Xen project Mailing List

Re: [Xen-devel] [PATCH V5 3/3] xen/vm_event: Deny register writes if refused by vm_event reply

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Tue, 14 Jul 2015 17:37:33 +0300

Cc: jun.nakajima@xxxxxxxxx, kevin.tian@xxxxxxxxx, wei.liu2@xxxxxxxxxx, ian.campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, george.dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, eddie.dong@xxxxxxxxx, Aravind.Gopalakrishnan@xxxxxxx, suravee.suthikulpanit@xxxxxxx, tlengyel@xxxxxxxxxxx, keir@xxxxxxx, boris.ostrovsky@xxxxxxxxxx

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

Delivery-date: Tue, 14 Jul 2015 14:37:00 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=uAyE+6dB1c+9e7Kn9xWMFFrI3JEFv3k2xEK6mNJEuIW+jrgnHdzrvlxuQundRIS9jOl6wKnfW9w3+WCfGaA/K8BHpKmLVB5tr9VRJ+T7zUiJEglnQbujCwG03FLmsQ3HyFCI1xSGplTz7Z+cytiJ8vGBwIYHcVRgz8anRlcrTJGOJ6vfavXAurfcBn3tYTC82/DbcJYIUmKOUbLOgtuIjasQA8xMz2XrUJ6zH7jTYAOKrUQlMhoexOpxjDHB5d/Ey9ZElNEnB3mKHX+KtFQA7aAL0ERzg5EGJstbAmGtBP46PW7qdcHe9owArl0zstHMTdGIlJ1RAn7uDyvHAmhwuQ==; h=Received:Received:Received:Received:Received:From:Subject:To:References:Cc:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/14/2015 03:35 PM, Jan Beulich wrote: >> --- a/xen/include/public/vm_event.h >> +++ b/xen/include/public/vm_event.h >> @@ -74,6 +74,11 @@ >> * VM_EVENT_FLAG_SET_EMUL_READ_DATA are set, only the latter will be >> honored). >> */ >> #define VM_EVENT_FLAG_SET_EMUL_READ_DATA (1 << 5) >> + /* >> + * Deny completion of the operation that triggered the event. >> + * Currently only useful for MSR, CR0, CR3 and CR4 write events. >> + */ >> +#define VM_EVENT_FLAG_DENY (1 << 6) > > Wouldn't this want adding to the get-capabilities sub-op too? Actually, no (sorry for rushing with the answer before), the monitor.c capabilities issue refers to main event types, whereas this is a response flag. 45 static inline uint32_t get_capabilities(struct domain *d) 46 { 47 uint32_t capabilities = 0; 48 49 /* 50 * At the moment only Intel HVM domains are supported. However, event 51 * delivery could be extended to AMD and PV domains. 52 */ 53 if ( !is_hvm_domain(d) || !cpu_has_vmx ) 54 return capabilities; 55 56 capabilities = (1 << XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG) | 57 (1 << XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR) | 58 (1 << XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT) | 59 (1 << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST); 60 61 /* Since we know this is on VMX, we can just call the hvm func */ 62 if ( hvm_is_singlestep_supported() ) 63 capabilities |= (1 << XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP); 64 65 return capabilities; 66 } So if we have the (1 << XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG) and (1 << XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR), that also means we can deny those writes (by setting the VM_EVENT_FLAG_DENY in the vm_event response), no additional checks are necessary. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.