On 2/1/19 4:49 PM, Andrew Cooper wrote:
c/s 9338a37d "x86/svm: implement debug events" added support for introspecting
ICEBP debug exceptions, but didn't account for the fact that
svm_get_insn_len() (previously __get_instruction_length) can fail and may
already raise #GP for the guest.
If svm_get_insn_len() fails, return back to guest context rather than
continuing and mistaking a trap-style VMExit for a fault-style one.
Spotted by Coverity.
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Jan Beulich <jbeul...@suse.com>
CC: Wei Liu <wei.l...@citrix.com>
CC: Roger Pau Monné <roger....@citrix.com>
CC: Boris Ostrovsky <boris.ostrov...@oracle.com>
CC: Suravee Suthikulpanit <suravee.suthikulpa...@amd.com>
CC: Brian Woods <brian.wo...@amd.com>
CC: Juergen Gross <jgr...@suse.com>
CC: Razvan Cojocaru <rcojoc...@bitdefender.com>
CC: Tamas K Lengyel <ta...@tklengyel.com>
This wants backporting to Xen 4.11
---
xen/arch/x86/hvm/svm/svm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 2584b90..e21091c 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2758,6 +2758,9 @@ void svm_vmexit_handler(struct cpu_user_regs *regs)
{
trap_type = X86_EVENTTYPE_PRI_SW_EXCEPTION;
inst_len = svm_get_insn_len(v, INSTR_ICEBP);
+
+ if ( !instr_len )
+ break;
}
rc = hvm_monitor_debug(regs->rip,
Reviewed-by: Razvan Cojocaru <rcojoc...@bitdefender.com>
Thanks,
Razvan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel