From patchwork Tue Nov 26 12:03:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11262015 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 894366C1 for ; Tue, 26 Nov 2019 12:05:06 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 661DB2073F for ; Tue, 26 Nov 2019 12:05:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="LObehewk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 661DB2073F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZk-0002Jl-HN; Tue, 26 Nov 2019 12:04:12 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iZZZj-0002JL-4r for xen-devel@lists.xenproject.org; Tue, 26 Nov 2019 12:04:11 +0000 X-Inumbo-ID: d75c578e-1044-11ea-a39f-12813bfff9fa Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d75c578e-1044-11ea-a39f-12813bfff9fa; Tue, 26 Nov 2019 12:04:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1574769844; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=z0BQyAZzrtw8uaXAaSm2GbQogs7IOyi4Cm93FA/1boI=; b=LObehewk3WKlPhPCAsRB9AEweFQe+C1YfIuk631Ox5qBNf8Qyrt5efZ5 yT6tgA+dnCfXzWDrYiLKsXqT0AzHdaVuw9ITYbHew0tY2Wp6Eoamp5cTv 8fONv8Bf3Y81HyLCQ+C1ERzz91I+Rdn3/gjdAZV2DZ+Y4LGoV0Km4Dn4V c=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: rE46jArJ2zZZIEwA7r2xQFkEcMre88cuRmGe7rdUShV8MG0WYORm6Ne3P6HcB4UrMDhIdl8LBP wOeuL50M78tatGqKNDxRdo6yDHo2Vltsz4GBk8rVkOMKcCNIHgUUpy/PbNfV12VXsjy9owkD6N EvofXvJB6mWxdoltFp5Nnn5Zx8gjSeCqwN2Rj94m4xIFgRkzF0R+yJsxRsBLHiGFJECCL0dIsu xpu6PQQ9wJG1IOWn6ix4uN4UZXFRDdO28PBM4UnEhMgAOYvOrmjS9ynWYkP4KWl+A2NCc9n9Rn pZw= X-SBRS: 2.7 X-MesageID: 9201411 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,245,1571716800"; d="scan'208";a="9201411" From: Andrew Cooper To: Xen-devel Date: Tue, 26 Nov 2019 12:03:56 +0000 Message-ID: <20191126120357.13398-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191126120357.13398-1-andrew.cooper3@citrix.com> References: <20191126120357.13398-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2 2/3] x86/svm: Always intercept ICEBP X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Petre Pircalabu , Juergen Gross , Tamas K Lengyel , Wei Liu , Razvan Cojocaru , Andrew Cooper , Jan Beulich , Alexandru Isaila , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" ICEBP isn't handled well by SVM. The VMexit state for a #DB-vectored TASK_SWITCH has %rip pointing to the appropriate instruction boundary (fault or trap, as appropriate), except for an ICEBP-induced #DB TASK_SWITCH, where %rip points at the ICEBP instruction rather than after it. As ICEBP isn't distinguished in the vectoring event type, the state is ambiguous. To add to the confusion, an ICEBP which occurs due to Introspection intercepting the instruction, or from x86_emulate() will have %rip updated as a consequence of partial emulation required to inject an ICEBP event in the first place. We could in principle spot the non-injected case in the TASK_SWITCH handler, but this still results in complexity if the ICEBP instruction also has an Instruction Breakpoint active on it (which genuinely has fault semantics). Unconditionally intercept ICEBP. This does have a trap semantics for the intercept, and allows us to move %rip forwards appropriately before the TASK_SWITCH intercept is hit. This makes the behaviour of #DB-vectored switches consistent however the ICEBP #DB came about, and avoids special cases in the TASK_SWITCH intercept. This in turn allows for the removal of the conditional hvm_set_icebp_interception() logic used by the monitor subsystem, as ICEBP's will now always be submitted for monitoring checks. Signed-off-by: Andrew Cooper Reviewed-by: Alexandru Isaila Reviewed-by: Petre Pircalabu Reviewed-by: Jan Beulich Reviewed-by: Roger Pau Monné --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monné CC: Razvan Cojocaru CC: Tamas K Lengyel CC: Alexandru Isaila CC: Petre Pircalabu CC: Juergen Gross v2: * New --- xen/arch/x86/hvm/svm/svm.c | 19 ------------------- xen/arch/x86/hvm/svm/vmcb.c | 2 +- xen/arch/x86/monitor.c | 3 --- xen/include/asm-x86/hvm/hvm.h | 11 ----------- 4 files changed, 1 insertion(+), 34 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 049b800e20..a7a79fcef7 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -173,24 +173,6 @@ static void svm_enable_msr_interception(struct domain *d, uint32_t msr) svm_intercept_msr(v, msr, MSR_INTERCEPT_WRITE); } -static void svm_set_icebp_interception(struct domain *d, bool enable) -{ - const struct vcpu *v; - - for_each_vcpu ( d, v ) - { - struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; - uint32_t intercepts = vmcb_get_general2_intercepts(vmcb); - - if ( enable ) - intercepts |= GENERAL2_INTERCEPT_ICEBP; - else - intercepts &= ~GENERAL2_INTERCEPT_ICEBP; - - vmcb_set_general2_intercepts(vmcb, intercepts); - } -} - static void svm_save_dr(struct vcpu *v) { struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; @@ -2474,7 +2456,6 @@ static struct hvm_function_table __initdata svm_function_table = { .msr_read_intercept = svm_msr_read_intercept, .msr_write_intercept = svm_msr_write_intercept, .enable_msr_interception = svm_enable_msr_interception, - .set_icebp_interception = svm_set_icebp_interception, .set_rdtsc_exiting = svm_set_rdtsc_exiting, .set_descriptor_access_exiting = svm_set_descriptor_access_exiting, .get_insn_bytes = svm_get_insn_bytes, diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c index 71ee7102f7..1fef0da22c 100644 --- a/xen/arch/x86/hvm/svm/vmcb.c +++ b/xen/arch/x86/hvm/svm/vmcb.c @@ -73,7 +73,7 @@ static int construct_vmcb(struct vcpu *v) GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI | GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT | GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR | - GENERAL2_INTERCEPT_XSETBV; + GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP; /* Intercept all debug-register writes. */ vmcb->_dr_intercepts = ~0u; diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index 3c42e21906..bbcb7536c7 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -301,9 +301,6 @@ int arch_monitor_domctl_event(struct domain *d, ad->monitor.debug_exception_sync = requested_status ? mop->u.debug_exception.sync : 0; - - hvm_set_icebp_interception(d, requested_status); - domain_unpause(d); break; } diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 4cce59bb31..17fb7efa6e 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -206,7 +206,6 @@ struct hvm_function_table { bool_t access_w, bool_t access_x); void (*enable_msr_interception)(struct domain *d, uint32_t msr); - void (*set_icebp_interception)(struct domain *d, bool enable); bool_t (*is_singlestep_supported)(void); /* Alternate p2m */ @@ -615,16 +614,6 @@ static inline bool_t hvm_enable_msr_interception(struct domain *d, uint32_t msr) return 0; } -static inline bool hvm_set_icebp_interception(struct domain *d, bool enable) -{ - if ( hvm_funcs.set_icebp_interception ) - { - hvm_funcs.set_icebp_interception(d, enable); - return true; - } - return false; -} - static inline bool_t hvm_is_singlestep_supported(void) { return (hvm_funcs.is_singlestep_supported &&