ia64/xen-unstable

changeset 15157:e7295db88664

[IA64] Prevent rfi emulation with double un-cover

Recently (CS 13436) rfi hyperprivop was simplified. But as a consequence
rfi emulation with double un-cover is not possible anymore.

Comment priv_rfi and forbid rfi emulation with double un-cover.

Signed-off-by: Tristan Gingold <tgingold@free.fr>
author Alex Williamson <alex.williamson@hp.com>
date Mon Jun 04 14:03:42 2007 -0600 (2007-06-04)
parents 249446c52deb
children dc227a849d02
files xen/arch/ia64/xen/hyperprivop.S xen/arch/ia64/xen/privop.c
line diff
     1.1 --- a/xen/arch/ia64/xen/hyperprivop.S	Mon Jun 04 14:00:35 2007 -0600
     1.2 +++ b/xen/arch/ia64/xen/hyperprivop.S	Mon Jun 04 14:03:42 2007 -0600
     1.3 @@ -1029,8 +1029,22 @@ ENTRY(slow_vcpu_rfi)
     1.4  	ld8 r22=[r22];;
     1.5  	tbit.z p6,p0=r22,63
     1.6  (p6)	br.spnt.few dispatch_break_fault ;;
     1.7 -	// if vips is valid, discard current register frame
     1.8 -	// don't need dorfirfi any more
     1.9 +	// If vifs.v is set, we have two IFS to consider:
    1.10 +	// * the guest IFS
    1.11 +	// * the hypervisor IFS (validated by cover)
    1.12 +	// Because IFS is copied to CFM and is used to adjust AR.BSP,
    1.13 +	// virtualization of rfi is not easy.
    1.14 +	// Previously there was a two steps method (a first rfi jumped to
    1.15 +	// a stub which performed a new rfi).
    1.16 +	// This new method discards the RS before executing the hypervisor
    1.17 +	// cover.  After cover, IFS.IFM will be zero.  This IFS would simply
    1.18 +	// clear CFM but not modifying AR.BSP.  Therefore the guest IFS can
    1.19 +	// be used instead and there is no need of a second rfi.
    1.20 +	// Discarding the RS with the following alloc instruction just clears
    1.21 +	// CFM, which is safe because rfi will overwrite it.
    1.22 +	// There is a drawback:	because the RS must be discarded before
    1.23 +	// executing C code, emulation of rfi must go through an hyperprivop
    1.24 +	// and not through normal instruction decoding.
    1.25  	alloc r22=ar.pfs,0,0,0,0
    1.26  	br.spnt.few dispatch_break_fault
    1.27  	;;
     2.1 --- a/xen/arch/ia64/xen/privop.c	Mon Jun 04 14:00:35 2007 -0600
     2.2 +++ b/xen/arch/ia64/xen/privop.c	Mon Jun 04 14:03:42 2007 -0600
     2.3 @@ -31,6 +31,15 @@ Privileged operation emulation routines
     2.4  
     2.5  static IA64FAULT priv_rfi(VCPU * vcpu, INST64 inst)
     2.6  {
     2.7 +	REGS *regs = vcpu_regs(vcpu);
     2.8 +	if (PSCB(vcpu, ifs) > 0x8000000000000000UL
     2.9 +	    && regs->cr_ifs > 0x8000000000000000UL) {
    2.10 +		panic_domain(regs,
    2.11 +			     "rfi emulation with double uncover is "
    2.12 +			     "impossible - use hyperprivop\n"
    2.13 +			     " ip=0x%lx vifs=0x%lx ifs=0x%lx\n",
    2.14 +			     regs->cr_iip, PSCB(vcpu, ifs), regs->cr_ifs);
    2.15 +	}
    2.16  	return vcpu_rfi(vcpu);
    2.17  }
    2.18