From patchwork Wed Apr 13 12:26:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Razvan Cojocaru X-Patchwork-Id: 8822121 Return-Path: X-Original-To: patchwork-xen-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 7AA359F3D1 for ; Wed, 13 Apr 2016 12:28:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 496462034F for ; Wed, 13 Apr 2016 12:28:42 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E9C8F202FE for ; Wed, 13 Apr 2016 12:28:40 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aqJsJ-0005aZ-4q; Wed, 13 Apr 2016 12:26:27 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aqJsH-0005aS-Ra for xen-devel@lists.xen.org; Wed, 13 Apr 2016 12:26:25 +0000 Received: from [85.158.137.68] by server-9.bemta-3.messagelabs.com id C7/3F-03814-1FA3E075; Wed, 13 Apr 2016 12:26:25 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCIsWRWlGSWpSXmKPExsUSfTxjoe4HK75 wg5a1yhZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8aRJe+YC657VeyfOp+1gfGNVRcjJ4eQgIfE r/dXmbsYuYDstYwSf/8cZoFwTjJKfOuawAZTtWP5N0aIxH5GiZ9Le8ESbAKGEqs3toDZIgLSE tc+XwYrYhZ4xiixfN4JFpCEMFD3h9ULwWwWAVWJ/w/+MILYvEDxE68amEFsCQE5iZPHJrNC2D kSm/bOA6rhALKlJP63KoHMlBBYyiJx/W0zO0SNjMSjiTfZJjAKLGBkWMWoXpxaVJZapGuhl1S UmZ5RkpuYmaNraGCsl5taXJyYnpqTmFSsl5yfu4kRGFoMQLCD8UK78yFGSQ4mJVHeNjO+cCG+ pPyUyozE4oz4otKc1OJDjDIcHEoSvM8sgXKCRanpqRVpmTnAIIdJS3DwKInw/gVJ8xYXJOYWZ 6ZDpE4xKkqJ874FSQiAJDJK8+DaYJF1iVFWSpiXEegQIZ6C1KLczBJU+VeM4hyMSkAVwDgV4s nMK4Gb/gpoMRPQ4rJ3vCCLSxIRUlINjGLJqxP5dkiHKgZP27xAXSvZ5N3KP6unON6dllRqfn3 bqWcBKkzLbv2I9E6zP6yYfPvw/39x7EEsu/18Lr73/TFNXuTu2y+Ka1rPWmRdbF7r66149pxx Se6qsDdtF5lfTk/uT7LS6e2YMn91Zri9hX4Px34Lbm7/z2edNu281Cst7FS6bNeEO0osxRmJh lrMRcWJAHqLfA2nAgAA X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1460550384!34575090!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 8.28; banners=-,-,- X-VirusChecked: Checked Received: (qmail 39507 invoked from network); 13 Apr 2016 12:26:24 -0000 Received: from mx01.bbu.dsd.mx.bitdefender.com (HELO mx01.bbu.dsd.mx.bitdefender.com) (91.199.104.161) by server-2.tower-31.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 13 Apr 2016 12:26:24 -0000 Received: (qmail 21584 invoked from network); 13 Apr 2016 15:26:23 +0300 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 13 Apr 2016 15:26:23 +0300 Received: from smtp01.buh.bitdefender.com (unknown [10.17.80.75]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 417C87FBFF for ; Wed, 13 Apr 2016 15:26:23 +0300 (EEST) Received: (qmail 31546 invoked from network); 13 Apr 2016 15:26:23 +0300 Received: from xen.dsd.ro (HELO xen.dsd.bitdefender.biz) (rcojocaru@bitdefender.com@10.10.14.109) by smtp01.buh.bitdefender.com with AES128-SHA256 encrypted SMTP; 13 Apr 2016 15:26:23 +0300 From: Razvan Cojocaru To: xen-devel@lists.xen.org Date: Wed, 13 Apr 2016 15:26:14 +0300 Message-Id: <1460550374-4344-1-git-send-email-rcojocaru@bitdefender.com> X-Mailer: git-send-email 1.9.1 X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp01.buh.bitdefender.com, sigver: 7.65139 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.911, Dats: 419660, Stamp: 3], Multi: [Enabled, t: (0.000011, 0.007696)], BW: [Enabled, t: (0.000007,0.000002)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.006258), Flags: BDD9BED7; NN_NO_CONTENT_TYPE; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS; NN_LEGIT_MAILING_LIST_TO], SGN: [Enabled, t: (0.011430)], URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.019972), Hit: No, Details: v2.3.6; Id: 2m1ghak.1afqfusd1.3ona4], total: 0(775) X-BitDefender-CF-Stamp: none Cc: keir@xen.org, Razvan Cojocaru , george.dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, paul.durrant@citrix.com, jbeulich@suse.com, wei.liu2@citrix.com Subject: [Xen-devel] [for-4.7] x86/emulate: synchronize LOCKed instruction emulation X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP LOCK-prefixed instructions are currenly allowed to run in parallel in x86_emulate(), which can lead the guest into an undefined state. This patch fixes the issue. Signed-off-by: Razvan Cojocaru --- tools/tests/x86_emulator/test_x86_emulator.c | 12 ++++++++++++ xen/arch/x86/hvm/emulate.c | 26 ++++++++++++++++++++++++++ xen/arch/x86/mm.c | 3 +++ xen/arch/x86/mm/shadow/common.c | 4 ++++ xen/arch/x86/x86_emulate/x86_emulate.c | 23 ++++++++++++++++++++++- xen/arch/x86/x86_emulate/x86_emulate.h | 8 ++++++++ xen/common/domain.c | 2 ++ xen/include/asm-x86/domain.h | 4 ++++ xen/include/asm-x86/hvm/emulate.h | 3 +++ 9 files changed, 84 insertions(+), 1 deletion(-) diff --git a/tools/tests/x86_emulator/test_x86_emulator.c b/tools/tests/x86_emulator/test_x86_emulator.c index 86e298f..22e963b 100644 --- a/tools/tests/x86_emulator/test_x86_emulator.c +++ b/tools/tests/x86_emulator/test_x86_emulator.c @@ -9,6 +9,8 @@ #define __packed __attribute__((packed)) +typedef bool bool_t; + #include "x86_emulate/x86_emulate.h" #include "blowfish.h" @@ -160,6 +162,14 @@ int get_fpu( return X86EMUL_OKAY; } +static void smp_lock(bool_t locked) +{ +} + +static void smp_unlock(bool_t locked) +{ +} + static struct x86_emulate_ops emulops = { .read = read, .insn_fetch = fetch, @@ -167,6 +177,8 @@ static struct x86_emulate_ops emulops = { .cmpxchg = cmpxchg, .cpuid = cpuid, .get_fpu = get_fpu, + .smp_lock = smp_lock, + .smp_unlock = smp_unlock, }; int main(int argc, char **argv) diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index cc0b841..02096d5 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -25,6 +25,8 @@ #include #include +DEFINE_PERCPU_RWLOCK_GLOBAL(emulate_locked_rwlock); + static void hvmtrace_io_assist(const ioreq_t *p) { unsigned int size, event; @@ -1616,6 +1618,26 @@ static int hvmemul_vmfunc( return rc; } +void emulate_smp_lock(bool_t locked) +{ + struct domain *d = current->domain; + + if ( locked ) + percpu_write_lock(emulate_locked_rwlock, &d->arch.emulate_lock); + else + percpu_read_lock(emulate_locked_rwlock, &d->arch.emulate_lock); +} + +void emulate_smp_unlock(bool_t locked) +{ + struct domain *d = current->domain; + + if ( locked ) + percpu_write_unlock(emulate_locked_rwlock, &d->arch.emulate_lock); + else + percpu_read_unlock(emulate_locked_rwlock, &d->arch.emulate_lock); +} + static const struct x86_emulate_ops hvm_emulate_ops = { .read = hvmemul_read, .insn_fetch = hvmemul_insn_fetch, @@ -1641,6 +1663,8 @@ static const struct x86_emulate_ops hvm_emulate_ops = { .put_fpu = hvmemul_put_fpu, .invlpg = hvmemul_invlpg, .vmfunc = hvmemul_vmfunc, + .smp_lock = emulate_smp_lock, + .smp_unlock = emulate_smp_unlock, }; static const struct x86_emulate_ops hvm_emulate_ops_no_write = { @@ -1668,6 +1692,8 @@ static const struct x86_emulate_ops hvm_emulate_ops_no_write = { .put_fpu = hvmemul_put_fpu, .invlpg = hvmemul_invlpg, .vmfunc = hvmemul_vmfunc, + .smp_lock = emulate_smp_lock, + .smp_unlock = emulate_smp_unlock, }; static int _hvm_emulate_one(struct hvm_emulate_ctxt *hvmemul_ctxt, diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index bca7532..52a3c5d 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -112,6 +112,7 @@ #include #include #include +#include #include #include #include @@ -5319,6 +5320,8 @@ static const struct x86_emulate_ops ptwr_emulate_ops = { .insn_fetch = ptwr_emulated_read, .write = ptwr_emulated_write, .cmpxchg = ptwr_emulated_cmpxchg, + .smp_lock = emulate_smp_lock, + .smp_unlock = emulate_smp_unlock, }; /* Write page fault handler: check if guest is trying to modify a PTE. */ diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index ec87fb4..6d18430 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -283,6 +283,8 @@ static const struct x86_emulate_ops hvm_shadow_emulator_ops = { .insn_fetch = hvm_emulate_insn_fetch, .write = hvm_emulate_write, .cmpxchg = hvm_emulate_cmpxchg, + .smp_lock = emulate_smp_lock, + .smp_unlock = emulate_smp_unlock, }; static int @@ -351,6 +353,8 @@ static const struct x86_emulate_ops pv_shadow_emulator_ops = { .insn_fetch = pv_emulate_read, .write = pv_emulate_write, .cmpxchg = pv_emulate_cmpxchg, + .smp_lock = emulate_smp_lock, + .smp_unlock = emulate_smp_unlock, }; const struct x86_emulate_ops *shadow_init_emulation( diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 10a2959..aab934f 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -1520,6 +1520,8 @@ x86_emulate( struct operand ea = { .type = OP_MEM, .reg = REG_POISON }; ea.mem.seg = x86_seg_ds; /* gcc may reject anon union initializer */ + ASSERT(ops->smp_lock && ops->smp_unlock); + ctxt->retire.byte = 0; op_bytes = def_op_bytes = ad_bytes = def_ad_bytes = ctxt->addr_size/8; @@ -1589,6 +1591,8 @@ x86_emulate( } done_prefixes: + ops->smp_lock(lock_prefix); + if ( rex_prefix & REX_W ) op_bytes = 8; @@ -2052,7 +2056,10 @@ x86_emulate( generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); fail_if(ops->read_segment == NULL); if ( (rc = ops->read_segment(src.val, ®, ctxt)) != 0 ) + { + ops->smp_unlock(lock_prefix); return rc; + } /* 64-bit mode: PUSH defaults to a 64-bit operand. */ if ( mode_64bit() && (op_bytes == 4) ) op_bytes = 8; @@ -2074,7 +2081,10 @@ x86_emulate( &dst.val, op_bytes, ctxt, ops)) != 0 ) goto done; if ( (rc = load_seg(src.val, dst.val, 0, NULL, ctxt, ops)) != 0 ) + { + ops->smp_unlock(lock_prefix); return rc; + } break; case 0x0e: /* push %%cs */ @@ -2380,7 +2390,12 @@ x86_emulate( } /* Write back the memory destination with implicit LOCK prefix. */ dst.val = src.val; - lock_prefix = 1; + if ( !lock_prefix ) + { + ops->smp_unlock(lock_prefix); + lock_prefix = 1; + ops->smp_lock(lock_prefix); + } break; case 0xc6 ... 0xc7: /* mov (sole member of Grp11) */ @@ -3859,6 +3874,9 @@ x86_emulate( done: _put_fpu(); put_stub(stub); + + ops->smp_unlock(lock_prefix); + return rc; twobyte_insn: @@ -4767,5 +4785,8 @@ x86_emulate( cannot_emulate: _put_fpu(); put_stub(stub); + + ops->smp_unlock(lock_prefix); + return X86EMUL_UNHANDLEABLE; } diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 3a1bb46..e515840 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -400,6 +400,14 @@ struct x86_emulate_ops /* vmfunc: Emulate VMFUNC via given set of EAX ECX inputs */ int (*vmfunc)( struct x86_emulate_ctxt *ctxt); + + /* smp_lock: Take a write lock if locked, read lock otherwise. */ + void (*smp_lock)( + bool_t locked); + + /* smp_unlock: Write unlock if locked, read unlock otherwise. */ + void (*smp_unlock)( + bool_t locked); }; struct cpu_user_regs; diff --git a/xen/common/domain.c b/xen/common/domain.c index 45273d4..0f98256 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -272,6 +272,8 @@ struct domain *domain_create(domid_t domid, unsigned int domcr_flags, TRACE_1D(TRC_DOM0_DOM_ADD, d->domain_id); + percpu_rwlock_resource_init(&d->arch.emulate_lock, emulate_locked_rwlock); + lock_profile_register_struct(LOCKPROF_TYPE_PERDOM, d, domid, "Domain"); if ( (err = xsm_alloc_security_domain(d)) != 0 ) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index d393ed2..04312ae 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -271,6 +271,8 @@ struct monitor_write_data { uint64_t cr4; }; +DECLARE_PERCPU_RWLOCK_GLOBAL(emulate_locked_rwlock); + struct arch_domain { struct page_info *perdomain_l3_pg; @@ -409,6 +411,8 @@ struct arch_domain /* Emulated devices enabled bitmap. */ uint32_t emulation_flags; + + percpu_rwlock_t emulate_lock; } __cacheline_aligned; #define has_vlapic(d) (!!((d)->arch.emulation_flags & XEN_X86_EMU_LAPIC)) diff --git a/xen/include/asm-x86/hvm/emulate.h b/xen/include/asm-x86/hvm/emulate.h index 142d1b6..863f01d 100644 --- a/xen/include/asm-x86/hvm/emulate.h +++ b/xen/include/asm-x86/hvm/emulate.h @@ -67,6 +67,9 @@ int hvmemul_do_pio_buffer(uint16_t port, void hvm_dump_emulation_state(const char *prefix, struct hvm_emulate_ctxt *hvmemul_ctxt); +void emulate_smp_lock(bool_t locked); +void emulate_smp_unlock(bool_t locked); + #endif /* __ASM_X86_HVM_EMULATE_H__ */ /*