Re: [XEN v3] xen/arm64: io: Decode ldr/str post-indexing instructions

[Andre Przywara <andre.przywara@xxxxxxx>]

On Mon, 24 Jan 2022 17:58:55 +0000
Julien Grall <julien@xxxxxxx> wrote:

Hi Julien,

> Hi Andre,
> 
> On 24/01/2022 14:36, Andre Przywara wrote:
> > On Mon, 24 Jan 2022 12:07:42 +0000  
> >> Also, if an instruction is being modified by the guest (after it has
> >> been loaded in the I cache), and if the guest does not invalidate the I
> >> cache + ISB, then this is a malicious behavior by the guest. Is my
> >> understanding correct ?  
> > 
> > I wouldn't say malicious per se, there might be legitimate reasons to do
> > so, but in the Xen context this is mostly irrelevant, since we don't trust
> > the guest anyway. So whether it's malicious or accidental, the hypervisor
> > might be mislead.  
> 
> I agree the hypervisor will be mislead to execute the wrong instruction. 
> But, in reality, I don't see how this is a massive problem as this 
> thread seems to imply. At best the guest will shoot itself in the foot.

I didn't really imply anything, I genuinely meant that I don't want to
spend brain cells thinking about possible exploits - I always figured you
(and Xen people in general) are so much better in this. (genuine
compliment!)
I was just pointing out that this emulation might be wrong then.
That ties back to the original question of how many bitter pills you want
to swallow for having this emulation code - which is your decision to make.

Cheers,
Andre

> IOW, for now, I think it is fine to assume that the guest will have 
> invalidated the cache instruction before executing any instruction that 
> may fault with ISV=0. This could be revisted if we have use-cases where 
> we really need to know what the guest executed.
> 
> Cheers,
>