On Mon, Dec 12, 2011 at 8:54 AM, Avi Kivity <avi at redhat.com> wrote:
> On 12/11/2011 12:25 PM, Christoffer Dall wrote:
>> From: Christoffer Dall <cdall at cs.columbia.edu>
>>
>> When the guest accesses I/O memory this will create data abort
>> exceptions and they are handled by decoding the HSR information
>> (physical address, read/write, length, register) and forwarding reads
>> and writes to QEMU which performs the device emulation.
>>
>> Certain classes of load/store operations do not support the syndrome
>> information provided in the HSR and we therefore must be able to fetch
>> the offending instruction from guest memory and decode it manually.
>>
>> This requires changing the general flow somewhat since new calls to run
>> the VCPU must check if there's a pending MMIO load and perform the write
>> after userspace has made the data available.
>>
>> ?}
>>
>> +/**
>> + * kvm_handle_mmio_return -- Handle MMIO loads after user space emulation
>> + * @vcpu: The VCPU pointer
>> + * @run: ?The VCPU run struct containing the mmio data
>> + *
>> + * This should only be called after returning to QEMU for MMIO load emulation.
>
> s/to QEMU/from userspace/
>
>> + */
>> +int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run)
>> +{
>> + ? ? int *dest;
>> + ? ? unsigned int len;
>> + ? ? int mask;
>> +
>> + ? ? if (!run->mmio.is_write) {
>> + ? ? ? ? ? ? dest = vcpu_reg(vcpu, vcpu->arch.mmio_rd);
>> + ? ? ? ? ? ? memset(dest, 0, sizeof(int));
>> +
>> + ? ? ? ? ? ? if (run->mmio.len > 4) {
>> + ? ? ? ? ? ? ? ? ? ? kvm_err(-EINVAL, "Incorrect mmio length");
>> + ? ? ? ? ? ? ? ? ? ? return -EINVAL;
>> + ? ? ? ? ? ? }
>
> Time of check...
>
>> +
>> + ? ? ? ? ? ? len = run->mmio.len;
>> + ? ? ? ? ? ? memcpy(dest, run->mmio.data, len);
>
> ... time of use. ?Anything in run-> is untrusted. ?Best to use the
> kernel's copy of len.
nice. thanks.
