Xen project Mailing List

Re: [Xen-devel] AMD VMMCALL and VM86 mode

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Sun, 11 Dec 2016 18:37:59 +0000

Cc: JBeulich@xxxxxxxx, suravee.suthikulpanit@xxxxxxx, xen-devel@xxxxxxxxxxxxx

Delivery-date: Sun, 11 Dec 2016 18:38:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 11/12/16 17:33, Boris Ostrovsky wrote: > ----- andrew.cooper3@xxxxxxxxxx wrote: > >> On 09/12/16 19:55, Andrew Cooper wrote: >>> On 09/12/16 19:55, Boris Ostrovsky wrote: >>>> On 12/09/2016 02:01 PM, Andrew Cooper wrote: >>>>> Hello, >>>>> >>>>> While working on XSA-192, I found a curious thing. On AMD >> hardware, the >>>>> VMMCALL instruction appears to behave like a nop if executed in >> VM86 >>>>> mode. All other processor modes work fine. >>>>> >>>>> The documentation suggests it should be valid in any situation, >> but I >>>>> never get a #VMEXIT from it. >>>> And I assume GENERAL2_INTERCEPT_VMMCALL is set (which is what we >> have in >>>> Xen by default)? >>> Yes, because I have already used hypercalls to get text to the >> console >>> before entering vm86 mode. >>> >>>> What happens if you don't set it? >>> Let me do some hacking and see. >> Outside of vm86 mode, VMMCALL raises #UD, which is expected as it >> wasn't >> intercepted. >> >> From within vm86 mode, I now get #GP rather than #UD. >> >> There is certainly an argument to be made that VMMCALL inside vm86 >> mode >> should trap to the vm86 monitor and #GP would be the expected way of >> that happening, but this also doesn't match the documentation. > > Just curious: why do you think #GP could be a reasonable exception here? In vm86 mode, #GP is raised for privileged instructions which should break for auditing in the vm86 monitor. It would be reasonable to include "talking to the hypervisor" as a privileged action. > It's #UD because if not intercepted it doesn't make sense to execute it. I agree with this, if privilege isn't considered an issue. If a hypervisor doesn't actually get involved, the instruction shouldn't complete. > But either way, I think AMD should clarify this. Suravee, can you find out > what the expected behavior is? IMO, it should either consistently #GP and break to the vm86 monitor, or #UD/#VMEXIT depending on whether it is intercepted by the hypervisor. Either way the documentation should be clarified. Having said this, given that its behaviour is consistent on any AMD processor I choose to try, and given that vm86 mode is very legacy these days, I doubt a reasonable argument can be made to fixing the behaviour. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.