debuggers.hg
changeset 16523:c76a9aa12d2e
hvm: Inject #UD for un-emulated instructions rather than crash guest
The CrashMe stress test (a process repeatedly forks child processes, and
the child processes initialize a buffer with random numbers, then treat
the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest
easily; this is because we haven't emulated all the instructions in
handle_mmio() yet.
The CrashMe process runs with root rights, and can access MMIO space in
an unknown way ("strace -f" shows the random codes running at CPL=3D3
don't call mmap(), and don't open any special files in /dev/ "); the gpa
may look like 0xa**** or 0xb****, or 0xfee0****. =20
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
The CrashMe stress test (a process repeatedly forks child processes, and
the child processes initialize a buffer with random numbers, then treat
the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest
easily; this is because we haven't emulated all the instructions in
handle_mmio() yet.
The CrashMe process runs with root rights, and can access MMIO space in
an unknown way ("strace -f" shows the random codes running at CPL=3D3
don't call mmap(), and don't open any special files in /dev/ "); the gpa
may look like 0xa**** or 0xb****, or 0xfee0****. =20
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Nov 28 13:04:47 2007 +0000 (2007-11-28) |
| parents | bb31c9325d5f |
| children | c00f31f27de6 |
| files | xen/arch/x86/hvm/platform.c |
line diff
1.1 --- a/xen/arch/x86/hvm/platform.c Wed Nov 28 12:50:24 2007 +0000 1.2 +++ b/xen/arch/x86/hvm/platform.c Wed Nov 28 13:04:47 2007 +0000 1.3 @@ -1051,13 +1051,18 @@ void handle_mmio(unsigned long gpa) 1.4 } 1.5 1.6 if ( mmio_decode(address_bytes, inst, mmio_op, &ad_size, 1.7 - &op_size, &seg_sel) == DECODE_failure ) { 1.8 - printk("handle_mmio: failed to decode instruction\n"); 1.9 - printk("mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len); 1.10 + &op_size, &seg_sel) == DECODE_failure ) 1.11 + { 1.12 + gdprintk(XENLOG_WARNING, 1.13 + "handle_mmio: failed to decode instruction\n"); 1.14 + gdprintk(XENLOG_WARNING, 1.15 + "mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len); 1.16 for ( i = 0; i < inst_len; i++ ) 1.17 printk(" %02x", inst[i] & 0xFF); 1.18 printk("\n"); 1.19 - domain_crash_synchronous(); 1.20 + 1.21 + hvm_inject_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE, 0); 1.22 + return; 1.23 } 1.24 1.25 regs->eip += inst_len; /* advance %eip */