[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/emul: Avoid #UD in SIMD stubs

On 08/03/17 13:02, Jan Beulich wrote:
>>>> On 08.03.17 at 13:10, <andrew.cooper3@xxxxxxxxxx> wrote:
>> v{,u}comis{s,d}, and vcvt{,t}s{s,d}2si are two-operand instructions, while
>> vzero{all,upper} take no operands, so require vex.reg set to ~0 to avoid 
>> #UD.
>>
>> Spotted while fuzzing with AFL
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>
>

Thanks,

I took this opportunity to test the stub recovery from the point of view
of a malicious guest.

(XEN) d2v0 exception 6 (ec=0000) in emulation stub (line 6239)
(XEN) d2v0 stub: c4 e1 44 77 c3 80 d0 82 ff ff ff d1 90 ec 90

It is good to see that such a bug won't even been a security issue in
Xen 4.9!

One observation however.  It would probably be safer to poison the stub
with 0xcc each time (especially if we have a path which omits the ret),
instead of leaving partial instructions in place.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.