Xen project Mailing List

Re: [Xen-devel] [PATCH 0/9] x86/vvmx: Read instruction operands correctly on VM exit

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Euan Harris <euan.harris@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Thu, 2 Nov 2017 07:23:43 +0000

Accept-language: en-US

Cc: "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>

Delivery-date: Thu, 02 Nov 2017 07:24:03 +0000

Dlp-product: dlpe-windows

Dlp-reaction: no-action

Dlp-version: 11.0.0.116

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHTTnx8x0g/cZHSQ0qYlhyM2TX6faL15SaAgArUueA=

Thread-topic: [PATCH 0/9] x86/vvmx: Read instruction operands correctly on VM exit

> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx] > Sent: Friday, October 27, 2017 1:59 AM > > On 26/10/17 18:03, Euan Harris wrote: > > decode_vmx_inst() does not read instruction operands correctly on VM > exit: > > > > * It incorrectly uses vmx_inst_info's address_size field to calculate > > the sizes of the exit-causing instruction's operands. The sizes of > > the operands are specified in the SDM and might depend on whether > the > > guest is running in 32-bit or 64-bit mode, but they have nothing to do > > with the address_size field. > > > > * It includes its own segmentation logic, duplicating code elsewhere. > > This segmentation logic is also incorrect and will raise #GP fault > > rather than a #SS fault in response to an invalid memory access > > through the stack segment. > > > > Patches 1-6 (up to 'Remove operand decoding from decode_vmx_inst()') > > refactor decode_vmx_inst() in preparation for fixing the bugs mentioned > > above. They remove unnecessary code and extract the logic for reading > > operands from decode_vmx_inst() into a new operand_read() function. > > These patches should not cause any functional changes. > > > > Patch 7 ('Use correct sizes when reading operands') replaces the incorrect > > operand size calculations based on address_size with the correct sizes > > from the SDM. > > > > Patches 8 and 9 add new hvm_copy_{to,from}_guest_virt() helpers and > use > > them to read memory operands in place of the incorrect segmentation > > logic in decode_vmx_inst(). > > > > Euan Harris (9): > > x86/vvmx: Remove enum vmx_regs_enc > > x86/vvmx: Unify operands in struct vmx_inst_decoded > > x86/vvmx: Extract operand reading logic into operand_read() > > x86/vvmx: Remove unnecessary VMX operand reads > > x86/vvmx: Replace direct calls to reg_read() with operand_read() > > x86/vvmx: Remove operand reading from decode_vmx_inst() > > x86/vvmx: Use correct sizes when reading operands > > x86/hvm: Add hvm_copy_{to,from}_guest_virt() helpers > > x86/vvmx: Use hvm_copy_{to,from}_guest_virt() to read operands > > All Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>. I've > noticed a few trivial style issues which can be fixed up on commit if > there are no other issues. > Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.