From 4af35bad437f20acacf65b18cb8d0eff4d5de089 Mon Sep 17 00:00:00 2001 From: Tim Deegan Date: Thu, 22 Feb 2007 12:21:29 +0000 Subject: [PATCH] [XEN] don't emulate stack operations on shadowed pages Signed-off-by: Tim Deegan --- xen/arch/x86/mm/shadow/multi.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index cce70bc522..f5b4e0eb3b 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -2902,7 +2902,23 @@ static int sh_page_fault(struct vcpu *v, if ( is_hvm_domain(d) ) hvm_store_cpu_guest_regs(v, regs, NULL); - SHADOW_PRINTK("emulate: eip=%#lx\n", (unsigned long)regs->eip); + SHADOW_PRINTK("emulate: eip=%#lx esp=%#lx\n", + (unsigned long)regs->eip, (unsigned long)regs->esp); + + /* Check whether this looks like a stack operation. */ + if ( (va & PAGE_MASK) == (regs->esp & PAGE_MASK) ) + { + /* Forcibly unshadow and return. It's important to do this before + * we emulate: if the faulting stack operation was the guest handling + * an interrupt, then + * (a) the instruction at %eip is irrelevant; and + * (b) we might inject some other fault and mask the real one */ + gdprintk(XENLOG_DEBUG, "guest stack is on a shadowed frame: " + "%%esp=%#lx, cr2=%#lx, mfn=%#lx\n", + (unsigned long)regs->esp, va, mfn_x(gmfn)); + sh_remove_shadows(v, gmfn, 0 /* thorough */, 1 /* must succeed */); + goto done; + } emul_ops = shadow_init_emulation(&emul_ctxt, regs); -- 2.30.2