From patchwork Fri Jun 17 11:05:40 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wei Liu X-Patchwork-Id: 9183489 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 109F36075F for ; Fri, 17 Jun 2016 11:07:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 006D725E13 for ; Fri, 17 Jun 2016 11:07:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E97E92837A; Fri, 17 Jun 2016 11:07:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5861A2838A for ; Fri, 17 Jun 2016 11:07:48 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bDrat-0002WI-QH; Fri, 17 Jun 2016 11:05:47 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bDras-0002Vq-Ql for xen-devel@lists.xenproject.org; Fri, 17 Jun 2016 11:05:46 +0000 Received: from [85.158.139.211] by server-12.bemta-5.messagelabs.com id 17/8D-07320-A89D3675; Fri, 17 Jun 2016 11:05:46 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnkeJIrShJLcpLzFFi42JxWrohUrfzZnK 4wbzbihbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8bSVz2MBRuNK+4vZ21gbNPoYuTkkBDwl+i/ +50FxGYTUJb42dnLBmKLCOhJNB14ztjFyMXBLDCJUWLx1d1gCWEBP4mGB6eZQWwWAVWJ7dO6m EBsXgEniSlbp7JCDJWTOH/8J1gNp4CzxNs/J8EWCAHVHF3WwgxhK0h0TD8G1SsocXLmE7AaZg EJiYMvXgDVcADN4Zb4220/gZFvFpKqWUiqFjAyrWJUL04tKkst0jXTSyrKTM8oyU3MzNE1NDD Vy00tLk5MT81JTCrWS87P3cQIDCgGINjBOLXB+RCjJAeTkijv3HPJ4UJ8SfkplRmJxRnxRaU5 qcWHGGU4OJQkeO/fAMoJFqWmp1akZeYAQxsmLcHBoyTC+xQkzVtckJhbnJkOkTrFqCglzjsLJ CEAksgozYNrg8XTJUZZKWFeRqBDhHgKUotyM0tQ5V8xinMwKgnz7gGZwpOZVwI3/RXQYiagxZ rzwBaXJCKkpBoYNb49ZneaOG0Tw60ekZs1/ZNeaK/+6mih/ao7uWfC09cFLvMXTu/8skvmw67 WruY78vrT9gRf5WF6rxuVfzK08PQ0oT0q++yOXjy1a0ON/DePmJz8q8dP+Zs/WFmm21wTkMoh GhIeWv9cW0zNw2mB98dsAZE9Ogo8f3h5+cTfPl22mydEdX6+EktxRqKhFnNRcSIAcOa4oqICA AA= X-Env-Sender: prvs=969b43a07=wei.liu2@citrix.com X-Msg-Ref: server-12.tower-206.messagelabs.com!1466161542!9005078!3 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.46; banners=-,-,- X-VirusChecked: Checked Received: (qmail 26346 invoked from network); 17 Jun 2016 11:05:45 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-12.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 17 Jun 2016 11:05:45 -0000 X-IronPort-AV: E=Sophos;i="5.26,483,1459814400"; d="scan'208";a="361109675" From: Wei Liu To: Xen-devel Date: Fri, 17 Jun 2016 12:05:40 +0100 Message-ID: <1466161540-2159-3-git-send-email-wei.liu2@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1466161540-2159-1-git-send-email-wei.liu2@citrix.com> References: <1466161540-2159-1-git-send-email-wei.liu2@citrix.com> MIME-Version: 1.0 X-DLP: MIA1 Cc: Andrew Cooper , Wei Liu , Jan Beulich , Doug Goldstein Subject: [Xen-devel] [PATCH v2 2/2] xen: make available hvm_fep to non-debug build as well X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Originally hvm_fep was guarded by NDEBUG, which means it was only available to debug builds. However there is value to have it for non-debug builds as well. User can use that to run tests in setup that replicates production setup. Make it clear with a sync_console style warning that this option can't be used in production setup. Update command line documentation accordingly. Finally mark Xen as tainted when this option is enabled. Add a kconfig option under x86 to configure hvm_fep. Signed-off-by: Wei Liu --- Cc: Andrew Cooper Cc: Jan Beulich Cc: Doug Goldstein v2: 1. unsigned -> unsigned int 2. %d -> %u 3. Add spaces around "-" 4. Update warning message 5. Only taint hv when fep is used 6. Add kconfig option --- docs/misc/xen-command-line.markdown | 8 ++++++-- xen/arch/x86/Kconfig | 14 ++++++++++++++ xen/arch/x86/hvm/hvm.c | 28 ++++++++++++++++++++++++++-- xen/common/kernel.c | 6 ++++-- xen/include/asm-x86/hvm/hvm.h | 2 +- xen/include/xen/lib.h | 1 + 6 files changed, 52 insertions(+), 7 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index fed732c..dc53e24 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only. Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of arbitrary instructions. -This option is intended for development purposes, and is only available in -debug builds of the hypervisor. +This option is intended for development and testing purposes. + +*Warning* +As this feature opens up the instruction emulator to HVM guest, don't +use this in production system. No security support is provided when +this flag is set. ### hvm\_port80 > `= ` diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 73f79cc..5e3b04a 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -59,6 +59,20 @@ config BIGMEM If unsure, say N. +config HVM_FEP + bool "HVM Forced Emulation Prefix support" + default y + ---help--- + + Compiles in a feature that allows HVM guest to enter + instruction emulator with forced emulation prefix. + + This feature can only be enabled during boot time with + appropriate hypervisor command line option. Please read + hypervisor command line documentation before trying to use + this feature. + + If unsure, say Y. endmenu source "common/Kconfig" diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 78db903..373b78e 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -95,9 +96,9 @@ unsigned long __section(".bss.page_aligned") static bool_t __initdata opt_hap_enabled = 1; boolean_param("hap", opt_hap_enabled); -#ifndef opt_hvm_fep +#if CONFIG_HVM_FEP /* Permit use of the Forced Emulation Prefix in HVM guests */ -bool_t opt_hvm_fep; +bool_t __read_mostly opt_hvm_fep; boolean_param("hvm_fep", opt_hvm_fep); #endif @@ -182,6 +183,28 @@ static int __init hvm_enable(void) if ( !opt_altp2m_enabled ) hvm_funcs.altp2m_supported = 0; + if ( opt_hvm_fep ) + { + unsigned int i, j; + + printk("**********************************************\n"); + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS AVAILABLE\n"); + printk("******* This option is *ONLY* intended to aid testing of Xen.\n"); + printk("******* It has implications on the security of the system.\n"); + printk("******* Please *DO NOT* use this in production.\n"); + printk("**********************************************\n"); + for ( i = 0; i < 3; i++ ) + { + printk("%u... ", 3 - i); + for ( j = 0; j < 100; j++ ) + { + process_pending_softirqs(); + mdelay(10); + } + } + printk("\n"); + } + /* * Allow direct access to the PC debug ports 0x80 and 0xed (they are * often used for I/O delays, but the vmexits simply slow things down). @@ -3905,6 +3928,7 @@ void hvm_ud_intercept(struct cpu_user_regs *regs) { regs->eip += sizeof(sig); regs->eflags &= ~X86_EFLAGS_RF; + add_taint(TAINT_HVM_FEP); } } diff --git a/xen/common/kernel.c b/xen/common/kernel.c index dae7e35..5bf77aa 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -175,6 +175,7 @@ int __init parse_bool(const char *s) * 'M' - Machine had a machine check experience. * 'B' - System has hit bad_page. * 'C' - Console output is synchronous. + * 'H' - HVM forced emulation prefix is permitted. * * The string is overwritten by the next call to print_taint(). */ @@ -182,11 +183,12 @@ char *print_tainted(char *str) { if ( tainted ) { - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c", + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c", tainted & TAINT_UNSAFE_SMP ? 'S' : ' ', tainted & TAINT_MACHINE_CHECK ? 'M' : ' ', tainted & TAINT_BAD_PAGE ? 'B' : ' ', - tainted & TAINT_SYNC_CONSOLE ? 'C' : ' '); + tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ', + tainted & TAINT_HVM_FEP ? 'H' : ' '); } else { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index f486ee9..d2e0ae5 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -27,7 +27,7 @@ #include #include -#ifndef NDEBUG +#if CONFIG_HVM_FEP /* Permit use of the Forced Emulation Prefix in HVM guests */ extern bool_t opt_hvm_fep; #else diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1c652bb..b1b0fb2 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c); #define TAINT_BAD_PAGE (1<<2) #define TAINT_SYNC_CONSOLE (1<<3) #define TAINT_ERROR_INJECT (1<<4) +#define TAINT_HVM_FEP (1<<5) extern int tainted; #define TAINT_STRING_MAX_LEN 20 extern char *print_tainted(char *str);