[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Date: Fri, 6 Sep 2019 01:12:26 +0900
Cc: Juergen Gross <jgross@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, x86@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>
Delivery-date: Thu, 05 Sep 2019 16:12:33 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, 5 Sep 2019 14:31:56 +0100
Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:

> >>> The KVM version was added in c/s 6c86eedc206dd1f9d37a2796faa8e6f2278215d2
> > Hmm, I think I might misunderstand what the "emulate prefix"... that is not
> > a prefix which replace actual prefix, but just works like an escape 
> > sequence.
> > Thus the next instruction can have any x86 prefix, correct?
> 
> There is a bit of history here :)
> 
> Originally, 13 years ago, Xen invented the "Force Emulate Prefix", which
> was the sequence:
> 
> ud2a; .ascii 'xen'; cpuid
> 
> which hit the #UD handler and was recognised as a request for
> virtualised CPUID information.  This was for ring-deprivileged
> virtualisation, and is needed because the CPUID instruction itself
> doesn't trap to the hypervisor.
> 
> Following some security issues in our instruction emulator, I reused
> this prefix with VT-x/SVM guests for testing purposes.  It behaves in a
> similar manner - when enabled, it is recognised in #UD exception
> intercept, and causes Xen to add 5 to the instruction pointer, then
> emulate the instruction starting there.
> 
> Then various folk thought that having the same kind of ability to test
> KVM's instruction emulator would be a good idea, so they borrowed the idea.
> 
> From a behaviour point of view, it is an opaque 5 bytes which means
> "break into the hypervisor, then emulate the following instruction".
> 
> The name "prefix" is unfortunate.  It was named thusly because from the
> programmers point of view, it was something you put before the CPUID
> instruction which wanted to be emulated.  It is not related to x86
> instruction concept of a prefix.

OK, then we should not use the insn->prefixes for those escape sequences.

Thank you,

-- 
Masami Hiramatsu <mhiramat@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Masami Hiramatsu
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Masami Hiramatsu
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Masami Hiramatsu
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Masami Hiramatsu
- Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [qemu-mainline test] 141015: regressions - FAIL
Next by Date: Re: [Xen-devel] [ANNOUNCE] Call for agenda items for September 5th Community Call @ 15:00 UTC
Previous by thread: Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
Next by thread: Re: [Xen-devel] [PATCH -tip 0/2] x86: Prohibit kprobes on XEN_EMULATE_PREFIX
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.