All of lore.kernel.org
 help / color / mirror / Atom feed
From: Don Slutz <dslutz@verizon.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Keir Fraser <keir@xen.org>,
	Ian Campbell <ian.campbell@citrix.com>,
	Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Eddie Dong <eddie.dong@intel.com>, Don Slutz <dslutz@verizon.com>,
	xen-devel@lists.xen.org, Jan Beulich <jbeulich@suse.com>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Subject: Re: [RFC PATCH 08/10] connect vmport up
Date: Wed, 18 Dec 2013 21:53:39 -0500	[thread overview]
Message-ID: <52B25FB3.6000104@terremark.com> (raw)
In-Reply-To: <52AA59F7.3080006@citrix.com>

On 12/12/13 19:51, Andrew Cooper wrote:
> On 12/12/2013 19:15, Don Slutz wrote:
>> From: Don Slutz <dslutz@verizon.com>
>>
>> Signed-off-by: Don Slutz <dslutz@verizon.com>
>> ---
>>   xen/arch/x86/hvm/io.c       |   4 ++
>>   xen/arch/x86/hvm/svm/svm.c  | 104 ++++++++++++++++++++++++++++++++++++
>>   xen/arch/x86/hvm/svm/vmcb.c |   1 +
>>   xen/arch/x86/hvm/vmx/vmcs.c |   1 +
>>   xen/arch/x86/hvm/vmx/vmx.c  | 125 ++++++++++++++++++++++++++++++++++++++++++++
>>   xen/arch/x86/hvm/vmx/vvmx.c |  13 +++++
>>   xen/include/public/trace.h  |   1 +
>>   7 files changed, 249 insertions(+)
>>
>> diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
>> index bf6309d..4bc4716 100644
>> --- a/xen/arch/x86/hvm/io.c
>> +++ b/xen/arch/x86/hvm/io.c
>> @@ -42,6 +42,7 @@
>>   #include <asm/hvm/vlapic.h>
>>   #include <asm/hvm/trace.h>
>>   #include <asm/hvm/emulate.h>
>> +#include <asm/hvm/vmport.h>
>>   #include <public/sched.h>
>>   #include <xen/iocap.h>
>>   #include <public/hvm/ioreq.h>
>> @@ -236,6 +237,9 @@ int handle_pio(uint16_t port, unsigned int size, int dir)
>>       if ( dir == IOREQ_WRITE )
>>           data = guest_cpu_user_regs()->eax;
>>   
>> +    if ( port == VMPORT_PORT )
>> +        return vmport_ioport(dir, size, data, guest_cpu_user_regs());
>> +
> Use register_portio_handler(), which is the already-existing
> infrastructure for intercepting ports.

Will try it out.

>
>>       rc = hvmemul_do_pio(port, &reps, size, 0, dir, 0, &data);
>>   
>>       switch ( rc )
>> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
>> index 406d394..80cf2bf 100644
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -56,6 +56,7 @@
>>   #include <asm/hvm/svm/nestedsvm.h>
>>   #include <asm/hvm/nestedhvm.h>
>>   #include <asm/x86_emulate.h>
>> +#include <asm/hvm/vmport.h>
>>   #include <public/sched.h>
>>   #include <asm/hvm/vpt.h>
>>   #include <asm/hvm/trace.h>
>> @@ -1904,6 +1905,105 @@ svm_vmexit_do_vmsave(struct vmcb_struct *vmcb,
>>       return;
>>   }
>>   
>> +static void svm_vmexit_gp_intercept(struct cpu_user_regs *regs, struct vcpu *v)
>> +{
>> +    struct hvm_domain *hd = &v->domain->arch.hvm_domain;
>> +    struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
>> +    unsigned long inst_len, bytes_len;
>> +    int frc;
>> +    unsigned char bytes[15];
>> +
>> +    regs->error_code = vmcb->exitinfo1;
>> +    if ( !cpu_has_svm_nrips || (vmcb->nextrip <= vmcb->rip) )
>> +        inst_len = 0;
>> +    else
>> +        inst_len = vmcb->nextrip - vmcb->rip;
>> +    bytes_len = 2 /* inst_len < 15 ? inst_len > 1 ? inst_len : 2 : 15 */;
>> +    frc = hvm_fetch_from_guest_virt_nofault(bytes, regs->eip,
>> +                                            bytes_len,
>> +                                            PFEC_page_present);
>> +
>> +    if ( hvm_long_mode_enabled(v) )
>> +        HVMTRACE_LONG_4D(TRAP, TRAP_gp_fault, inst_len,
>> +                         regs->error_code,
>> +                         TRC_PAR_LONG(vmcb->exitinfo2) );
>> +    else
>> +        HVMTRACE_4D(TRAP, TRAP_gp_fault, inst_len,
>> +                    regs->error_code, vmcb->exitinfo2 );
>> +
>> +    if (hd->params[HVM_PARAM_VMPORT_LOGMASK] & 0x400000 /* LOG_GP_FAIL_RD_INST */)
>> +        printk("[HVM:%d.%d] <%s> "
>> +               "gp: e2=%lx ec=%lx ip=%lx=>0x%x 0x%x(%ld,%ld,%d) nip(%d)=%lx(%d,%d(0x%x) 0x%x 0x%x)"
>> +               "\n",
>> +               current->domain->domain_id, current->vcpu_id, __func__,
>> +               (unsigned long)vmcb->exitinfo2,
>> +               (unsigned long)regs->error_code,
>> +               (unsigned long)regs->eip, (unsigned int)bytes[0],
>> +               (unsigned int)bytes[1], bytes_len, inst_len, frc,
>> +               cpu_has_svm_nrips, (unsigned long)vmcb->nextrip,
>> +               cpu_has_svm_decode, vmcb->guest_ins_len & 0xf, vmcb->guest_ins_len,
>> +               vmcb->guest_ins[0], vmcb->guest_ins[1]);
>> +
>> +    if ( !frc && bytes[0] == 0xed && (regs->edx & 0xffff) == VMPORT_PORT &&
>> +         vmcb->exitinfo2 == 0 && regs->error_code == 0 )
>> +    {
>> +        /*  in (%dx),%eax */
>> +        uint32_t magic = regs->eax;
>> +
>> +        if ( magic == VMPORT_MAGIC ) {
>> +            __update_guest_eip(regs, 1);
>> +            vmport_ioport(IOREQ_READ, 4, 0, regs);
> This appears to be intercepting an L2 guest doing vmport magic IO to the
> L1 hypervisor.
>
> Is this sane/sensible/wise?

If I am reading this right; my answer is yes.  This is how VMware 
defined it's backdoor port.  What might be worse is that many "commands" 
work in ring 3.

L1 hypervisor is Xen.
L2 guest is both dom0 and domU.

I.E. you are not talking about nested (xen on xen) case.

>> +            if (hd->params[HVM_PARAM_VMPORT_LOGMASK] & 0x800000 /* LOG_GP_VMWARE_AFTER */)
>> +                printk("[HVM:%d.%d] <%s> "
>> +                       "gp: VMware ip=%lx ax=%lx bx=%lx cx=%lx dx=%lx si=%lx di=%lx"
>> +                       "\n",
>> +                       current->domain->domain_id, current->vcpu_id, __func__,
>> +                       (unsigned long)regs->eip,
>> +                       (unsigned long)regs->eax, (unsigned long)regs->ebx,
>> +                       (unsigned long)regs->ecx, (unsigned long)regs->edx,
>> +                       (unsigned long)regs->esi, (unsigned long)regs->edi);
>> +            return;
>> +        } else {
>> +            if (hd->params[HVM_PARAM_VMPORT_LOGMASK] & 0x200000 /* LOG_GP_NOT_VMWARE */)
>> +                printk("[HVM:%d.%d] <%s> "
>> +                       "gp: ip=%lx ax=%lx bx=%lx cx=%lx dx=%lx si=%lx di=%lx"
>> +                       "\n",
>> +                       current->domain->domain_id, current->vcpu_id, __func__,
>> +                       (unsigned long)regs->eip,
>> +                       (unsigned long)regs->eax, (unsigned long)regs->ebx,
>> +                       (unsigned long)regs->ecx, (unsigned long)regs->edx,
>> +                       (unsigned long)regs->esi, (unsigned long)regs->edi);
>> +            hvm_inject_hw_exception(TRAP_gp_fault, regs->error_code);
>> +        }
>> +    } else if (!frc && regs->error_code == 0
>> +               && bytes[0] == 0x0f && bytes[1] == 0x33 && regs->ecx == 0x10000)
>> +    {
>> +        /* "rdpmc 0x10000" */
>> +        /* Not a very good emulation!  But just not faulting is good enough
>> +         * to get NetApp booting. */
>> +        regs->edx = regs->eax = 0;
> This doesn't look like it is logically part of "connecting vmport up"

You are right.  This code should not be part of this patch set. Will 
drop it.


> ~Andrew
>

[snip]

>> diff --git a/xen/include/public/trace.h b/xen/include/public/trace.h
>> index e2f60a6..32489f0 100644
>> --- a/xen/include/public/trace.h
>> +++ b/xen/include/public/trace.h
>> @@ -223,6 +223,7 @@
>>   #define TRC_HVM_NPF             (TRC_HVM_HANDLER + 0x21)
>>   #define TRC_HVM_REALMODE_EMULATE (TRC_HVM_HANDLER + 0x22)
>>   #define TRC_HVM_TRAP             (TRC_HVM_HANDLER + 0x23)
>> +#define TRC_HVM_TRAP64           (TRC_HVM_HANDLER + TRC_64_FLAG + 0x23)
> Haven't you already defined this in a previous patch?

Nope, just a related one.  Will factor both out into their own patch.

    -Don Slutz

>>   #define TRC_HVM_TRAP_DEBUG       (TRC_HVM_HANDLER + 0x24)
>>   #define TRC_HVM_VLAPIC           (TRC_HVM_HANDLER + 0x25)
>>   

  reply	other threads:[~2013-12-19  2:53 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-12 19:15 [RFC PATCH 00/10] Xen VMware tools support Don Slutz
2013-12-12 19:15 ` [RFC PATCH 01/10] smbios: Add "plus VMware-Tools" to HVM_XS_SYSTEM_PRODUCT_NAME Don Slutz
2013-12-12 19:35   ` Olaf Hering
2013-12-12 22:07     ` Andrew Cooper
2013-12-13 18:03       ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 02/10] Add VMware HVM params Don Slutz
2013-12-12 22:32   ` Andrew Cooper
2013-12-13 18:12     ` Don Slutz
2013-12-13 10:52   ` Jan Beulich
2013-12-13 18:13     ` Don Slutz
2013-12-17 20:02   ` Konrad Rzeszutek Wilk
2013-12-19  0:47     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 03/10] Add cpuid_vmware_leaves Don Slutz
2013-12-12 22:27   ` Andrew Cooper
2013-12-13 10:55     ` Jan Beulich
2013-12-13 13:38       ` Andrew Cooper
2013-12-13 18:55         ` Don Slutz
2013-12-16  8:13           ` Jan Beulich
2013-12-19  0:51             ` Don Slutz
2013-12-17 16:20     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 04/10] tools: Add support for new HVM params Don Slutz
2013-12-12 22:36   ` Andrew Cooper
2013-12-13 23:23     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 05/10] vmport: Add VMware provided include files Don Slutz
2013-12-17 20:22   ` Konrad Rzeszutek Wilk
2013-12-19  0:54     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 06/10] Add vmport structs Don Slutz
2013-12-12 23:10   ` Andrew Cooper
2013-12-19  1:26     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 07/10] Add new vmport code Don Slutz
2013-12-13  0:06   ` Andrew Cooper
2013-12-19  2:22     ` Don Slutz
2013-12-13 10:59   ` Jan Beulich
2013-12-19  2:25     ` Don Slutz
2013-12-17 20:36   ` Konrad Rzeszutek Wilk
2013-12-19  2:29     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 08/10] connect vmport up Don Slutz
2013-12-13  0:51   ` Andrew Cooper
2013-12-19  2:53     ` Don Slutz [this message]
2013-12-13 15:46   ` Boris Ostrovsky
2013-12-19  3:45     ` Don Slutz
2013-12-17 20:37   ` Konrad Rzeszutek Wilk
2013-12-19  3:46     ` Don Slutz
2013-12-12 19:15 ` [RFC PATCH 09/10] libxl: Add VTPOWER, VTREBOOT and VTPING Don Slutz
2013-12-13  0:58   ` Andrew Cooper
2013-12-17 20:30   ` Konrad Rzeszutek Wilk
2013-12-12 19:15 ` [RFC PATCH 10/10] Add VMware guest info access Don Slutz
2013-12-13  1:08   ` Andrew Cooper
2013-12-13  5:32   ` Matthew Daley
2013-12-17 20:34   ` Konrad Rzeszutek Wilk
2013-12-17 19:03 ` [RFC PATCH 00/10] Xen VMware tools support Konrad Rzeszutek Wilk
2013-12-19  0:46   ` Don Slutz
2013-12-19  9:50     ` Ian Campbell
2013-12-19 14:08       ` Don Slutz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52B25FB3.6000104@terremark.com \
    --to=dslutz@verizon.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=eddie.dong@intel.com \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=keir@xen.org \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=suravee.suthikulpanit@amd.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.