From: George Dunlap <george.dunlap@eu.citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Ian Campbell <Ian.Campbell@eu.citrix.com>,
Aravind Gopalakrishnan <aravind.gopalakrishnan@amd.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v3 2/3] x86/PV: support data breakpoint extension registers
Date: Fri, 11 Apr 2014 16:37:19 +0100 [thread overview]
Message-ID: <53480C2F.5070805@eu.citrix.com> (raw)
In-Reply-To: <5348272A02000078000080DE@nat28.tlf.novell.com>
On 04/11/2014 04:32 PM, Jan Beulich wrote:
>>>> On 11.04.14 at 16:58, <George.Dunlap@eu.citrix.com> wrote:
>> On Mon, Apr 7, 2014 at 10:38 AM, Jan Beulich <JBeulich@suse.com> wrote:
>>> @@ -854,7 +854,42 @@ long arch_do_domctl(
>>> evc->vmce.mci_ctl2_bank0 = v->arch.vmce.bank[0].mci_ctl2;
>>> evc->vmce.mci_ctl2_bank1 = v->arch.vmce.bank[1].mci_ctl2;
>>>
>>> - ret = 0;
>>> + i = ret = 0;
>>> + if ( boot_cpu_has(X86_FEATURE_DBEXT) )
>>> + {
>>> + unsigned int j;
>>> +
>>> + if ( v->arch.pv_vcpu.dr_mask[0] )
>>> + {
>>> + if ( i < evc->msr_count && !ret )
>>> + {
>>> + msr.index = MSR_AMD64_DR0_ADDRESS_MASK;
>>> + msr.reserved = 0;
>>> + msr.value = v->arch.pv_vcpu.dr_mask[0];
>>> + if ( copy_to_guest_offset(evc->msrs, i, &msr, 1) )
>> Sorry if I missed something, but is there any bounds-checking on this
>> buffer? I don't see any specification in the header file about how
>> big the buffer needs to be, nor any conceptual limit to the number of
>> elements which might be copied into it -- at least in this path.
> The conceptual limit is 64k (due to evc->msr_count being a 16 bit
> quantity). The limit up to which we may write to the buffer is the
> passed in evc->msr_count (which gets updated at the end to the
> number we would have wanted to write).
Dur -- sorry, the first time I went through this patch (last week) I
noticed the "i < evc->msr_count", but somehow I missed it the second
time through.
>
>>> @@ -3628,7 +3660,27 @@ long do_set_trap_table(XEN_GUEST_HANDLE_
>>> return rc;
>>> }
>>>
>>> -long set_debugreg(struct vcpu *v, int reg, unsigned long value)
>>> +void activate_debugregs(const struct vcpu *curr)
>>> +{
>>> + ASSERT(curr == current);
>>> +
>>> + write_debugreg(0, curr->arch.debugreg[0]);
>>> + write_debugreg(1, curr->arch.debugreg[1]);
>>> + write_debugreg(2, curr->arch.debugreg[2]);
>>> + write_debugreg(3, curr->arch.debugreg[3]);
>>> + write_debugreg(6, curr->arch.debugreg[6]);
>>> + write_debugreg(7, curr->arch.debugreg[7]);
>>> +
>>> + if ( boot_cpu_has(X86_FEATURE_DBEXT) )
>>> + {
>>> + wrmsrl(MSR_AMD64_DR0_ADDRESS_MASK, curr->arch.pv_vcpu.dr_mask[0]);
>>> + wrmsrl(MSR_AMD64_DR1_ADDRESS_MASK, curr->arch.pv_vcpu.dr_mask[1]);
>>> + wrmsrl(MSR_AMD64_DR2_ADDRESS_MASK, curr->arch.pv_vcpu.dr_mask[2]);
>>> + wrmsrl(MSR_AMD64_DR3_ADDRESS_MASK, curr->arch.pv_vcpu.dr_mask[3]);
>>> + }
>>> +}
>>> +
>>> +long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value)
>>> {
>>> int i;
>>> struct vcpu *curr = current;
>>> @@ -3709,11 +3761,8 @@ long set_debugreg(struct vcpu *v, int re
>>> if ( (v == curr) &&
>>> !(v->arch.debugreg[7] & DR7_ACTIVE_MASK) )
>>> {
>>> - write_debugreg(0, v->arch.debugreg[0]);
>>> - write_debugreg(1, v->arch.debugreg[1]);
>>> - write_debugreg(2, v->arch.debugreg[2]);
>>> - write_debugreg(3, v->arch.debugreg[3]);
>>> - write_debugreg(6, v->arch.debugreg[6]);
>>> + activate_debugregs(curr);
>> So in the other place you replaced with activate_debugregs(), it
>> writes DR7; but here it doesn't -- and yet the function will write
>> DR7. Is that a problem?
> It's not strictly a problem (because right above we checked that
> no breakpoints are active, and right below we write it with the
> intended value), but it shouldn't be done to be on the safe side
> as well as because the double write is needlessly expensive. And
> I do recall that I made a mental note that the DR7 write needs to
> remain separate - only to then forget it. I should clearly have
> written it down. So thanks a lot for spotting this!
Easy to do. :-)
-George
next prev parent reply other threads:[~2014-04-11 15:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-07 9:31 [PATCH v3 0/3] x86/AMD support data breakpoint extension registers Jan Beulich
2014-04-07 9:38 ` [PATCH v3 1/3] SVM: " Jan Beulich
2014-04-11 14:32 ` George Dunlap
2014-04-07 9:38 ` [PATCH v3 2/3] x86/PV: " Jan Beulich
2014-04-11 14:58 ` George Dunlap
2014-04-11 15:32 ` Jan Beulich
2014-04-11 15:37 ` George Dunlap [this message]
2014-04-07 9:39 ` [PATCH v3 3/3] libxc/PV: save/restore " Jan Beulich
2014-04-11 16:37 ` George Dunlap
2014-04-14 7:50 ` Jan Beulich
2014-04-14 15:22 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53480C2F.5070805@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=aravind.gopalakrishnan@amd.com \
--cc=keir@xen.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.