xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 21 Nov 2019 17:22:52 +0000 (17:22 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 28 Nov 2019 17:14:38 +0000 (17:14 +0000)
commit	943c74bc0ee5044a826e428a3b2ffbdf9a43628d
tree	74bfce309d19b39f7308ad60c59742db3ca57e50	tree
parent	81ecb38b83b0e9e11d9baecaa36458edc44a3edb	commit \| diff

x86/vtx: Fix fault semantics for early task switch failures

The VT-x task switch handler adds inst_len to %rip before calling
hvm_task_switch(), which is problematic in two ways:

1) Early faults (i.e. ones delivered in the context of the old task) get
    delivered with trap semantics, and break restartibility.

2) The addition isn't truncated to 32 bits.  In the corner case of a task
    switch instruction crossing the 4G->0 boundary taking an early fault (with
    trap semantics), a VMEntry failure will occur due to %rip being out of
    range.

Instead, pass the instruction length into hvm_task_switch() and write it into
the outgoing TSS only, leaving %rip in its original location.

For now, pass 0 on the SVM side.  This highlights a separate preexisting bug
which will be addressed in the following patch.

While adjusting call sites, drop the unnecessary uint16_t cast.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Release-acked-by: Juergen Gross <jgross@suse.com>

xen/arch/x86/hvm/hvm.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/svm/svm.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/vmx/vmx.c		diff \| blob \| blame \| history
xen/include/asm-x86/hvm/hvm.h		diff \| blob \| blame \| history