From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: kevin.tian@intel.com, wei.liu2@citrix.com,
ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com,
andrew.cooper3@citrix.com, tim@xen.org, xen-devel@lists.xen.org,
eddie.dong@intel.com, Aravind.Gopalakrishnan@amd.com,
jun.nakajima@intel.com, suravee.suthikulpanit@amd.com,
boris.ostrovsky@oracle.com, keir@xen.org,
ian.jackson@eu.citrix.com
Subject: Re: [PATCH 2/5] xen/vm_access: Support for memory-content hiding
Date: Fri, 08 May 2015 19:49:00 +0300 [thread overview]
Message-ID: <554CE8FC.5040305@bitdefender.com> (raw)
In-Reply-To: <554CFB760200007800078703@mail.emea.novell.com>
On 05/08/2015 07:07 PM, Jan Beulich wrote:
>>>> On 06.05.15 at 19:12, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/hvm/emulate.c
>> +++ b/xen/arch/x86/hvm/emulate.c
>> @@ -578,6 +578,25 @@ static int hvmemul_read(
>> container_of(ctxt, struct hvm_emulate_ctxt, ctxt));
>> }
>>
>> +static int hvmemul_read_set_context(
>> + enum x86_segment seg,
>> + unsigned long offset,
>> + void *p_data,
>> + unsigned int bytes,
>> + struct x86_emulate_ctxt *ctxt)
>> +{
>> + struct vcpu *curr = current;
>> + unsigned int len =
>> + (bytes > curr->arch.vm_event.emul_read_data.size ?
>> + curr->arch.vm_event.emul_read_data.size : bytes);
>
> min()
Ack.
>> + if ( len )
>> + memcpy(p_data, curr->arch.vm_event.emul_read_data.data,
>> + curr->arch.vm_event.emul_read_data.size);
>
> Not len?
>
> And what happens to the portion of the read beyond "bytes" (in
> case that got reduced above)?
Yes, it should be len. I've been porting these patches from an older
version of Xen and somehow lost that in translation. I'll correct it in V2.
>> @@ -970,20 +990,38 @@ static int hvmemul_rep_movs(
>> if ( df )
>> dgpa -= bytes - bytes_per_rep;
>>
>> - /* Allocate temporary buffer. Fall back to slow emulation if this fails. */
>> - buf = xmalloc_bytes(bytes);
>> - if ( buf == NULL )
>> - return X86EMUL_UNHANDLEABLE;
>> + if ( unlikely(set_context) )
>> + {
>> + struct vcpu* curr = current;
>
> * and blank need to switch places.
Ack.
>> - /*
>> - * We do a modicum of checking here, just for paranoia's sake and to
>> - * definitely avoid copying an unitialised buffer into guest address space.
>> - */
>> - rc = hvm_copy_from_guest_phys(buf, sgpa, bytes);
>> - if ( rc == HVMCOPY_okay )
>> - rc = hvm_copy_to_guest_phys(dgpa, buf, bytes);
>> + bytes = bytes < curr->arch.vm_event.emul_read_data.size ?
>> + bytes : curr->arch.vm_event.emul_read_data.size;
>
> min() again.
Ack.
>> @@ -1107,6 +1171,22 @@ static int hvmemul_rep_stos(
>> }
>> }
>>
>> +static int hvmemul_rep_stos_set_context(
>> + void *p_data,
>> + enum x86_segment seg,
>> + unsigned long offset,
>> + unsigned int bytes_per_rep,
>> + unsigned long *reps,
>> + struct x86_emulate_ctxt *ctxt)
>> +{
>> + struct vcpu *curr = current;
>> + unsigned long local_reps = 1;
>> +
>> + return hvmemul_rep_stos(curr->arch.vm_event.emul_read_data.data, seg,
>> + offset, curr->arch.vm_event.emul_read_data.size,
>> + &local_reps, ctxt);
>> +}
>
> How come here you can get away by simply reducing *reps to 1? And
> considering this patch is about supplying read values - why is fiddling
> with STOS emulation necessary in the first place?
I got away with it because *reps is always one in our test scenario -
emulating instructions with the REP part disabled, as done here:
http://lists.xen.org/archives/html/xen-devel/2014-11/msg00243.html
But it's indeed not reasonable to assume that that is the case with all
users, so I'll have to rethink that.
>> +static const struct x86_emulate_ops hvm_emulate_ops_set_context = {
>> + .read = hvmemul_read_set_context,
>> + .insn_fetch = hvmemul_insn_fetch,
>> + .write = hvmemul_write,
>> + .cmpxchg = hvmemul_cmpxchg,
>
> How about this one?
>
>> + .rep_ins = hvmemul_rep_ins,
>> + .rep_outs = hvmemul_rep_outs,
>
> And this?
>
>> + .rep_movs = hvmemul_rep_movs_set_context,
>> + .rep_stos = hvmemul_rep_stos_set_context,
>> + .read_segment = hvmemul_read_segment,
>> + .write_segment = hvmemul_write_segment,
>> + .read_io = hvmemul_read_io,
>
> And this?
Yes, those require attention too. I thought those would use the read
function supplied, but I see now that I've been mislead by a comment
about __hvmemul_read() in hvmemul_cmpxchg().
>> +void hvm_mem_access_emulate_one(enum emul_kind kind, unsigned int trapnr,
>> unsigned int errcode)
>> {
>> struct hvm_emulate_ctxt ctx = {{ 0 }};
>> - int rc;
>> + int rc = X86EMUL_UNHANDLEABLE;
>>
>> hvm_emulate_prepare(&ctx, guest_cpu_user_regs());
>>
>> - if ( nowrite )
>> + switch ( kind ) {
>> + case EMUL_KIND_NOWRITE:
>> rc = hvm_emulate_one_no_write(&ctx);
>> - else
>> + break;
>> + case EMUL_KIND_NORMAL:
>> rc = hvm_emulate_one(&ctx);
>
> Mind having "NORMAL" as the first case in the switch()?
No problem, I'll change it.
>> --- a/xen/include/asm-x86/domain.h
>> +++ b/xen/include/asm-x86/domain.h
>> @@ -512,6 +513,7 @@ struct arch_vcpu
>> uint32_t emulate_flags;
>> unsigned long gpa;
>> unsigned long eip;
>> + struct vm_event_emul_read_data emul_read_data;
>
> Considering the size of this structure I don't think this should be
> there for all vCPU-s of all guests. IOW - please allocate this
> dynamically only on domains where it's needed.
Ack.
>> @@ -193,6 +200,11 @@ struct vm_event_xsetbv {
>> uint64_t value;
>> };
>>
>> +struct vm_event_emul_read_data {
>> + uint32_t size;
>> + uint8_t data[164];
>
> This number needs an explanation.
It's less than the size of the x86_regs and enough for all the cases
we've tested so far...
Thanks,
Razvan
next prev parent reply other threads:[~2015-05-08 16:49 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-06 17:12 [PATCH 0/5] Vm_event memory introspection helpers Razvan Cojocaru
2015-05-06 17:12 ` [PATCH 1/5] xen/vm_event: Added support for XSETBV events Razvan Cojocaru
2015-05-07 15:43 ` Tim Deegan
2015-05-07 17:44 ` Andrew Cooper
2015-05-07 18:03 ` Andrew Cooper
2015-05-08 6:18 ` Razvan Cojocaru
2015-05-08 7:31 ` Jan Beulich
2015-05-08 9:06 ` Razvan Cojocaru
2015-05-08 9:10 ` Andrew Cooper
[not found] ` <CAErYnsh=N9AvoKFUN+i2oyF_fyQhGY2u4wO=v6y7hXP-thXi+g@mail.gmail.com>
[not found] ` <554C9606.7070103@citrix.com>
2015-05-08 11:05 ` Tamas K Lengyel
2015-05-08 11:52 ` Jan Beulich
2015-05-08 12:09 ` Razvan Cojocaru
2015-05-08 12:39 ` Tamas K Lengyel
2015-05-08 12:21 ` Jan Beulich
2015-05-08 12:23 ` Razvan Cojocaru
2015-05-06 17:12 ` [PATCH 2/5] xen/vm_access: Support for memory-content hiding Razvan Cojocaru
2015-05-08 16:07 ` Jan Beulich
2015-05-08 16:49 ` Razvan Cojocaru [this message]
2015-05-08 23:34 ` Tamas K Lengyel
2015-05-09 6:55 ` Razvan Cojocaru
2015-05-09 8:33 ` Tamas K Lengyel
2015-05-09 15:11 ` Razvan Cojocaru
2015-05-11 7:50 ` Jan Beulich
2015-05-11 7:00 ` Jan Beulich
2015-06-08 10:02 ` Razvan Cojocaru
2015-06-08 10:20 ` Jan Beulich
2015-05-06 17:12 ` [PATCH 3/5] xen/vm_event: Support for guest-requested events Razvan Cojocaru
2015-05-07 17:05 ` Tamas K Lengyel
2015-05-07 17:43 ` Razvan Cojocaru
2015-05-08 11:00 ` Tamas K Lengyel
2015-05-08 16:16 ` Jan Beulich
2015-05-08 16:38 ` Razvan Cojocaru
2015-05-08 16:50 ` Andrew Cooper
2015-06-09 12:44 ` Razvan Cojocaru
2015-05-06 17:12 ` [PATCH 4/5] xen/vm_event: Deny MSR writes if refused by vm_event reply Razvan Cojocaru
2015-05-08 16:23 ` Jan Beulich
2015-05-08 17:05 ` Razvan Cojocaru
2015-05-11 7:03 ` Jan Beulich
2015-05-11 7:44 ` Razvan Cojocaru
2015-05-06 17:12 ` [PATCH 5/5] xen: Write CR0, CR3 and CR4 in arch_set_info_guest() Razvan Cojocaru
2015-05-13 12:11 ` Boris Ostrovsky
2015-05-15 15:57 ` Jan Beulich
2015-05-15 20:45 ` Razvan Cojocaru
2015-05-15 23:13 ` Andrew Cooper
2015-05-16 7:19 ` Razvan Cojocaru
2015-05-17 18:32 ` Tamas K Lengyel
2015-05-18 7:37 ` Razvan Cojocaru
2015-05-19 10:14 ` Tamas K Lengyel
2015-05-19 10:31 ` Jan Beulich
2015-05-19 10:45 ` Tamas K Lengyel
2015-05-19 13:45 ` Jan Beulich
2015-05-20 15:57 ` Tamas K Lengyel
2015-05-19 12:10 ` Razvan Cojocaru
2015-05-18 7:27 ` Jan Beulich
2015-05-18 7:58 ` Razvan Cojocaru
2015-05-18 8:05 ` Jan Beulich
2015-05-18 8:11 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=554CE8FC.5040305@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=Aravind.Gopalakrishnan@amd.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=eddie.dong@intel.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=kevin.tian@intel.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.