Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

At 04:49 -0700 on 16 Feb (1487220558), Jan Beulich wrote: > >>> On 16.02.17 at 12:14, wrote: > On 15.02.17 at 12:21, wrote: > >> At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: > >>> >>> On 14.02.17 at 18:33, wrote: > >>> >> TBD: Do

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

On Thu, Feb 16, 2017 at 04:49:18AM -0700, Jan Beulich wrote: > >>> On 16.02.17 at 12:14, wrote: > On 15.02.17 at 12:21, wrote: > >> At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: > >>> >>> On 14.02.17 at 18:33, wrote: > >>> >> TBD:

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 16.02.17 at 12:14, wrote: On 15.02.17 at 12:21, wrote: >> At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: >>> >>> On 14.02.17 at 18:33, wrote: >>> >> TBD: Do we really want to re-init the TSS every time we are about to >>> >>

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 15.02.17 at 12:21, wrote: > At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: >> >>> On 14.02.17 at 18:33, wrote: >> >> TBD: Do we really want to re-init the TSS every time we are about to >> >> use it? >> > >> > No - I think we should init it

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 15.02.17 at 12:21, wrote: > At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: >> >>> On 14.02.17 at 18:33, wrote: >> >> TBD: Do we really want to re-init the TSS every time we are about to >> >> use it? >> > >> > No - I think we should init it

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

At 01:18 -0700 on 15 Feb (1487121525), Jan Beulich wrote: > >>> On 14.02.17 at 18:33, wrote: > >> TBD: Do we really want to re-init the TSS every time we are about to > >> use it? > > > > No - I think we should init it when the guest writes the param(s) and > > leave it at

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

At 01:13 -0700 on 15 Feb (1487121231), Jan Beulich wrote: > >>> On 14.02.17 at 18:35, wrote: > > At 06:37 -0700 on 13 Feb (1486967832), Jan Beulich wrote: > >> >>> On 13.02.17 at 14:19, wrote: > >> > -tss = mem_alloc(128, 128); > >> > -memset(tss, 0,

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 14.02.17 at 16:48, wrote: > On 14/02/17 08:55, Jan Beulich wrote: > On 13.02.17 at 19:26, wrote: >>> On 13/02/17 13:19, Jan Beulich wrote: --- TBD: Do we really want to re-init the TSS every time we are about to

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 14.02.17 at 18:33, wrote: > Hi, > > At 06:19 -0700 on 13 Feb (1486966797), Jan Beulich wrote: >> The present way of setting this up is flawed: Leaving the I/O bitmap >> pointer at zero means that the interrupt redirection bitmap lives >> outside (ahead of) the allocated

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 14.02.17 at 18:35, wrote: > At 06:37 -0700 on 13 Feb (1486967832), Jan Beulich wrote: >> >>> On 13.02.17 at 14:19, wrote: >> > -tss = mem_alloc(128, 128); >> > -memset(tss, 0, 128); >> > +tss = mem_alloc(TSS_SIZE, TSS_SIZE); >> >> tss =

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

At 06:37 -0700 on 13 Feb (1486967832), Jan Beulich wrote: > >>> On 13.02.17 at 14:19, wrote: > > -tss = mem_alloc(128, 128); > > -memset(tss, 0, 128); > > +tss = mem_alloc(TSS_SIZE, TSS_SIZE); > > tss = mem_alloc(TSS_SIZE, 128); > > is sufficient here, as I've

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

Hi, At 06:19 -0700 on 13 Feb (1486966797), Jan Beulich wrote: > The present way of setting this up is flawed: Leaving the I/O bitmap > pointer at zero means that the interrupt redirection bitmap lives > outside (ahead of) the allocated space of the TSS. Similarly setting a > TSS limit of 255 when

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

On 14/02/17 08:55, Jan Beulich wrote: On 13.02.17 at 19:26, wrote: >> On 13/02/17 13:19, Jan Beulich wrote: >>> --- >>> TBD: Do we really want to re-init the TSS every time we are about to >>> use it? This can happen quite often during boot, especially while

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 13.02.17 at 19:26, wrote: > On 13/02/17 13:19, Jan Beulich wrote: >> --- >> TBD: Do we really want to re-init the TSS every time we are about to >> use it? This can happen quite often during boot, especially while >> grub is running. > > The only case

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

On 13/02/17 13:19, Jan Beulich wrote: > The present way of setting this up is flawed: Leaving the I/O bitmap > pointer at zero means that the interrupt redirection bitmap lives > outside (ahead of) the allocated space of the TSS. Similarly setting a > TSS limit of 255 when only 128 bytes get

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 13.02.17 at 14:37, wrote: On 13.02.17 at 14:19, wrote: >> --- a/tools/firmware/hvmloader/hvmloader.c >> +++ b/tools/firmware/hvmloader/hvmloader.c >> @@ -177,18 +177,30 @@ static void cmos_write_memory_size(void) >> } >> >> /* >> - * Set up

Re: [Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

>>> On 13.02.17 at 14:19, wrote: > --- a/tools/firmware/hvmloader/hvmloader.c > +++ b/tools/firmware/hvmloader/hvmloader.c > @@ -177,18 +177,30 @@ static void cmos_write_memory_size(void) > } > > /* > - * Set up an empty TSS area for virtual 8086 mode to use. > - * The

[Xen-devel] [PATCH] x86/VMX: sanitize VM86 TSS handling

The present way of setting this up is flawed: Leaving the I/O bitmap pointer at zero means that the interrupt redirection bitmap lives outside (ahead of) the allocated space of the TSS. Similarly setting a TSS limit of 255 when only 128 bytes get allocated means that 128 extra bytes may be