[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] AMD VMMCALL and VM86 mode

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
From: Suravee Suthikulpanit <Suravee.Suthikulpanit@xxxxxxx>
Date: Sun, 25 Dec 2016 14:47:53 +0700
Cc: JBeulich@xxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Sun, 25 Dec 2016 07:48:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99



On 12/12/16 01:37, Andrew Cooper wrote:

On 11/12/16 17:33, Boris Ostrovsky wrote:

----- andrew.cooper3@xxxxxxxxxx wrote:

On 09/12/16 19:55, Andrew Cooper wrote:

On 09/12/16 19:55, Boris Ostrovsky wrote:

On 12/09/2016 02:01 PM, Andrew Cooper wrote:

Hello,

While working on XSA-192, I found a curious thing.  On AMD

hardware, the

VMMCALL instruction appears to behave like a nop if executed in

VM86

mode.  All other processor modes work fine.

The documentation suggests it should be valid in any situation,

but I

never get a #VMEXIT from it.

And I assume GENERAL2_INTERCEPT_VMMCALL is set (which is what we

have in

Xen by default)?

Yes, because I have already used hypercalls to get text to the

console

before entering vm86 mode.

What happens if you don't set it?

Let me do some hacking and see.

Outside of vm86 mode, VMMCALL raises #UD, which is expected as it
wasn't
intercepted.

From within vm86 mode, I now get #GP rather than #UD.

There is certainly an argument to be made that VMMCALL inside vm86
mode
should trap to the vm86 monitor and #GP would be the expected way of
that happening, but this also doesn't match the documentation.


Just curious: why do you think #GP could be a reasonable exception here?


In vm86 mode, #GP is raised for privileged instructions which should
break for auditing in the vm86 monitor.  It would be reasonable to
include "talking to the hypervisor" as a privileged action.

It's #UD because if not intercepted it doesn't make sense to execute it.


I agree with this, if privilege isn't considered an issue.  If a
hypervisor doesn't actually get involved, the instruction shouldn't
complete.

But either way, I think AMD should clarify this. Suravee, can you find out what 
the expected behavior is?


IMO, it should either consistently #GP and break to the vm86 monitor, or
#UD/#VMEXIT depending on whether it is intercepted by the hypervisor.
Either way the documentation should be clarified.

Having said this, given that its behaviour is consistent on any AMD
processor I choose to try, and given that vm86 mode is very legacy these
days, I doubt a reasonable argument can be made to fixing the behaviour.

~Andrew

So, just to confirm your observation. When executing VMMCALL in vm86mode with the hypervisor is set to intercept VMMCALL and not-interceptVMMCALL, you are seeing #GP in both cases or just in the later?

According to the HW folks, in the vm86 mode, we should observe the samebehavior as in protected mode. (e.g. #UD in guest if not interceptVMMCALL, and #vmexit if intercept)

Could you please describe how you are reproducing this behavior? Whatprocessors are you using to reproduce this behavior?


Thanks,
Suravee

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] AMD VMMCALL and VM86 mode
  - From: Boris Ostrovsky
- Re: [Xen-devel] AMD VMMCALL and VM86 mode
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [qemu-mainline baseline-only test] 68270: regressions - FAIL
Next by Date: [Xen-devel] [xen-unstable-coverity test] 103922: all pass - PUSHED
Previous by thread: Re: [Xen-devel] AMD VMMCALL and VM86 mode
Next by thread: [Xen-devel] [PATCH v2] fix potential pa_range_info out of bound access
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.