From nobody Sat Mar 30 06:16:05 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1574769891; cv=none; d=zohomail.com; s=zohoarc; b=ZqOSwk4wCT4js3CjsuWG1FiQ1njHVfAIrAWV4krIA6v0nbS3zCMefmhLtFMYLLFPtRc8F2w7Hfy/Y2i/MnqpaZGiNDDv9uhhI2/9p/Qjl8uPgX5BCNMUoCEWiB4krO6d0gfUzmmQ9NEjSbAYmWE7X32GRhetSauHefTUYwM3kPg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1574769891; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mJYYP+dCj1shh+Aj2gnSLRj74m75oAbKUjJroQ8xAs4=; b=VV4eZk/pXKZQPz0GzUCBQ6f7TNSDXOUPY9OVhdnRMlGFY9PRYHWDWqG+rjZMnLBuo0UyHAiBagkXkFLHDkU1OGfCzeyj1N+1FK+jWhIJBhoYUQEQ7zswgTl+XadqY9STsVQGIpEQqg3vxkA8rLS5GWq10Zxemvr3ByTyu4J5Liw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1574769891557500.6942386907232; Tue, 26 Nov 2019 04:04:51 -0800 (PST) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZf-0002IX-7h; Tue, 26 Nov 2019 12:04:07 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZe-0002IN-4p for xen-devel@lists.xenproject.org; Tue, 26 Nov 2019 12:04:06 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d6ab1fa0-1044-11ea-a39f-12813bfff9fa; Tue, 26 Nov 2019 12:04:03 +0000 (UTC) X-Inumbo-ID: d6ab1fa0-1044-11ea-a39f-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1574769844; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=h/iuozQJW1O4FqIa7Nx7Z47sjsCmC5q0fa/egETCNg4=; b=DPuLksMhMtc0OcCt3RnoTyAk0lWzxcO6L9abpIsvCK0KLuUynrzkrXaF uYuoB9KU6Jy3cF39vqHucjE/0mDN/ROqp3yHMSQAhBfVtC2mEZs7MfqvT W67TA7pNc3C7IrgOyH7fiCGswske5/hXl7MUZ+92c3WwXZZgKOErloMDd g=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: vOS1mDKnpqUq8Q3PVtN6XQq/G/LQa8TQZFFs6es2KrXgmbPAZmIg8/bY0T60vnd0Ezm8KCbdNo hxf+QuL2tJoGriqF22iIDBTn+zhbmGJLHixWxVP2Mm9nIQBpgiM+bV48wH1WV7RfY25jW4Uzhc azfdziSavidJIIkRJcGATR0t60NGMcjA0wWhg7zxAIR3Yf+GmBDcSuU37WZyjCHiHXyFfSOi/i ybn8tV5u5ohu6W4IKynUntzroQh3RuzWHJaYlFUZf6EEW5P/+lZSJ8iZzYEI31d3Ew4sNpmTtl Pdk= X-SBRS: 2.7 X-MesageID: 8964952 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,245,1571716800"; d="scan'208";a="8964952" From: Andrew Cooper To: Xen-devel Date: Tue, 26 Nov 2019 12:03:55 +0000 Message-ID: <20191126120357.13398-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191126120357.13398-1-andrew.cooper3@citrix.com> References: <20191126120357.13398-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2 1/3] x86/vtx: Fix fault semantics for early task switch failures X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) The VT-x task switch handler adds inst_len to %rip before calling hvm_task_switch(), which is problematic in two ways: 1) Early faults (i.e. ones delivered in the context of the old task) get delivered with trap semantics, and break restartibility. 2) The addition isn't truncated to 32 bits. In the corner case of a task switch instruction crossing the 4G->0 boundary taking an early fault (w= ith trap semantics), a VMEntry failure will occur due to %rip being out of range. Instead, pass the instruction length into hvm_task_switch() and write it in= to the outgoing TSS only, leaving %rip in its original location. For now, pass 0 on the SVM side. This highlights a separate preexisting bug which will be addressed in the following patch. While adjusting call sites, drop the unnecessary uint16_t cast. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monn=C3=A9 Acked-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/hvm/hvm.c | 4 ++-- xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/include/asm-x86/hvm/hvm.h | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 818e705fd1..7f556171bd 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -2913,7 +2913,7 @@ void hvm_prepare_vm86_tss(struct vcpu *v, uint32_t ba= se, uint32_t limit) =20 void hvm_task_switch( uint16_t tss_sel, enum hvm_task_switch_reason taskswitch_reason, - int32_t errcode) + int32_t errcode, unsigned int insn_len) { struct vcpu *v =3D current; struct cpu_user_regs *regs =3D guest_cpu_user_regs(); @@ -2987,7 +2987,7 @@ void hvm_task_switch( if ( taskswitch_reason =3D=3D TSW_iret ) eflags &=3D ~X86_EFLAGS_NT; =20 - tss.eip =3D regs->eip; + tss.eip =3D regs->eip + insn_len; tss.eflags =3D eflags; tss.eax =3D regs->eax; tss.ecx =3D regs->ecx; diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 4eb6b0e4c7..049b800e20 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2794,7 +2794,7 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) */ vmcb->eventinj.bytes =3D 0; =20 - hvm_task_switch((uint16_t)vmcb->exitinfo1, reason, errcode); + hvm_task_switch(vmcb->exitinfo1, reason, errcode, 0); break; } =20 diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a71df71bc1..7450cbe40d 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3962,8 +3962,8 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(IDT_VECTORING_ERROR_CODE, &ecode); else ecode =3D -1; - regs->rip +=3D inst_len; - hvm_task_switch((uint16_t)exit_qualification, reasons[source], eco= de); + + hvm_task_switch(exit_qualification, reasons[source], ecode, inst_l= en); break; } case EXIT_REASON_CPUID: diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index f86af09898..4cce59bb31 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -297,7 +297,7 @@ void hvm_set_rdtsc_exiting(struct domain *d, bool_t ena= ble); enum hvm_task_switch_reason { TSW_jmp, TSW_iret, TSW_call_or_int }; void hvm_task_switch( uint16_t tss_sel, enum hvm_task_switch_reason taskswitch_reason, - int32_t errcode); + int32_t errcode, unsigned int insn_len); =20 enum hvm_access_type { hvm_access_insn_fetch, --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel From nobody Sat Mar 30 06:16:05 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1574769891; cv=none; d=zohomail.com; s=zohoarc; b=A1tlDEWmaHd/KYyOzKVwru+CBjyM8vYo64UQHNOeYDNPQ16L0nF4M8bhCO55LGjSrbJkxHEVs3caYVKqtaV6zcdS9KLPYrd7JiNHiqIHfxKApO1hpDok99k6EV2JbshWQmKd8k+9JL/RreyknjHxanw4e43Jy/BUYGRk330nOqg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1574769891; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=y6Kgpo4+Dg3xxWXQB2n4QF33av+wOpqg3DlGKxe2ldQ=; b=n0D0jWvxs3m+qMwqd1eQJaP/EpE2IUzmxDdDzDaCd77Maeq3/1QIzta1HYwY27U2RLWWrHVt11RGk1VMklb8K3fJbNq5njgYY2n1xWls5lRHU314JSqtPGqbKGQCaARNW1YYk+4iyWR+T6RKBZc9PMssei/a78xdgMgZSvIMjhQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1574769891166302.75814872539434; Tue, 26 Nov 2019 04:04:51 -0800 (PST) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZk-0002Jl-HN; Tue, 26 Nov 2019 12:04:12 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZj-0002JL-4r for xen-devel@lists.xenproject.org; Tue, 26 Nov 2019 12:04:11 +0000 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d75c578e-1044-11ea-a39f-12813bfff9fa; Tue, 26 Nov 2019 12:04:05 +0000 (UTC) X-Inumbo-ID: d75c578e-1044-11ea-a39f-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1574769844; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=z0BQyAZzrtw8uaXAaSm2GbQogs7IOyi4Cm93FA/1boI=; b=LObehewk3WKlPhPCAsRB9AEweFQe+C1YfIuk631Ox5qBNf8Qyrt5efZ5 yT6tgA+dnCfXzWDrYiLKsXqT0AzHdaVuw9ITYbHew0tY2Wp6Eoamp5cTv 8fONv8Bf3Y81HyLCQ+C1ERzz91I+Rdn3/gjdAZV2DZ+Y4LGoV0Km4Dn4V c=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: rE46jArJ2zZZIEwA7r2xQFkEcMre88cuRmGe7rdUShV8MG0WYORm6Ne3P6HcB4UrMDhIdl8LBP wOeuL50M78tatGqKNDxRdo6yDHo2Vltsz4GBk8rVkOMKcCNIHgUUpy/PbNfV12VXsjy9owkD6N EvofXvJB6mWxdoltFp5Nnn5Zx8gjSeCqwN2Rj94m4xIFgRkzF0R+yJsxRsBLHiGFJECCL0dIsu xpu6PQQ9wJG1IOWn6ix4uN4UZXFRDdO28PBM4UnEhMgAOYvOrmjS9ynWYkP4KWl+A2NCc9n9Rn pZw= X-SBRS: 2.7 X-MesageID: 9201411 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,245,1571716800"; d="scan'208";a="9201411" From: Andrew Cooper To: Xen-devel Date: Tue, 26 Nov 2019 12:03:56 +0000 Message-ID: <20191126120357.13398-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191126120357.13398-1-andrew.cooper3@citrix.com> References: <20191126120357.13398-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2 2/3] x86/svm: Always intercept ICEBP X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Petre Pircalabu , Juergen Gross , Tamas K Lengyel , Wei Liu , Razvan Cojocaru , Andrew Cooper , Jan Beulich , Alexandru Isaila , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) ICEBP isn't handled well by SVM. The VMexit state for a #DB-vectored TASK_SWITCH has %rip pointing to the appropriate instruction boundary (fault or trap, as appropriate), except for an ICEBP-induced #DB TASK_SWITCH, where %rip points at the ICEBP instruction rather than after it. As ICEBP isn't distinguished in the vectoring event type, the state is ambiguous. To add to the confusion, an ICEBP which occurs due to Introspection intercepting the instruction, or from x86_emulate() will have %rip updated = as a consequence of partial emulation required to inject an ICEBP event in the first place. We could in principle spot the non-injected case in the TASK_SWITCH handler, but this still results in complexity if the ICEBP instruction also has an Instruction Breakpoint active on it (which genuinely has fault semantics). Unconditionally intercept ICEBP. This does have a trap semantics for the intercept, and allows us to move %rip forwards appropriately before the TASK_SWITCH intercept is hit. This makes the behaviour of #DB-vectored switches consistent however the ICEBP #DB came about, and avoids special ca= ses in the TASK_SWITCH intercept. This in turn allows for the removal of the conditional hvm_set_icebp_interception() logic used by the monitor subsystem, as ICEBP's will now always be submitted for monitoring checks. Signed-off-by: Andrew Cooper Reviewed-by: Alexandru Isaila Reviewed-by: Jan Beulich Reviewed-by: Petre Pircalabu Reviewed-by: Roger Pau Monn=C3=A9 --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Razvan Cojocaru CC: Tamas K Lengyel CC: Alexandru Isaila CC: Petre Pircalabu CC: Juergen Gross v2: * New --- xen/arch/x86/hvm/svm/svm.c | 19 ------------------- xen/arch/x86/hvm/svm/vmcb.c | 2 +- xen/arch/x86/monitor.c | 3 --- xen/include/asm-x86/hvm/hvm.h | 11 ----------- 4 files changed, 1 insertion(+), 34 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 049b800e20..a7a79fcef7 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -173,24 +173,6 @@ static void svm_enable_msr_interception(struct domain = *d, uint32_t msr) svm_intercept_msr(v, msr, MSR_INTERCEPT_WRITE); } =20 -static void svm_set_icebp_interception(struct domain *d, bool enable) -{ - const struct vcpu *v; - - for_each_vcpu ( d, v ) - { - struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; - uint32_t intercepts =3D vmcb_get_general2_intercepts(vmcb); - - if ( enable ) - intercepts |=3D GENERAL2_INTERCEPT_ICEBP; - else - intercepts &=3D ~GENERAL2_INTERCEPT_ICEBP; - - vmcb_set_general2_intercepts(vmcb, intercepts); - } -} - static void svm_save_dr(struct vcpu *v) { struct vmcb_struct *vmcb =3D v->arch.hvm.svm.vmcb; @@ -2474,7 +2456,6 @@ static struct hvm_function_table __initdata svm_funct= ion_table =3D { .msr_read_intercept =3D svm_msr_read_intercept, .msr_write_intercept =3D svm_msr_write_intercept, .enable_msr_interception =3D svm_enable_msr_interception, - .set_icebp_interception =3D svm_set_icebp_interception, .set_rdtsc_exiting =3D svm_set_rdtsc_exiting, .set_descriptor_access_exiting =3D svm_set_descriptor_access_exiting, .get_insn_bytes =3D svm_get_insn_bytes, diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 71ee7102f7..1fef0da22c 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -73,7 +73,7 @@ static int construct_vmcb(struct vcpu *v) GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI | GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT | GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR | - GENERAL2_INTERCEPT_XSETBV; + GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP; =20 /* Intercept all debug-register writes. */ vmcb->_dr_intercepts =3D ~0u; diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index 3c42e21906..bbcb7536c7 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -301,9 +301,6 @@ int arch_monitor_domctl_event(struct domain *d, ad->monitor.debug_exception_sync =3D requested_status ? mop->u.debug_exception.sync : 0; - - hvm_set_icebp_interception(d, requested_status); - domain_unpause(d); break; } diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 4cce59bb31..17fb7efa6e 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -206,7 +206,6 @@ struct hvm_function_table { bool_t access_w, bool_t access_x); =20 void (*enable_msr_interception)(struct domain *d, uint32_t msr); - void (*set_icebp_interception)(struct domain *d, bool enable); bool_t (*is_singlestep_supported)(void); =20 /* Alternate p2m */ @@ -615,16 +614,6 @@ static inline bool_t hvm_enable_msr_interception(struc= t domain *d, uint32_t msr) return 0; } =20 -static inline bool hvm_set_icebp_interception(struct domain *d, bool enabl= e) -{ - if ( hvm_funcs.set_icebp_interception ) - { - hvm_funcs.set_icebp_interception(d, enable); - return true; - } - return false; -} - static inline bool_t hvm_is_singlestep_supported(void) { return (hvm_funcs.is_singlestep_supported && --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel From nobody Sat Mar 30 06:16:05 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1574769892; cv=none; d=zohomail.com; s=zohoarc; b=RpDheTb3h8N56SDxvhL5A2Ree9oAYVbxvYDmjKrwqMRWcqdiUbUWqE3IABPzRl/MEyHhPXSNrNIQP8EvFAsy5h/bR6Mn3jJcneHlgB3Zg2Mgm+Trtw5jdsrGLpku73t7d3exAvKAIZ0q6UdJ7zYaYM+CgmNvN7i/s137htaFjWo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1574769892; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9r7lVgiu/c3XBRfGltOlqZNjGPDA5gLIw9W19N6jvt4=; b=GOgjfYtcBZidpBtrVjdjh2MKpRUhC1IYo8FeqRG967qWYN85vykjHnjmJwIUgPrD2pJp+Y7eeMosGr9DC/aUbR4V4PBJcj6GizAKqwhZDKpjk9DVbROq97WsyPpQj3ZlSFpcp1fHiHi+KthXLTX7kNJ0xO82tmMKIox1Hrq9N00= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1574769892480156.10980566700835; Tue, 26 Nov 2019 04:04:52 -0800 (PST) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZp-0002Mc-S4; Tue, 26 Nov 2019 12:04:17 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZo-0002LN-4z for xen-devel@lists.xenproject.org; Tue, 26 Nov 2019 12:04:16 +0000 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d83f6c40-1044-11ea-a39f-12813bfff9fa; Tue, 26 Nov 2019 12:04:06 +0000 (UTC) X-Inumbo-ID: d83f6c40-1044-11ea-a39f-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1574769846; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BhPZm41Vu2fROuCch7KA7gvqbUYNgAh1qGpkFif/qBk=; b=bvjjW0eJInVwk3G9xcs9+a2sAB8YFraKP4UeTPig/fTItY4oYn1SckQr emBN2vhN3I0C07nUTYtJZYZPEPU5iQPmn9gHmBANocIYCtGDFc5RGKwp5 4dezPNYUg5+gAkyqxYMXxPqIJup2WT1BagKC7nyKTJ6YYIau3N3n81OGT s=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: O0XGsdYCNR11co3fT8gUXmS9eF+GfFM/ZJAt4hNKkTbix3gqoOwV4v1cN3DJPOD8P1VqeR/Da3 YqZpQNjsmn3byBkIEeBgyVuJr1SxuozQR1TXOB753Be3y07WUm6oIWLMgXPylU8dQGHK+QA5u3 ULXhRlSDojGvZDt63bcz8GZtPWsFhd6HqTa0aadpWD70r2MbTsfilJRqRniZpFcKm+W9CpPChy QQCs08O29VDJLEr6D2MXjlGElVrA++iuGOREjGGNHRTGbi0gVV5Fhh7J/ZpMLTUyycwF8PFx+N 7MI= X-SBRS: 2.7 X-MesageID: 9201415 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,245,1571716800"; d="scan'208";a="9201415" From: Andrew Cooper To: Xen-devel Date: Tue, 26 Nov 2019 12:03:57 +0000 Message-ID: <20191126120357.13398-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191126120357.13398-1-andrew.cooper3@citrix.com> References: <20191126120357.13398-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2 3/3] x86/svm: Write the correct %eip into the outgoing task X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Andrew Cooper , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) The TASK_SWITCH vmexit has fault semantics, and doesn't provide any NRIPs assistance with instruction length. As a result, any instruction-induced t= ask switch has the outgoing task's %eip pointing at the instruction switch caus= ed the switch, rather than after it. This causes callers of task gates to livelock (repeatedly execute the call/= jmp to enter the task), and any restartable task to become a nop after its first use (the (re)entry state points at the ret/iret used to exit the task). 32bit Windows in particular is known to use task gates for NMI handling, and to use NMI IPIs. In the task switch handler, distinguish instruction-induced from interrupt/exception-induced task switches, and decode the instruction under %rip to calculate its length. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Juergen Gross v2: * Correct ModRM calculation for Grp5. * Never inject #GP from svm_get_task_switch_insn_len(). Dump emul ctxt and jump to crash_or_fault from the caller. * Drop insn length for BOUND. It has fault semantics. * Cope with HW_EXCEPTION #BP/#OF which do need instruction length calculations. * Don't special case #DB --- xen/arch/x86/hvm/svm/emulate.c | 54 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/svm/svm.c | 58 +++++++++++++++++++++++++++++--= ---- xen/include/asm-x86/hvm/svm/emulate.h | 1 + 3 files changed, 103 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/svm/emulate.c b/xen/arch/x86/hvm/svm/emulate.c index 3e52592847..d586bad127 100644 --- a/xen/arch/x86/hvm/svm/emulate.c +++ b/xen/arch/x86/hvm/svm/emulate.c @@ -117,6 +117,60 @@ unsigned int svm_get_insn_len(struct vcpu *v, unsigned= int instr_enc) } =20 /* + * TASK_SWITCH vmexits never provide an instruction length. We must always + * decode under %rip to find the answer. + */ +unsigned int svm_get_task_switch_insn_len(void) +{ + struct hvm_emulate_ctxt ctxt; + struct x86_emulate_state *state; + unsigned int emul_len, modrm_reg; + + hvm_emulate_init_once(&ctxt, NULL, guest_cpu_user_regs()); + hvm_emulate_init_per_insn(&ctxt, NULL, 0); + state =3D x86_decode_insn(&ctxt.ctxt, hvmemul_insn_fetch); + if ( IS_ERR_OR_NULL(state) ) + return 0; + + emul_len =3D x86_insn_length(state, &ctxt.ctxt); + + /* + * Check for an instruction which can cause a task switch. Any far + * jmp/call/ret, any software interrupt/exception with trap semantics + * (except icebp - handled specially), and iret. + */ + switch ( ctxt.ctxt.opcode ) + { + case 0xff: /* Grp 5 */ + /* call / jmp (far, absolute indirect) */ + if ( (unsigned int)x86_insn_modrm(state, NULL, &modrm_reg) >=3D 3 = || + (modrm_reg !=3D 3 && modrm_reg !=3D 5) ) + { + default: + printk(XENLOG_G_WARNING "Bad instruction for task switch\n"); + hvm_dump_emulation_state(XENLOG_G_WARNING, "SVM Insn len", + &ctxt, X86EMUL_UNHANDLEABLE); + emul_len =3D 0; + break; + } + /* Fallthrough */ + case 0x9a: /* call (far, absolute) */ + case 0xca: /* ret imm16 (far) */ + case 0xcb: /* ret (far) */ + case 0xcc: /* int3 */ + case 0xcd: /* int imm8 */ + case 0xce: /* into */ + case 0xcf: /* iret */ + case 0xea: /* jmp (far, absolute) */ + break; + } + + x86_emulate_free_state(state); + + return emul_len; +} + +/* * Local variables: * mode: C * c-file-style: "BSD" diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a7a79fcef7..0fb1908c18 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2757,7 +2757,52 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) =20 case VMEXIT_TASK_SWITCH: { enum hvm_task_switch_reason reason; - int32_t errcode =3D -1; + int32_t errcode =3D -1, insn_len =3D -1; + + /* + * All TASK_SWITCH intercepts have fault-like semantics. NRIP is + * never provided, even for instruction-induced task switches, but= we + * need to know the instruction length in order to set %eip suitab= ly + * in the outgoing TSS. + * + * For a task switch which vectored through the IDT, look at the t= ype + * to distinguish interrupts/exceptions from instruction based + * switches. + */ + if ( vmcb->exitintinfo.fields.v ) + { + switch ( vmcb->exitintinfo.fields.type ) + { + /* + * #BP and #OF are from INT3/INTO respectively. #DB from + * ICEBP is handled specially, and already has fault + * semantics. + */ + case X86_EVENTTYPE_HW_EXCEPTION: + if ( vmcb->exitintinfo.fields.vector =3D=3D TRAP_int3 || + vmcb->exitintinfo.fields.vector =3D=3D TRAP_overflow ) + break; + /* Fallthrough */ + case X86_EVENTTYPE_EXT_INTR: + case X86_EVENTTYPE_NMI: + insn_len =3D 0; + break; + } + + /* + * The common logic above will have forwarded the vectoring + * information. Undo this as we are going to emulate. + */ + vmcb->eventinj.bytes =3D 0; + } + + /* + * insn_len being -1 indicates that we have an instruction-induced + * task switch. Decode under %rip to find its length. + */ + if ( insn_len < 0 && (insn_len =3D svm_get_task_switch_insn_len())= =3D=3D 0 ) + goto crash_or_fault; + if ( (vmcb->exitinfo2 >> 36) & 1 ) reason =3D TSW_iret; else if ( (vmcb->exitinfo2 >> 38) & 1 ) @@ -2767,15 +2812,7 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) if ( (vmcb->exitinfo2 >> 44) & 1 ) errcode =3D (uint32_t)vmcb->exitinfo2; =20 - /* - * Some processors set the EXITINTINFO field when the task switch - * is caused by a task gate in the IDT. In this case we will be - * emulating the event injection, so we do not want the processor - * to re-inject the original event! - */ - vmcb->eventinj.bytes =3D 0; - - hvm_task_switch(vmcb->exitinfo1, reason, errcode, 0); + hvm_task_switch(vmcb->exitinfo1, reason, errcode, insn_len); break; } =20 @@ -2972,6 +3009,7 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", " "exitinfo1 %#"PRIx64", exitinfo2 %#"PRIx64"\n", exit_reason, vmcb->exitinfo1, vmcb->exitinfo2); + crash_or_fault: svm_crash_or_fault(v); break; } diff --git a/xen/include/asm-x86/hvm/svm/emulate.h b/xen/include/asm-x86/hv= m/svm/emulate.h index 9af10061c5..eb1a8c24af 100644 --- a/xen/include/asm-x86/hvm/svm/emulate.h +++ b/xen/include/asm-x86/hvm/svm/emulate.h @@ -51,6 +51,7 @@ struct vcpu; =20 unsigned int svm_get_insn_len(struct vcpu *v, unsigned int instr_enc); +unsigned int svm_get_task_switch_insn_len(void); =20 #endif /* __ASM_X86_HVM_SVM_EMULATE_H__ */ =20 --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel