Xen project Mailing List

Re: [Xen-devel] [PATCH V4 1/3] xen/mem_access: Support for memory-content hiding

On Wed, Jul 8, 2015 at 6:22 AM, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> wrote:

This patch adds support for memory-content hiding, by modifying the
value returned by emulated instructions that read certain memory
addresses that contain sensitive data. The patch only applies to
cases where MEM_ACCESS_EMULATE or MEM_ACCESS_EMULATE_NOWRITE have
been set to a vm_event response.

Signed-off-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Acked-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

---
Changes since V3:
- Renamed MEM_ACCESS_SET_EMUL_READ_DATA to
VM_EVENT_FLAG_SET_EMUL_READ_DATA and updated its comment.
- Removed xfree(v->arch.vm_event.emul_read_data) from
free_vcpu_struct().
- Returning X86EMUL_UNHANDLEABLE from hvmemul_cmpxchg() when
!curr->arch.vm_event.emul_read_data.
- Replaced in xmalloc_bytes() with xmalloc_array() in
hvmemul_rep_outs_set_context().
- Setting the rest of the buffer to zero in hvmemul_rep_movs()
(no longer leaking heap contents).
- No longer memset()ing the whole buffer before copy (just zeroing
out the rest).
- Moved hvmemul_ctxt->set_context = 0 to hvm_emulate_prepare() and
removed hvm_emulate_one_set_context().
---
tools/tests/xen-access/xen-access.c | 2 +-
xen/arch/x86/hvm/emulate.c | 138 ++++++++++++++++++++++++++++++++++-
xen/arch/x86/hvm/event.c | 50 ++++++-------
xen/arch/x86/mm/p2m.c | 92 +++++++++++++----------
xen/common/domain.c | 2 +
xen/common/vm_event.c | 23 ++++++
xen/include/asm-x86/domain.h | 2 +
xen/include/asm-x86/hvm/emulate.h | 10 ++-
xen/include/public/vm_event.h | 31 ++++++--
9 files changed, 274 insertions(+), 76 deletions(-)

Acked-by: Tamas K Lengyel <tlengyel@xxxxxxxxxxx>

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel