Received: by 10.213.65.68 with SMTP id h4csp133244imn; Tue, 27 Mar 2018 23:58:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx49EHr+yOes5nG3FLdZoI2snGhZEK35QiHGjnklB8FNImSynayp9+uAf5iyoN6IP8+7Vqw1W X-Received: by 10.99.133.193 with SMTP id u184mr1717081pgd.141.1522220314780; Tue, 27 Mar 2018 23:58:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522220314; cv=none; d=google.com; s=arc-20160816; b=AEK0QBcotUbBa3ZKaPDY5hc4T055eVEsMQ3GbzN82x6Vb4+G5xsfef3UQxfSLOIpJ8 YB2XCIDWm52UT5Qz83meCTrGq6efRa57Yfo8jAgAbsY9v6ApMw930s++pqEBhWyKxd/3 xzaKeAW1C/dmgoo3WxoUPkhNUwPQolZt326DLmRRxmR8y0yeVd9h61ELOpA6mTgNwakX BT7u7opJJ4SBS6Qi2254Y2Khl6gGzsSoFVDA/hsQhht4dMMmaB2ByDVBUuZVh0C2yW0W X9R+/nJ80vYX0pp4z4lri82b0PXpaTtkZsXSwR9jZZVXfV3HnHdcd7tFIBTR67ND/bfI Xtjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:subject:cc:to:from:date:message-id :mime-version:dkim-signature:arc-authentication-results; bh=qPCiraIHSeOwePeVssiNeW7XJ/zsRPFIzQzapRNpL3U=; b=qKNSbQVNKeQbX5rMxMtGiE4IHzeN+kPfwG2K4RUjq7x6XQPofgUY/dLZv++hpSG6lH dBzsEvJVvlnrgrGs1+5fVjfFZdhloHfm2+aJ70d2+fIAbCcXIDMQSsDW+/Ppg2W9b483 s8gsvy5pOm1/3pXzcrpc7RhljENROslQFHyl5SD5pudNAffu+ZkBoGcoUCyB+PdWTyQe 1yAdfNtMS5DycNHgtnKHItWKu4KDuJaCrdx4EVpDdg4ujRAU/2pa3R3kywbDLS+sPaSe +hSq1WNXUNDmFuvDIXuCGEHjR39oleNKbYsKsnFhNgyZiXAIvUf8QT5304iCHHY4vMOY HIRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=k/0HeHKg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t10-v6si2845583plo.18.2018.03.27.23.58.20; Tue, 27 Mar 2018 23:58:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=k/0HeHKg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751840AbeC1Gzo (ORCPT + 99 others); Wed, 28 Mar 2018 02:55:44 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:53576 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751065AbeC1Gzk (ORCPT ); Wed, 28 Mar 2018 02:55:40 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w2S6sNBh043369; Wed, 28 Mar 2018 06:55:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version : message-id : date : from : to : cc : subject : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=qPCiraIHSeOwePeVssiNeW7XJ/zsRPFIzQzapRNpL3U=; b=k/0HeHKgAoPvtUUDJTmVohlLBEq6DSfEtt7zGoFZlzZ4TfQX424h0qLWfrsoGdepD/Wq 5s0ZxlALT5xspq3/91UbhcJrAiWmqf1OtSpbM6aPBZQnYpMedmoeKyyy8JBJLa8tScQT rxn3Zpcb2kOX1Jp1WvZ6HHe3OlAQUKzuyK0btHLM1RMZr12kRXPE/7rInFyB4EARk6Lz jKl3RDvpsZMJkY7YUQTUaFD2evbjh7EQY482qnYRXBAs8wLjT7ThikkRS6WrcZ87xCR8 KLVWmOfM8UEMhzBxvWBwtWdlIJRqXM4E+jaNd6YWuu3L8FPix5cZJlYbeVKksNKBECc6 Fw== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp2120.oracle.com with ESMTP id 2h066k0047-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 28 Mar 2018 06:55:33 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w2S6tXhd006429 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 28 Mar 2018 06:55:33 GMT Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w2S6tW6J006263; Wed, 28 Mar 2018 06:55:32 GMT MIME-Version: 1.0 Message-ID: <490b19a2-3a40-4abb-b993-743c22ef43a5@default> Date: Tue, 27 Mar 2018 23:55:32 -0700 (PDT) From: Liran Alon To: Cc: , , , , , Subject: Re: [PATCH v3 2/2] KVM: X86: Add Force Emulation Prefix for "emulate the next instruction" X-Mailer: Zimbra on Oracle Beehive Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8845 signatures=668695 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803280066 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- kernellwp@gmail.com wrote: > From: Wanpeng Li >=20 > There is no easy way to force KVM to run an instruction through the > emulator=20 > (by design as that will expose the x86 emulator as a significant > attack-surface). > However, we do wish to expose the x86 emulator in case we are testing > it > (e.g. via kvm-unit-tests). Therefore, this patch adds a "force > emulation prefix" > that is designed to raise #UD which KVM will trap and it's #UD > exit-handler will > match "force emulation prefix" to run instruction after prefix by the > x86 emulator. > To not expose the x86 emulator by default, we add a module parameter > that should=20 > be off by default. >=20 > A simple testcase here: >=20 > #include > #include > =20 > #define HYPERVISOR_INFO 0x40000000 > =20 > #define CPUID(idx, eax, ebx, ecx, edx) \ > asm volatile (\ > "ud2a; .ascii \"kvm\"; cpuid" \ > :"=3Db" (*ebx), "=3Da" (*eax), "=3Dc" (*ecx), "=3Dd" (*edx) \ > :"0"(idx) ); =20 > =20 > void main() =20 > { =20 > =09unsigned int eax, ebx, ecx, edx; =20 > =09char string[13]; =20 > =20 > =09CPUID(HYPERVISOR_INFO, &eax, &ebx, &ecx, &edx); =20 > =09*(unsigned int *)(string + 0) =3D ebx; =20 > =09*(unsigned int *)(string + 4) =3D ecx; =20 > =09*(unsigned int *)(string + 8) =3D edx; =20 > =20 > =09string[12] =3D 0; =20 > =09if (strncmp(string, "KVMKVMKVM\0\0\0", 12) =3D=3D 0) > =09=09printf("kvm guest\n"); =20 > =09else =20 > =09=09printf("bare hardware\n"); =20 > } >=20 > Suggested-by: Andrew Cooper > Cc: Paolo Bonzini > Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 > Cc: Andrew Cooper > Cc: Konrad Rzeszutek Wilk > Cc: Liran Alon > Signed-off-by: Wanpeng Li > --- > arch/x86/kvm/x86.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) >=20 > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index e3a60ab..40e2f78 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -146,6 +146,9 @@ bool __read_mostly enable_vmware_backdoor =3D > false; > module_param(enable_vmware_backdoor, bool, S_IRUGO); > EXPORT_SYMBOL_GPL(enable_vmware_backdoor); > =20 > +static bool __read_mostly force_emulation_prefix =3D false; > +module_param(force_emulation_prefix, bool, S_IRUGO); > + > #define KVM_NR_SHARED_MSRS 16 > =20 > struct kvm_shared_msrs_global { > @@ -4843,8 +4846,21 @@ > EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system); > int handle_ud(struct kvm_vcpu *vcpu) > { > =09enum emulation_result er; > +=09int emulation_type =3D EMULTYPE_TRAP_UD; > + > +=09if (force_emulation_prefix) { > +=09=09char sig[5]; /* ud2; .ascii "kvm" */ > +=09=09struct x86_exception e; > + > +=09=09kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, > +=09=09=09=09kvm_get_linear_rip(vcpu), sig, sizeof(sig), &e); > +=09=09if (memcmp(sig, "\xf\xbkvm", sizeof(sig)) =3D=3D 0) { > +=09=09=09emulation_type =3D 0; > +=09=09=09kvm_rip_write(vcpu, kvm_rip_read(vcpu) + sizeof(sig)); > +=09=09} > +=09} > =20 > -=09er =3D emulate_instruction(vcpu, EMULTYPE_TRAP_UD); > +=09er =3D emulate_instruction(vcpu, emulation_type); > =09if (er =3D=3D EMULATE_USER_EXIT) > =09=09return 0; > =09if (er !=3D EMULATE_DONE) > --=20 > 2.7.4 Reviewed-by: Liran Alon