_io() storing the [recovered] data [again], also taking into
consideration that the emulator converts a single iteration "ins" to
->read_io() plus ->write()).
Also fix an off-by-one in the mmio-large-read logic, and slightly
simplify the copying of the data.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Multiplying a signed 32-bit quantity with an unsigned 32-bit quantity
produces an unsigned 32-bit result, yet for emulation of backward
string instructions we need the result sign extended before getting
added to the base address.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ignoring them generally implies using uninitialized data and, in all
but two of the cases dealt with here, potentially leaking hypervisor
stack contents to guests.
This is CVE-2013-4355 / XSA-63.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
| |
|
|
|
|
|
| |
The emacs variable to set the C style from a local variable block is
c-file-style, not c-set-style.
Signed-off-by: David Vrabel <david.vrabel@citrix.com
|
| |
|
|
|
|
|
|
|
| |
Performance is not an issue with printk(), so let the function do
minimally more work and instead save a byte per affected format
specifier.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fact that handle_mmio(), and thus the instruction emulator, is
being run through twice for emulations that require involvement of the
device model, allows for the second run to see a different guest state
than the first one. Since only the MMIO-specific emulation routines
update the vCPU's io_state, if they get invoked on the second pass,
internal state (and particularly this variable) can be left in a state
making successful emulation of a subsequent MMIO operation impossible.
Consequently, whenever the emulator invocation returns without
requesting a retry of the guest instruction, reset io_state.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
Define new struct hvm_trap to represent information of trap, and
renames hvm_inject_exception to hvm_inject_trap, then define a couple
of wrappers around that function for existing callers.
Signed-off-by: Keir Fraser <keir@xen.org>
Signed-off-by: Xudong Hao <xudong.hao@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce an event channel for buffered io event notifications,
advertise the port number using an hvm param. This way the device
model is not forced to check the buffered io page for data several
times a second for the entire life of the VM (buffered io is mostly
used for stdvga emulation in Xen that is switched off after the guest
goes into graphical mode).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
| |
Move HVM io fields into a structure.
On MMIO instruction failure print out some more bytes.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Committed-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under certain conditions, if an IO gets into an unexpected state,
hvmemul_do_io can return X86EMUL_UNHANDLEABLE. Unfortunately,
handle_pio() does not expect this state, and calls BUG() if it sees
it, crashing the host.
Other HVM io-related code crashes the guest in this case. This patch
makes handle_pio() do the same.
The crash was seen when executing crash_guest in dom0 to forcibly
crash the guest.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
currently we go through the emulator every time a HVM guest does an
I/O port access (in/out). This is unnecessary most of the times, as
both VMX and SVM provide all the necessary information already in the
VMCS/VMCB. String instructions are not covered by this shortcut, but
they are quite rare and we would need to access the guest memory
anyway. This patch decodes the information from VMCB/VMCS and calls a
simple handle_mmio wrapper. In handle_mmio() itself the emulation part
will simply be skipped, this approach avoids code duplication. Since
the vendor specific part is quite trivial, I implemented both the VMX
and SVM part, please check the VMX part for sanity.
I boot-tested both versions and ran some simple benchmarks. A micro
benchmark (hammering an I/O port in a tight loop) shows a significant
performance improvement (down to 66% of the time needed to handle the
intercept on an AMD K8, measured in the guest with TSC). Even with
reading a 1GB file from an emulated IDE harddisk (Dom0 cached) I could
get a 4-5% improvement. Some guest code (e.g. the TCP stack in some
Windows version) exercises the PM-Timer I/O port (0x1F48) very often
(multiple 10,000 times per second), these workloads also benefit with
up to 5% improvement from this patch.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
|
| |
|
|
|
|
|
|
|
| |
If pages cannot be unshared immediately (due to lack of free memory required to
create private copies) the VCPU under emulation is paused, and the emulator
returns X86EMUL_RETRY, which will get resolved after some memory is freed back
to Xen (possibly through host paging).
Signed-off-by: Grzegorz Milos <Grzegorz.Milos@citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
A new HVMCOPY return value, HVMCOPY_gfn_paged_out is defined to indicate that
a gfn was paged out. This value and PFEC_page_paged, as appropriate, are
caught and passed up as X86EMUL_RETRY to the emulator. This will cause the
emulator to keep retrying the operation until is succeeds (once the page has
been paged in).
Signed-off-by: Patrick Colp <Patrick.Colp@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reduce size of Xen-qemu shared ioreq structure to 32 bytes. This
has two advantages:
1. We can support up to 128 VCPUs with a single shared page
2. If/when we want to go beyond 128 VCPUs, a whole number of ioreq_t
structures will pack into a single shared page, so a multi-page
array will have no ioreq_t straddling a page boundary
Also, while modifying qemu, replace a 32-entry vcpu-indexed array
with a dynamically-allocated array.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
| |
read/write cycle to qemu is dropped due to guest suspend.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
| |
|
|
|
| |
Signed-off-by: Li Zhang <li.zhang@intel.com>
Signed-off-by: Yu Zhao <yu.zhao@intel.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
| |
We continue to use it in asm where it is a greater convenience and
where also it is much more clearly correct.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
| |
the relevant instruction has been fully emulated (which may require
multiple round trips to qemu-dm).
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
| |
MMIO page. Speeds up Windows installation by about 20 percent.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
| |
specific stuff into core x86_emulate().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
| |
Re-factor VMX real-mode emulation to use the same harness.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
addresses, page faults should only be raised when the gva->gfn
translation fails. These should be distinguished from gfn->mfn
translation failures.
The main effect of this is to change the behaviour of functions
derived from __hvm_copy(), which now returns a three-way enumeration,
and also can automatically inject #PF when the gva->gfn translation
fails.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
| |
Inject single step trap after emulating instructions if guest's
EFLAGS.TF is set.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Keir Fraser <keir.fraser@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch does two things:
* Allows hvm traces to take advantage of the variable-size traces
* Adds some hvm functionality
This includes tracing actions like clts and lmsw, values of {p,mm}io reads
and writes, and making different trace records for hvm domains running in
64-bit mode if the trace record includes a virtual address.
|
| |
|
|
|
|
|
| |
guest_cpu_user_regs(). Reduces complexity at little or no performance
cost (except on really old Intel P4 hardware where VMREAD/VMWRITE are
silly expensive).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Guy Zana <guy@neocleus.com>
|
| |
|
|
|
|
|
| |
This is a base for memory tricks like page sharing, copy-on-write, lazy
allocation etc. It should also make pass-through MMIO easier to
implement in the p2m.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
| |
Signed-off-by: Wei Huang <wei.huang2@amd.com>
|
| |
|
|
|
|
| |
Don't clear upper 32 bits on 8- and 16-bit PIO reads.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
|
|
| |
checks are done under an appropriate lock, allowing the lock-free
protocols surrounding this boolean to be removed.
Also simplification and fixes to code for setting/zapping the ioreq
and buf_ioreq shared pages.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
after balloon operations in an HVM guest.
This removes the I/O port hack from the guest OS, and from ioemu.
Also we flush on reservation *increases* as well as decreases. This is
necessary until qemu-dm can demand-fault page mappings into existing
valid buckets.
Signed-off-by: Steven Hand <steven@xensource.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
| |
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
| |
|
|
|
|
| |
parameter. Remove it to make it obvious that it can only be called for
the currently-executing vcpu.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
| |
asynchronous operations (in particular, hvm ioreq requests).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Xin Li <xin.b.li@intel.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In functions set_eflags_* (xen/arch/x86/hvm/io.c), if the first
argument "size" equals sizeof(long), the following code will produce
unintended and invalid result:
unsigned long mask = (1 << (8 * size)) - 1;
In ANSI C, if the shift amount is greater or equal to the width of the
data type, the result is undefined. Specifically on x86, a bit mask is
applied to the shift amount, so that more significant bits are
ignored. So the above expression results 0x0 instead of the intended
~0UL.
This patch fixes this issue. Because size=0 is not a valid parameter,
rewriting the code using right shift avoids an additional condition
check.
Signed-off-by: Qing He <qing.he@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* new tracing class TRC_HVM replacing TRC_VMX
* 20 new trace events to differentiate the information carried by them
** added corresponding trace points in SVM and VMX code
** updated formats file: descriptive formatting of trace event data
** completely replacing previous simple tracing in VMX
* possibility to toggle single events on and off at compile time in
include/asm-x86/hvm/trace.h
Signed-off-by: Thomas Friebel <thomas.friebel@amd.com>
|
| |
|
|
|
| |
and catch a few missing mark_dirty() calls
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
| |
which was falling though into AND...
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
|
|
|
| |
It didn't have any sensible error checking. Make all callers
use gva_to_gfn translation and check the result. MMIO and PIO
callers inject pagefaults to the guest iof the non-IO address is
not mapped.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
