|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [RFC v1 0/7] x86/hvm: Start unifying VMEXIT and emulated paths
Hi, There are differences in instruction execution when coming from a VMEXIT vs a fully emulated path. This can result in subtle bugs, e.g. injecting #GP with trap rather than fault semantics. When using nested virt, these bugs may become security issues if it allows L2 to attack L1 (because L0 has done something unexpected). To fix this, we plan to unify the VMEXIT (fast) path and emulated instruction paths with everything going through the emulator but the fast path short-circuiting some parts. This patch series adds the basic infrastructure and converts two SVM VMEXITs: halt and read/write CR The other motivation to do this work is to arrange it so that there is only a single place where Xen needs to consider whether an instruction/event is something that L1 cares about. This is very much an RFC at this point so I'm mainly looking for feedback on the overall approach. Thanks, Ross Ross Lagerwall (7): x86/hvm: Move description into hvm_emulate_ctxt x86/hvm: Introduce hvm_emulate_one_ctxt x86/emul: Separate out instruction completion x86/hvm: Support a fast path during emulation x86/hvm: Move INSTR_* constants to hvm.h x86/svm: Use the emulator path for VMEXIT_HLT x86/svm: Use the emulator path for VMEXIT_CR* xen/arch/x86/hvm/emulate.c | 180 +++++++++++++++++++------ xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/io.c | 19 ++- xen/arch/x86/hvm/ioreq.c | 2 +- xen/arch/x86/hvm/svm/emulate.c | 6 +- xen/arch/x86/hvm/svm/svm.c | 52 +++---- xen/arch/x86/hvm/svm/svm.h | 30 +---- xen/arch/x86/hvm/vmx/realmode.c | 2 +- xen/arch/x86/include/asm/hvm/emulate.h | 13 ++ xen/arch/x86/include/asm/hvm/hvm.h | 31 +++++ xen/arch/x86/x86_emulate/x86_emulate.c | 48 ++++--- xen/arch/x86/x86_emulate/x86_emulate.h | 3 + 12 files changed, 252 insertions(+), 136 deletions(-) -- 2.53.0
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |