From nobody Sun Nov 24 20:20:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1727713152; cv=none; d=zohomail.com; s=zohoarc; b=BHcVhJdNyeGUWckaCCe0aFRO4yhMUwoqHLaMrLC966hXlAZvX60xcMpEYsjCw5zyQiZAVm23cE7vi8YLoW+e7TQrB1eHxADnB5CdtWuidF8qReEorxTSZnDFXSZ2o54l/9tCTJa/K1rpd7LCtB543Jifhmcaw/NZvorvRYr0d2w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1727713152; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6gNq1CiPxbw6BvasIllJEVVgG1TpzbWw2PuiFCsE680=; b=O76FAV8/Rlv2qhF4YZMkguJoJusZv3sKCMElDW5Eu8rZehfuQpbk/nAv3pjsgDiLJZi78Y73+bU0ZM5WRpEXVrh3qX5R9GSIItwHqizYhhbEOjyEuSyjzrIr1SXCbuXMKWxdMSFPR2mPCm6gxpxGQVwDGAkAdZzZBZ0yDoMM8ts= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1727713152642500.8561725776939; Mon, 30 Sep 2024 09:19:12 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.807551.1219089 (Exim 4.92) (envelope-from ) id 1svJ6i-0001DH-Nq; Mon, 30 Sep 2024 16:18:44 +0000 Received: by outflank-mailman (output) from mailman id 807551.1219089; Mon, 30 Sep 2024 16:18:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1svJ6i-0001CR-HE; Mon, 30 Sep 2024 16:18:44 +0000 Received: by outflank-mailman (input) for mailman id 807551; Mon, 30 Sep 2024 16:18:43 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1svJ6h-00019g-6Z for xen-devel@lists.xenproject.org; Mon, 30 Sep 2024 16:18:43 +0000 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [2a00:1450:4864:20::633]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a848fd9d-7f47-11ef-a0ba-8be0dac302b0; Mon, 30 Sep 2024 18:18:41 +0200 (CEST) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a8d43657255so712779966b.0 for ; Mon, 30 Sep 2024 09:18:41 -0700 (PDT) Received: from andrewcoop.eng.citrite.net ([185.25.67.249]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a93c2776d83sm550760366b.43.2024.09.30.09.18.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 09:18:39 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a848fd9d-7f47-11ef-a0ba-8be0dac302b0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1727713120; x=1728317920; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6gNq1CiPxbw6BvasIllJEVVgG1TpzbWw2PuiFCsE680=; b=MEIXRQD6kSFSjbRsWGCgJG0wfFdxWv6x1BdOjkM0wquKNt1AN6WSr7C58O1/JqrKXq X/TP7IDwPqNWvCuxJY7kiK3p5+QpCg7oU1LTpWfxixHqcORbxRFNVurafLKoXyyY/XHS K8pWofkce2D3zlo/ida4jhnJpbvdDw8tme/10= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727713120; x=1728317920; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6gNq1CiPxbw6BvasIllJEVVgG1TpzbWw2PuiFCsE680=; b=PEdiSfKl/axwm8uDHQucDpxyCrsVsXsUxFZf3ueHONr+a3aRM9GO8dbLBuoBYNWtfd rTEbElb0t7L6gYkupVztc0+TYjMJgRW0o+i0Z5YeTdH22Tot0B5cW6Rd1IxgdEy0/tLA gRonvyjFLxprW3YOk8LyjJ/Wwdxqip0G/Stjne8F6FlNbwzO4von+TG2UVeYp15AZQ0u OyzBc43dXpzF61Oi5x2k4cCaoxb4So+2VP+1ztxCa3rKBI2Kn48MU7Z3BzWM6RHPAVgk ozfsQ7f+9tFvsNEaQo/MCmqNKxUjn/3f0m99shevLmkSq+QKzIy9ofOgntzerbUIpJA1 Wa9g== X-Gm-Message-State: AOJu0YyDEPikHzA0iK6gJshgCXvxkGheef5yAhT5jnGb2jG5rBlcCVir f64tfCzQYvoLgEoRByTk59SJk2gy7dryRQBLWOdlO/lCDyUONYMxL9HrxXV3PDdQv4RfZypIfrl U4E4= X-Google-Smtp-Source: AGHT+IGFsONaHL8RhvJNZdPGs/IjRVi7nzxDHvjGgE3s3eyYW3TehH+dXB2OaMJmOfI3fxkF5N613Q== X-Received: by 2002:a17:906:730c:b0:a87:31c:c6c4 with SMTP id a640c23a62f3a-a93c490a094mr1658600466b.24.1727713120385; Mon, 30 Sep 2024 09:18:40 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 1/2] x86/pv: Rework guest_io_okay() to return X86EMUL_* Date: Mon, 30 Sep 2024 17:18:36 +0100 Message-Id: <20240930161837.1248144-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240930161837.1248144-1-andrew.cooper3@citrix.com> References: <20240930161837.1248144-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1727713153595116600 In order to fix a bug with guest_io_okay() (subsequent patch), rework guest_io_okay() to take in an emulation context, and return X86EMUL_* rather than a boolean. For the failing case, take the opporunity to inject #GP explicitly, rather than returning X86EMUL_UNHANDLEABLE. There is a logical difference between "we know what this is, and it's #GP", vs "we don't know what this is". There is no change in practice as emulation is the final step on general #GP resolution, but returning X86EMUL_UNHANDLEABLE would be a latent bug if a subsequent action were to appear. No practical change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/pv/emul-priv-op.c | 36 ++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index b90f745c75ea..978bd6c0775f 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -156,14 +156,16 @@ static bool iopl_ok(const struct vcpu *v, const struc= t cpu_user_regs *regs) } =20 /* Has the guest requested sufficient permission for this I/O access? */ -static bool guest_io_okay(unsigned int port, unsigned int bytes, - struct vcpu *v, struct cpu_user_regs *regs) +static int guest_io_okay(unsigned int port, unsigned int bytes, + struct x86_emulate_ctxt *ctxt) { + struct cpu_user_regs *regs =3D ctxt->regs; + struct vcpu *v =3D current; /* If in user mode, switch to kernel mode just to read I/O bitmap. */ const bool user_mode =3D !(v->arch.flags & TF_kernel_mode); =20 if ( iopl_ok(v, regs) ) - return true; + return X86EMUL_OKAY; =20 if ( (port + bytes) <=3D v->arch.pv.iobmp_limit ) { @@ -190,10 +192,12 @@ static bool guest_io_okay(unsigned int port, unsigned= int bytes, toggle_guest_pt(v); =20 if ( (x.mask & (((1 << bytes) - 1) << (port & 7))) =3D=3D 0 ) - return true; + return X86EMUL_OKAY; } =20 - return false; + x86_emul_hw_exception(X86_EXC_GP, 0, ctxt); + + return X86EMUL_EXCEPTION; } =20 /* Has the administrator granted sufficient permission for this I/O access= ? */ @@ -353,12 +357,14 @@ static int cf_check read_io( struct priv_op_ctxt *poc =3D container_of(ctxt, struct priv_op_ctxt, c= txt); struct vcpu *curr =3D current; struct domain *currd =3D current->domain; + int rc; =20 /* INS must not come here. */ ASSERT((ctxt->opcode & ~9) =3D=3D 0xe4); =20 - if ( !guest_io_okay(port, bytes, curr, ctxt->regs) ) - return X86EMUL_UNHANDLEABLE; + rc =3D guest_io_okay(port, bytes, ctxt); + if ( rc !=3D X86EMUL_OKAY ) + return rc; =20 poc->bpmatch =3D check_guest_io_breakpoint(curr, port, bytes); =20 @@ -458,12 +464,14 @@ static int cf_check write_io( struct priv_op_ctxt *poc =3D container_of(ctxt, struct priv_op_ctxt, c= txt); struct vcpu *curr =3D current; struct domain *currd =3D current->domain; + int rc; =20 /* OUTS must not come here. */ ASSERT((ctxt->opcode & ~9) =3D=3D 0xe6); =20 - if ( !guest_io_okay(port, bytes, curr, ctxt->regs) ) - return X86EMUL_UNHANDLEABLE; + rc =3D guest_io_okay(port, bytes, ctxt); + if ( rc !=3D X86EMUL_OKAY ) + return rc; =20 poc->bpmatch =3D check_guest_io_breakpoint(curr, port, bytes); =20 @@ -612,8 +620,9 @@ static int cf_check rep_ins( =20 *reps =3D 0; =20 - if ( !guest_io_okay(port, bytes_per_rep, curr, ctxt->regs) ) - return X86EMUL_UNHANDLEABLE; + rc =3D guest_io_okay(port, bytes_per_rep, ctxt); + if ( rc !=3D X86EMUL_OKAY ) + return rc; =20 rc =3D read_segment(x86_seg_es, &sreg, ctxt); if ( rc !=3D X86EMUL_OKAY ) @@ -678,8 +687,9 @@ static int cf_check rep_outs( =20 *reps =3D 0; =20 - if ( !guest_io_okay(port, bytes_per_rep, curr, ctxt->regs) ) - return X86EMUL_UNHANDLEABLE; + rc =3D guest_io_okay(port, bytes_per_rep, ctxt); + if ( rc !=3D X86EMUL_OKAY ) + return rc; =20 rc =3D read_segment(seg, &sreg, ctxt); if ( rc !=3D X86EMUL_OKAY ) --=20 2.39.5