[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/9] x86/vvmx: Read instruction operands correctly on VM exit

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, Euan Harris <euan.harris@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Thu, 2 Nov 2017 18:39:19 +0000
Cc: "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>
Delivery-date: Thu, 02 Nov 2017 18:39:59 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 02/11/17 07:23, Tian, Kevin wrote:
>> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx]
>> Sent: Friday, October 27, 2017 1:59 AM
>>
>> On 26/10/17 18:03, Euan Harris wrote:
>>> decode_vmx_inst() does not read instruction operands correctly on VM
>> exit:
>>>  * It incorrectly uses vmx_inst_info's address_size field to calculate
>>>    the sizes of the exit-causing instruction's operands.  The sizes of
>>>    the operands are specified in the SDM and might depend on whether
>> the
>>>    guest is running in 32-bit or 64-bit mode, but they have nothing to do
>>>    with the address_size field.
>>>
>>>  * It includes its own segmentation logic, duplicating code elsewhere.
>>>    This segmentation logic is also incorrect and will raise #GP fault
>>>    rather than a #SS fault in response to an invalid memory access
>>>    through the stack segment.
>>>
>>> Patches 1-6 (up to 'Remove operand decoding from decode_vmx_inst()')
>>> refactor decode_vmx_inst() in preparation for fixing the bugs mentioned
>>> above.  They remove unnecessary code and extract the logic for reading
>>> operands from decode_vmx_inst() into a new operand_read() function.
>>> These patches should not cause any functional changes.
>>>
>>> Patch 7 ('Use correct sizes when reading operands') replaces the incorrect
>>> operand size calculations based on address_size with the correct sizes
>>> from the SDM.
>>>
>>> Patches 8 and 9 add new hvm_copy_{to,from}_guest_virt() helpers and
>> use
>>> them to read memory operands in place of the incorrect segmentation
>>> logic in decode_vmx_inst().
>>>
>>> Euan Harris (9):
>>>   x86/vvmx: Remove enum vmx_regs_enc
>>>   x86/vvmx: Unify operands in struct vmx_inst_decoded
>>>   x86/vvmx: Extract operand reading logic into operand_read()
>>>   x86/vvmx: Remove unnecessary VMX operand reads
>>>   x86/vvmx: Replace direct calls to reg_read() with operand_read()
>>>   x86/vvmx: Remove operand reading from decode_vmx_inst()
>>>   x86/vvmx: Use correct sizes when reading operands
>>>   x86/hvm: Add hvm_copy_{to,from}_guest_virt() helpers
>>>   x86/vvmx: Use hvm_copy_{to,from}_guest_virt() to read operands
>> All Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>.  I've
>> noticed a few trivial style issues which can be fixed up on commit if
>> there are no other issues.
>>
> Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>

Pulled into x86-next, with the comments addressed.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH 0/9] x86/vvmx: Read instruction operands correctly on VM exit
  - From: Tian, Kevin

Prev by Date: [Xen-devel] Xen 4.10 RC3
Next by Date: [Xen-devel] [PATCH] xen: xenbus_probe_frontend: mark expected switch fall-throughs
Previous by thread: Re: [Xen-devel] [PATCH 0/9] x86/vvmx: Read instruction operands correctly on VM exit
Next by thread: [Xen-devel] USB Passthrough: Incorrect device detected in Domain U
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.