Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

>>> On 28.01.16 at 11:55, wrote: > On 28/01/16 09:42, Jan Beulich wrote: > On 27.01.16 at 20:13, wrote: >>> --- a/xen/arch/x86/hvm/svm/vmcb.c >>> +++ b/xen/arch/x86/hvm/svm/vmcb.c >>> @@ -192,6 +192,7 @@ static int construct_vmcb(struct vcpu *v) >>> >>> vmcb->_exception_intercepts = >>

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

On 28/01/16 09:42, Jan Beulich wrote: On 27.01.16 at 20:13, wrote: >> --- a/xen/arch/x86/hvm/svm/vmcb.c >> +++ b/xen/arch/x86/hvm/svm/vmcb.c >> @@ -192,6 +192,7 @@ static int construct_vmcb(struct vcpu *v) >> >> vmcb->_exception_intercepts = >> HVM_TRAP_MASK >> +| (opt

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

>>> On 27.01.16 at 20:13, wrote: > --- a/xen/arch/x86/hvm/svm/vmcb.c > +++ b/xen/arch/x86/hvm/svm/vmcb.c > @@ -192,6 +192,7 @@ static int construct_vmcb(struct vcpu *v) > > vmcb->_exception_intercepts = > HVM_TRAP_MASK > +| (opt_hvm_fep ? (1U << TRAP_invalid_op) : 0) >

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

On Wed, Jan 27, 2016 at 07:57:00PM +, Andrew Cooper wrote: > On 27/01/2016 19:52, Konrad Rzeszutek Wilk wrote: > >> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c > >> index 674feea..7a15d49 100644 > >> --- a/xen/arch/x86/hvm/hvm.c > >> +++ b/xen/arch/x86/hvm/hvm.c > >> @@ -93,12

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

On 27/01/2016 19:52, Konrad Rzeszutek Wilk wrote: >> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c >> index 674feea..7a15d49 100644 >> --- a/xen/arch/x86/hvm/hvm.c >> +++ b/xen/arch/x86/hvm/hvm.c >> @@ -93,12 +93,10 @@ unsigned long __section(".bss.page_aligned") >> static bool_t __

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c > index 674feea..7a15d49 100644 > --- a/xen/arch/x86/hvm/hvm.c > +++ b/xen/arch/x86/hvm/hvm.c > @@ -93,12 +93,10 @@ unsigned long __section(".bss.page_aligned") > static bool_t __initdata opt_hap_enabled = 1; > boolean_param("hap", op

Re: [Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

On 01/27/2016 02:13 PM, Andrew Cooper wrote: c/s 0f1cb96e "x86 hvm: Allow cross-vendor migration" caused HVM domains to unconditionally intercept #UD exceptions. While cross-vendor migration is cool as a demo, it is extremely niche. Intercepting #UD allows userspace code in a multi-vcpu guest t

[Xen-devel] [PATCH v2 2/2] x86/hvm: Don't intercept #UD exceptions in general

c/s 0f1cb96e "x86 hvm: Allow cross-vendor migration" caused HVM domains to unconditionally intercept #UD exceptions. While cross-vendor migration is cool as a demo, it is extremely niche. Intercepting #UD allows userspace code in a multi-vcpu guest to execute arbitrary instructions in the x86 emu