On Tue, Apr 08, 2025 at 03:00:28PM +0100, Andrew Cooper wrote:
> On 08/04/2025 10:31 am, Roger Pau Monne wrote:
> > When running on AMD hardware in HVM mode the guest linear address (GLA)
> > will not be provided to hvm_emulate_one_mmio(), and instead is
> > unconditionally set of ~0. As a consequence mmio_ro_emulated_write() will
> > always report an error, as the fault GLA generated by the emulation of the
> > access won't be ~0.
> >
> > Fix this by only checking for the fault GLA in mmio_ro_emulated_write()
> > when the guest is PV.
> >
> > Fixes: 33c19df9a5a0 ('x86/PCI: intercept accesses to RO MMIO from dom0s in
> > HVM containers')
> > Signed-off-by: Roger Pau Monné <roger....@citrix.com>
>
> I think there are several bugs here.
>
> We do get %cr2 reliably for PV and Shadow guests.
>
> Intel EPT may or may not give us GLA. e.g. writes for pagetable A/D
> updates don't get GLA.
>
> Defaulting to ~0 isn't ok. We need some kind of GLA-valid signal,
> except for HAP guests, it isn't even the GLA we care about, it's the GPA
> which identifies the MMIO region.
>
> We shouldn't terminate the emulation if there's no GLA to check. In the
> case that we don't have a GLA, we should translate the memory operand
> and cross-check the GPA. We'll definitely have one of the two to hand.
I guess I will have to switch to a more complex approach for HVM and
use logic similar to hvmemul_write() to figure out the mfn, and
compare it with the fault provided one.
Thanks, Roger.
