>>> + {
>>> + gprintk(XENLOG_ERR, "%s: Failed to handle trap write
>>> (%#x)\n",
>>> + __func__, offset);
>>> + domain_crash(curr->domain);
>>> + }
>>> + }
>>> + else
>>> + /* Handling AVIC Fault (intercept before the access). */
>>> + hvm_emulate_one_vm_event(EMUL_KIND_NORMAL, TRAP_invalid_op,
>>> + X86_EVENT_NO_EC);
>> What's the rationale behind having chosen this function? I don't
>> think it is
>> supposed to be called from outside the VM event code.
>
> We wanted to handle the AVIC fault by emulating the instruction
> causing it.
> Would this be better suited ?
Almost.
The purpose of the validate function is to fix an inherent race
condition which occurs with a vmexit.
After a vmexit, rereading the instruction for emulation is inherently
racy, and a malicious VM could rewrite the instruction stream while the
vmexit is occuring. As a result, we provide a validate function to
check that the instruction decoded matches one which plausibly broke for
emulation here.
Therefore, you want a validate function which checks that the
instruction has a memory operand, and that it falls within the 4k region
which maps the APIC registers.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
