[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers

To: "Janakarajan Natarajan" <Janakarajan.Natarajan@xxxxxxx>, "JanakarajanNatarajan" <jnataraj@xxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 30 May 2018 01:24:36 -0600
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Julien Grall <julien.grall@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Delivery-date: Wed, 30 May 2018 07:24:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 30.05.18 at 01:33, <andrew.cooper3@xxxxxxxxxx> wrote:
>> Would this be better suited ?
> 
> Almost.
> 
> The purpose of the validate function is to fix an inherent race
> condition which occurs with a vmexit.
> 
> After a vmexit, rereading the instruction for emulation is inherently
> racy, and a malicious VM could rewrite the instruction stream while the
> vmexit is occuring.  As a result, we provide a validate function to
> check that the instruction decoded matches one which plausibly broke for
> emulation here.
> 
> Therefore, you want a validate function which checks that the
> instruction has a memory operand, and that it falls within the 4k region
> which maps the APIC registers.

The validate hook is called right after decode, i.e. before operands have
been evaluated, so the latter part of what you suggest cannot be done.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
  - From: Natarajan, Janakarajan

References:
- [Xen-devel] [PATCH v2 00/10] Introduce AMD SVM AVIC
  - From: Janakarajan Natarajan
- [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
  - From: Janakarajan Natarajan
- Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
  - From: Natarajan, Janakarajan
- Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [xen-4.8-testing test] 123345: regressions - trouble: broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH 1/6] x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit
Previous by thread: Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
Next by thread: Re: [Xen-devel] [PATCH v2 05/10] x86/SVM: Add AVIC vmexit handlers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.