[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86emul: don't read mask register on AVX512F-incapable platforms



>>> On 01.04.19 at 16:14, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 29/03/2019 10:56, Jan Beulich wrote:
>>>>> On 29.03.19 at 11:02, <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 29/03/2019 09:36, Jan Beulich wrote:
>>>> I'd like to put up the other option then: Rather than using
>>>> _get_fpu() (and in particular the read_xcr() and read_cr() hooks)
>>>> we could read the real XCR0 here. After all we issue the KMOV not
>>>> because the guest has specified it, but because we need the value
>>>> of the register for correct fault suppression emulation.
>>> True, and that would be rather smaller and less invasive than
>>> deliberately squashing the other side effects of get_fpu()
>> Hmm, I've tried to do this, but this is more complicated: CR0.TS
>> may be set, in which case we need to invoke the get_fpu() hook
>> to get it cleared with appropriate bookkeeping. I don't think it's
>> worth further complicating the code by invoking the hook _only_
>> in that case. So I guess we better stick to v2.
> 
> Oh ok.  That does complicated things.  Lets just use the existing
> infrastructure, even if it is rather heavyweight.
> 
>> Which makes me come back to your request to drop the
>> cpu_has_avx512f part of the condition: Right now the fuzzer
>> uses emul_test_read_xcr() instead of actually fuzzing the
>> value. Once it does, would we expect it to never set any bits
>> in the returned value that aren't set in hardware, but could
>> in principle be set based on (real) CPUID output? In that case
>> I could agree to remove the extra condition.
> 
> I don't see how we could ever emulate with a (v)xcr0 different to a
> legitimate value in hardware, as the stubs would #UD.
> 
> I also don't see how the userspace tools could ever test with a value
> other than what it can see in xgetbv, because only the kernel gets to
> choose %xcr0.  Even with faking up a smaller xcr0, you'd end up with
> instructions which should fault but don't.

Would you mind looking at what we do for CR0 and CR4 right now
in the fuzzer stubs? I don't see why, in principle, these and XCR0
would need handling differently: Either we supply sane state
rather than fully fuzzed one, or we don't. But preferably uniformly.
Yet right now XCR0 gets sane values, while CR0 and CR4 get
fuzzed in architecturally impossible ways.

As to faulting: The same would be true if the emulator used e.g.
the fsgsbase insns itself, but based its decision on the presented
CR4 value: It might fault when it shouldn't, or it might not fault
when it should, depending on host CR4.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.