Hi,

There are differences in instruction execution when coming from a VMEXIT
vs a fully emulated path. This can result in subtle bugs, e.g. injecting
#GP with trap rather than fault semantics. When using nested virt, these
bugs may become security issues if it allows L2 to attack L1 (because
L0 has done something unexpected).

To fix this, we plan to unify the VMEXIT (fast) path and emulated
instruction paths with everything going through the emulator but the
fast path short-circuiting some parts. This patch series adds the basic
infrastructure and converts two SVM VMEXITs: halt and read/write CR

The other motivation to do this work is to arrange it so that there is only
a single place where Xen needs to consider whether an instruction/event
is something that L1 cares about.

This is very much an RFC at this point so I'm mainly looking for
feedback on the overall approach.

Thanks,
Ross

Ross Lagerwall (7):
  x86/hvm: Move description into hvm_emulate_ctxt
  x86/hvm: Introduce hvm_emulate_one_ctxt
  x86/emul: Separate out instruction completion
  x86/hvm: Support a fast path during emulation
  x86/hvm: Move INSTR_* constants to hvm.h
  x86/svm: Use the emulator path for VMEXIT_HLT
  x86/svm: Use the emulator path for VMEXIT_CR*

 xen/arch/x86/hvm/emulate.c             | 180 +++++++++++++++++++------
 xen/arch/x86/hvm/hvm.c                 |   2 +-
 xen/arch/x86/hvm/io.c                  |  19 ++-
 xen/arch/x86/hvm/ioreq.c               |   2 +-
 xen/arch/x86/hvm/svm/emulate.c         |   6 +-
 xen/arch/x86/hvm/svm/svm.c             |  52 +++----
 xen/arch/x86/hvm/svm/svm.h             |  30 +----
 xen/arch/x86/hvm/vmx/realmode.c        |   2 +-
 xen/arch/x86/include/asm/hvm/emulate.h |  13 ++
 xen/arch/x86/include/asm/hvm/hvm.h     |  31 +++++
 xen/arch/x86/x86_emulate/x86_emulate.c |  48 ++++---
 xen/arch/x86/x86_emulate/x86_emulate.h |   3 +
 12 files changed, 252 insertions(+), 136 deletions(-)

-- 
2.53.0