Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-04 Thread Andrew Cooper
On 04/01/17 10:10, Tim Deegan wrote: > At 02:22 -0700 on 04 Jan (1483496577), Jan Beulich wrote: > On 03.01.17 at 18:29, wrote: >>> On 03/01/17 16:19, Jan Beulich wrote: >>> On 03.01.17 at 16:22, wrote: > On 03/01/17 13:10, Jan

Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-04 Thread Tim Deegan
At 02:22 -0700 on 04 Jan (1483496577), Jan Beulich wrote: > >>> On 03.01.17 at 18:29, wrote: > > On 03/01/17 16:19, Jan Beulich wrote: > > On 03.01.17 at 16:22, wrote: > >>> On 03/01/17 13:10, Jan Beulich wrote: > ---

Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-04 Thread Jan Beulich
>>> On 03.01.17 at 18:29, wrote: > On 03/01/17 16:19, Jan Beulich wrote: > On 03.01.17 at 16:22, wrote: >>> On 03/01/17 13:10, Jan Beulich wrote: --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -1039,6

Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-03 Thread Andrew Cooper
On 03/01/17 16:19, Jan Beulich wrote: On 03.01.17 at 16:22, wrote: >> On 03/01/17 13:10, Jan Beulich wrote: >>> --- a/xen/arch/x86/hvm/emulate.c >>> +++ b/xen/arch/x86/hvm/emulate.c >>> @@ -1039,6 +1039,17 @@ static int hvmemul_cmpxchg( >>> return

Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-03 Thread Jan Beulich
>>> On 03.01.17 at 16:22, wrote: > On 03/01/17 13:10, Jan Beulich wrote: >> --- a/xen/arch/x86/hvm/emulate.c >> +++ b/xen/arch/x86/hvm/emulate.c >> @@ -1039,6 +1039,17 @@ static int hvmemul_cmpxchg( >> return hvmemul_write(seg, offset, p_new, bytes, ctxt); >> } >>

Re: [Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-03 Thread Andrew Cooper
On 03/01/17 13:10, Jan Beulich wrote: > Most invocations of the instruction emulator are for VM exits where the > set of legitimate instructions (i.e. ones capable of causing the > respective exit) is rather small. Restrict the permitted sets via a new > callback, at once eliminating the abuse of

[Xen-devel] [PATCH] x86/HVM: restrict permitted instructions during special purpose emulation

2017-01-03 Thread Jan Beulich
Most invocations of the instruction emulator are for VM exits where the set of legitimate instructions (i.e. ones capable of causing the respective exit) is rather small. Restrict the permitted sets via a new callback, at once eliminating the abuse of handle_mmio() for non-MMIO operations.