Xen project Mailing List

Re: [Xen-devel] [PATCH v1 1/3] x86/vvmx: add mov-ss blocking check to vmentry

To: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx

From: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>

Date: Thu, 16 Mar 2017 11:23:53 -0700

Delivery-date: Thu, 16 Mar 2017 18:24:04 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

The Intel SDM also mentions POP-SS. Are you planning to do it via

another patch ?

Also, I was wondering if it makes more sense to rename the new enum code as VMX_INSN_VMENTRY_BLOCKED since it can then also be used for POP-SS. -Krish On 03/13/2017 03:51 AM, Sergey Dyasli wrote:

Intel SDM states that if there is a current VMCS and there is MOV-SS
blocking, VMFailValid occurs and control passes to the next instruction.

Implement such behaviour for nested vmlaunch and vmresume.

Signed-off-by: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
---
  xen/arch/x86/hvm/vmx/vvmx.c        | 16 ++++++++++++++++
  xen/include/asm-x86/hvm/vmx/vmcs.h |  1 +
  2 files changed, 17 insertions(+)

diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index e2c0951..09e4250 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1572,6 +1572,7 @@ int nvmx_handle_vmresume(struct cpu_user_regs *regs)
      bool_t launched;
      struct vcpu *v = current;
      struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
+    unsigned long intr_shadow;
      int rc = vmx_inst_check_privilege(regs, 0);

if ( rc != X86EMUL_OKAY )

@@ -1583,6 +1584,13 @@ int nvmx_handle_vmresume(struct cpu_user_regs *regs)
          return X86EMUL_OKAY;
      }

+ __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow);

+    if ( intr_shadow & VMX_INTR_SHADOW_MOV_SS )
+    {
+        vmfail_valid(regs, VMX_INSN_VMENTRY_BLOCKED_BY_MOV_SS);
+        return X86EMUL_OKAY;
+    }
+
      launched = vvmcs_launched(&nvmx->launched_list,
                                PFN_DOWN(v->arch.hvm_vmx.vmcs_shadow_maddr));
      if ( !launched )
@@ -1598,6 +1606,7 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
      bool_t launched;
      struct vcpu *v = current;
      struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
+    unsigned long intr_shadow;
      int rc = vmx_inst_check_privilege(regs, 0);

if ( rc != X86EMUL_OKAY )

@@ -1609,6 +1618,13 @@ int nvmx_handle_vmlaunch(struct cpu_user_regs *regs)
          return X86EMUL_OKAY;
      }

+ __vmread(GUEST_INTERRUPTIBILITY_INFO, &intr_shadow);

+    if ( intr_shadow & VMX_INTR_SHADOW_MOV_SS )
+    {
+        vmfail_valid(regs, VMX_INSN_VMENTRY_BLOCKED_BY_MOV_SS);
+        return X86EMUL_OKAY;
+    }
+
      launched = vvmcs_launched(&nvmx->launched_list,
                                PFN_DOWN(v->arch.hvm_vmx.vmcs_shadow_maddr));
      if ( launched )
diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h 
b/xen/include/asm-x86/hvm/vmx/vmcs.h
index f465fff..dc5d91f 100644
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -515,6 +515,7 @@ enum vmx_insn_errno
      VMX_INSN_VMPTRLD_INCORRECT_VMCS_ID     = 11,
      VMX_INSN_UNSUPPORTED_VMCS_COMPONENT    = 12,
      VMX_INSN_VMXON_IN_VMX_ROOT             = 15,
+    VMX_INSN_VMENTRY_BLOCKED_BY_MOV_SS     = 26,
      VMX_INSN_FAIL_INVALID                  = ~0,
  };

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.