From: Keir Fraser Date: Thu, 6 Dec 2007 17:02:47 +0000 (+0000) Subject: hvm: Inject #UD for un-emulated instructions rather than crash guest X-Git-Tag: 3.1.3-rc1~84 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=00e17155cf4e1765de51d5d55d1de983766afc8e;p=people%2Fvhanquez%2Fxen.git hvm: Inject #UD for un-emulated instructions rather than crash guest The CrashMe stress test (a process repeatedly forks child processes, and the child processes initialize a buffer with random numbers, then treat the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest easily; this is because we haven't emulated all the instructions in handle_mmio() yet. The CrashMe process runs with root rights, and can access MMIO space in an unknown way ("strace -f" shows the random codes running at CPL=3D3 don't call mmap(), and don't open any special files in /dev/ "); the gpa may look like 0xa**** or 0xb****, or 0xfee0****. =20 Signed-off-by: Dexuan Cui Signed-off-by: Keir Fraser xen-unstable changeset: 16485:c76a9aa12d2e37ed5c6c2a3562c755ec3828af8a xen-unstable date: Wed Nov 28 13:04:47 2007 +0000 --- diff --git a/xen/arch/x86/hvm/platform.c b/xen/arch/x86/hvm/platform.c index 3d69e9cca..28ac3ff8f 100644 --- a/xen/arch/x86/hvm/platform.c +++ b/xen/arch/x86/hvm/platform.c @@ -1051,13 +1051,18 @@ void handle_mmio(unsigned long gpa) } if ( mmio_decode(address_bytes, inst, mmio_op, &ad_size, - &op_size, &seg_sel) == DECODE_failure ) { - printk("handle_mmio: failed to decode instruction\n"); - printk("mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len); + &op_size, &seg_sel) == DECODE_failure ) + { + gdprintk(XENLOG_WARNING, + "handle_mmio: failed to decode instruction\n"); + gdprintk(XENLOG_WARNING, + "mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len); for ( i = 0; i < inst_len; i++ ) printk(" %02x", inst[i] & 0xFF); printk("\n"); - domain_crash_synchronous(); + + hvm_inject_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE, 0); + return; } regs->eip += inst_len; /* advance %eip */