Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-09 Thread Andrew Cooper
On 09/10/17 14:26, Jan Beulich wrote: > >>> (NB: put_rep_prefix() is what allows >>> complete_insn to be reached with rc set to other than X86EMUL_OKAY or >>> X86EMUL_DONE. See also commit 53f87c03b4 ["x86emul: generalize >>> exception handling for rep_* hooks"].) >>> >>> Add assert()-s for all ot

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-09 Thread Jan Beulich
>>> On 09.10.17 at 14:54, wrote: > On 25/09/17 15:26, George Dunlap wrote: >> From: Jan Beulich >> >> fuzz_insn_fetch() is the only data access helper where it is possible >> to see offsets larger than 4Gb in 16- or 32-bit modes, as we leave the >> incoming rIP untouched in the emulator itself. >

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-09 Thread Andrew Cooper
On 25/09/17 15:26, George Dunlap wrote: > From: Jan Beulich > > fuzz_insn_fetch() is the only data access helper where it is possible > to see offsets larger than 4Gb in 16- or 32-bit modes, as we leave the > incoming rIP untouched in the emulator itself. Is it reasonable to tolerate this?  AFAIC

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-09 Thread Jan Beulich
>>> On 06.10.17 at 19:06, wrote: > On 10/06/2017 04:54 PM, Jan Beulich wrote: > On 06.10.17 at 17:21, wrote: >>> On Mon, Sep 25, 2017 at 3:26 PM, George Dunlap >>> wrote: > One more thing: > >> @@ -1249,10 +1249,10 @@ static void __put_rep_prefix( >> >> /* Clip maximum repetitions so that

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-06 Thread George Dunlap
On 10/06/2017 04:54 PM, Jan Beulich wrote: On 06.10.17 at 17:21, wrote: >> On Mon, Sep 25, 2017 at 3:26 PM, George Dunlap >> wrote: >>> From: Jan Beulich >>> >>> fuzz_insn_fetch() is the only data access helper where it is possible >>> to see offsets larger than 4Gb in 16- or 32-bit modes,

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-06 Thread Jan Beulich
>>> On 06.10.17 at 17:21, wrote: > On Mon, Sep 25, 2017 at 3:26 PM, George Dunlap > wrote: >> From: Jan Beulich >> >> fuzz_insn_fetch() is the only data access helper where it is possible >> to see offsets larger than 4Gb in 16- or 32-bit modes, as we leave the >> incoming rIP untouched in the

Re: [Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-10-06 Thread George Dunlap
On Mon, Sep 25, 2017 at 3:26 PM, George Dunlap wrote: > From: Jan Beulich > > fuzz_insn_fetch() is the only data access helper where it is possible > to see offsets larger than 4Gb in 16- or 32-bit modes, as we leave the > incoming rIP untouched in the emulator itself. The check is needed here >

[Xen-devel] [PATCH v2 01/13] x86emul/fuzz: add rudimentary limit checking

2017-09-25 Thread George Dunlap
From: Jan Beulich fuzz_insn_fetch() is the only data access helper where it is possible to see offsets larger than 4Gb in 16- or 32-bit modes, as we leave the incoming rIP untouched in the emulator itself. The check is needed here as otherwise, after successfully fetching insn bytes, we may end u