Received: by 10.213.65.68 with SMTP id h4csp442014imn;
        Tue, 27 Mar 2018 02:12:27 -0700 (PDT)
X-Google-Smtp-Source: AG47ELulNNgSzMYOrQSlHdJEBcNLaUTzQD1SdGjlyqmeLMvcLZKgMT4WPnCv48jcSgbSOSo6o0dQ
X-Received: by 10.99.132.72 with SMTP id k69mr30939679pgd.367.1522141947600;
        Tue, 27 Mar 2018 02:12:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522141947; cv=none;
        d=google.com; s=arc-20160816;
        b=lXZIxjDjXopVhjOlF1wbEDnzzv6u3T2KuOWpmW88HiAiYkFVDJ3TlMuUj71gowtk/i
         HvgHnyISt4xL7BXzIYKT1W1AkH64Qm35pUqWzSX1PcaVuvYZQ3nFXY5jaUqfixoWTS6X
         4HMIkhPobcUdjI3AInlvrpanMzz4zdefAfCiGqsS0rnCwjfzux7wtnj6zbhqoSXhs0lq
         3yMJDHL+82BzxgLuG00gLaXsSr600SJlGDWbZ1uGHXAuM2f/YfZeMo/5WWMwRVxZ5mGf
         XTLB1tYj+aeI4Durq9CW9RDuQuPxCH6+FRgI6uopZoFmY6HjnZ1mbDMjwi+mB0SAYhSx
         oDNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=e2zUAEaFiEUTR0bUY4vJAyWNJ+RFXfmF4dXf9MdLWHU=;
        b=wyr2iu8LVyRjld0CYIste3IpIaHVcOg11lwfoRvrKdcsHa3EhnlylENDxRnWvzs4Cg
         H30OIggjjUdK2WdHl3AprbgUDOM0La0qc8/6GJH4ZcUxLdKJLt+09SEX9HMQyyKzF51N
         hhIJb62GX3AiEvSTM1T7X7/ungvN1U8c+r7s1ZUePzqICBkKLvX0vsHIf3sa35DxZRH4
         QNXDeCXz4H+CEtCtH0ZeI7s5VbWV/Qpf4ise5Os4siQzCgqB2UAJdp7dDVSgOo/kucAP
         1tYx4dNshPDTYYcbxlD2Da51gYLsYBM3P51gBBW4mxQ/IcTDd/hRCvJK53DtM3eb7NeX
         FIUQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=V6wNk+qt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w6-v6si700223plp.547.2018.03.27.02.12.13;
        Tue, 27 Mar 2018 02:12:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=V6wNk+qt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752392AbeC0JKS (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Tue, 27 Mar 2018 05:10:18 -0400
Received: from mail-oi0-f65.google.com ([209.85.218.65]:39196 "EHLO
        mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752331AbeC0JKB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Mar 2018 05:10:01 -0400
Received: by mail-oi0-f65.google.com with SMTP id q71-v6so18545934oic.6;
        Tue, 27 Mar 2018 02:10:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=e2zUAEaFiEUTR0bUY4vJAyWNJ+RFXfmF4dXf9MdLWHU=;
        b=V6wNk+qtwsj3XLNx1rD5OwqAcOIMBVquBcJY5pfH/2aRUO01+F18V6M29nYo+QXgCE
         rumIk/v7O2gyfW1UgmYCMXxiah8j3iG/pTSCXHbzQyGPorH8A6QPXmB7YnX7hsQrFHtA
         NI00G1ThswHNOl+iXW/1wzBW7XJSCX4CXaJ+qML2Q8gJ4UWtE5E184xDsPUCHkjKiupo
         /Ss5YbqVDdPquYXkE9eyIDh14G2mKzG2sFJeXqEw6UKn0UQaerRxERL+bETEpATvS5NV
         cc7aD8MwEGUKpN7JgiWN52IsbEma9yIvkemDt83LLNMQOrre3mLt0fV9BqeykR4SL0QD
         CX1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=e2zUAEaFiEUTR0bUY4vJAyWNJ+RFXfmF4dXf9MdLWHU=;
        b=WeDNf+6jFKYhYbSB8bPiqojBHQuznRFlIMonl90M0/UnuqKwToaekn6ZE3xvngOPAT
         eczDPrU4A8MLHt2I92x0k+I5xQ7w+f7ME0aXo8Jcoyk5L10V81lgFPTXL05fmx9LYGSI
         gzKc+vBp4PHKiECTGM5/7qghfG39KFZWywffeL6W3VeuA6eYY81N5vpJHq5xJ6Th8X9i
         DU0xj5VbTYj+TNsJK3zkC1oZGXs1Rewwplo625LlN5l8dHqFft7eMz0fgyOoEGqWTYnG
         /p0h+bW7oebRnDTAccEkimd5AQjvd73YcX+E/E7n2QS++TcXfT/jDQkgzQgT5NvSYTFS
         Sitw==
X-Gm-Message-State: AElRT7HegjuF0NJk/2LJ4yEwBal0m0dnu753+XOtNhFq34rRFuQpaH4+
        Q5IJyVdca3DjbJZCL7YvO3rsEc4sHRPlWmt71sA=
X-Received: by 10.202.27.26 with SMTP id b26mr11085659oib.119.1522141800161;
 Tue, 27 Mar 2018 02:10:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.210.78 with HTTP; Tue, 27 Mar 2018 02:09:59 -0700 (PDT)
In-Reply-To: <76d08635-59da-4399-bc35-f99a00236725@default>
References: <76d08635-59da-4399-bc35-f99a00236725@default>
From:   Wanpeng Li <kernellwp@gmail.com>
Date:   Tue, 27 Mar 2018 17:09:59 +0800
Message-ID: <CANRm+CwLU0rHoAEfoGbWPb2xPF7RLQgytFoSr4WVRopRjR_SOQ@mail.gmail.com>
Subject: Re: [PATCH 2/2] KVM: VMX: Add Force Emulation Prefix for "emulate the
 next instruction"
To:     Liran Alon <liran.alon@oracle.com>
Cc:     Radim Krcmar <rkrcmar@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Andrew Cooper <andrew.cooper3@citrix.com>,
        kvm <kvm@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

2018-03-27 15:52 GMT+08:00 Liran Alon <liran.alon@oracle.com>:
>
> ----- kernellwp@gmail.com wrote:
>
>> From: Wanpeng Li <wanpengli@tencent.com>
>>
>> This patch introduces a Force Emulation Prefix (ud2a; .ascii "kvm")
>> for
>> "emulate the next instruction", the codes will be executed by emulator
>>
>> instead of processor, for testing purposes.
>
> I think this should be better explained in commit message.
> We should explain that there is no easy way to force KVM to run an
> instruction through the emulator (by design as that will expose the
> x86 emulator as a significant attack-surface).
> However, we do wish to expose the x86 emulator in case we are testing it
> (e.g. via kvm-unit-tests). Therefore, this patch adds a "force emulation =
prefix"
> that is designed to raise #UD which KVM will trap and it's #UD exit-handl=
er will
> match "force emulation prefix" to run instruction after prefix by the x86=
 emulator.
> To not expose the x86 emulator by default, we add a module parameter that=
 should be
> off by default.

This commit message looks good, I'm too lazy to write a new one, will
reference. :)

Regards,
Wanpeng Li

>
>>
>> A testcase here:
>>
>> #include <stdio.h>
>> #include <string.h>
>>
>> #define HYPERVISOR_INFO 0x40000000
>>
>> #define CPUID(idx, eax, ebx, ecx, edx)\
>>     asm volatile (\
>>     "ud2a; .ascii \"kvm\"; 1: cpuid" \
>>     :"=3Db" (*ebx), "=3Da" (*eax),"=3Dc" (*ecx), "=3Dd" (*edx)\
>>         :"0"(idx) );
>>
>> void main()
>> {
>>       unsigned int eax,ebx,ecx,edx;
>>       char string[13];
>>
>>       CPUID(HYPERVISOR_INFO, &eax, &ebx, &ecx, &edx);
>>       *(unsigned int *)(string+0) =3D ebx;
>>       *(unsigned int *)(string+4) =3D ecx;
>>       *(unsigned int *)(string+8) =3D edx;
>>
>>       string[12] =3D 0;
>>       if (strncmp(string, "KVMKVMKVM\0\0\0",12) =3D=3D 0)
>>               printf("kvm guest\n");
>>       else
>>               printf("bare hardware\n");
>> }
>>
>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 <rkrcmar@redhat.com>
>> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>> Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
>> ---
>>  arch/x86/kvm/vmx.c | 18 +++++++++++++++++-
>>  1 file changed, 17 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 0f99833..90abed8 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -108,6 +108,9 @@ module_param_named(enable_shadow_vmcs,
>> enable_shadow_vmcs, bool, S_IRUGO);
>>  static bool __read_mostly nested =3D 0;
>>  module_param(nested, bool, S_IRUGO);
>>
>> +static bool __read_mostly fep =3D 0;
>> +module_param(fep, bool, S_IRUGO);
>
> I think this module parameter should have a better name...
> Why not "emulation_prefix" or "enable_emulation_prefix"?
> This short names just confuse the average user.
> It makes him think it is some kind of Intel VT-x technology
> that he isn't aware of :P
>
> In addition, I think this module parameter should be in kvm module
> (not kvm_intel) and you should add similar logic to kvm_amd module (SVM)
>
>> +
>>  static u64 __read_mostly host_xss;
>>
>>  static bool __read_mostly enable_pml =3D 1;
>> @@ -6218,8 +6221,21 @@ static int handle_machine_check(struct kvm_vcpu
>> *vcpu)
>>  static int handle_ud(struct kvm_vcpu *vcpu)
>>  {
>>       enum emulation_result er;
>> +     int emulation_type =3D EMULTYPE_TRAP_UD;
>> +
>> +     if (fep) {
>> +             char sig[5]; /* ud2; .ascii "kvm" */
>> +             struct x86_exception e;
>> +
>> +             kvm_read_guest_virt(&vcpu->arch.emulate_ctxt,
>> +                             kvm_get_linear_rip(vcpu), sig, sizeof(sig)=
, &e);
>> +             if (memcmp(sig, "\xf\xbkvm", sizeof(sig)) =3D=3D 0) {
>> +                     emulation_type =3D 0;
>> +                     kvm_rip_write(vcpu, kvm_rip_read(vcpu) + sizeof(si=
g));
>> +             }
>> +     }
>>
>> -     er =3D emulate_instruction(vcpu, EMULTYPE_TRAP_UD);
>> +     er =3D emulate_instruction(vcpu, emulation_type);
>>       if (er =3D=3D EMULATE_USER_EXIT)
>>               return 0;
>>       if (er !=3D EMULATE_DONE)
>> --
>> 2.7.4