Received: by 10.213.65.68 with SMTP id h4csp1371557imn; Sun, 1 Apr 2018 04:14:00 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+uHLqQVLfGxV15XqcVa30G9M4hqVU8IqUXGmDEgwEz6Yk6HArhRzOh5rA+lfoehvXLnnJh X-Received: by 10.98.69.26 with SMTP id s26mr4413528pfa.29.1522581240048; Sun, 01 Apr 2018 04:14:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522581240; cv=none; d=google.com; s=arc-20160816; b=rBn4Ipxx8yM45w+HDhEJHQwmbr1cPtsGB7+ei4cDz2WB8PubRsx8/Rw8nst94V5xS5 JbdPYnRxkZSt3nLZzfrO79ZtT4n9E6KS+zLc4ohsV1eBNmveYfG7JUIRdjWUxJvPcEj9 6AjoTV7H2msG/pyYPjKhpPtPnV4bwDoHIWGRvoJ3sXZDQpsFzmYR4pL79XBqUC+XBrSj QrDZqlyxuLWz6QRWy6L2JdsfhWWk3Gt9IjnMv82ojz1ulE7Ffi1ZhnvDQXRCwp+4MuYe YDKIK/LF6Y/S0F8FfKHBFNfVo56GzklaJa6Y66OdBA21sAc2TH7pjH36abe7P/+kWZ92 CD6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=R6FeEuiVaU2n2we6cqFjcyhXQRq/Px1vOJBA9x2R794=; b=eusiNgQ//puzTf9oOzh8wEp1Cq6gsHRDuOIX3YT178nTRdUnnxU/E756PYUepODMed tu4pzQu+Can8Xr2xczHUOQkyI2NwJsfuxh4/9iIAD0sO0Lwx57acQPnQ53jc+AwTlnqE seof7bsDNistAdW4wVAm8wzLKqoEFnKipe2ahVRwNsCXYV4oBkDFZZQmpZ1ex6J7r/Nr crNldAisXhNJwvLP+m6X+LzsPqo6KwkinktJASCK69dPYjWO21xrnYVw28+wCSaKytOk gVLr6IvkO6s+dyy62K6QPvp0aJdL//y0EvbaQQwzBu3LIM3GKF99QPB0p1DwJF4R4277 a+dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oYWtos4S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f5-v6si2908369plj.89.2018.04.01.04.13.46; Sun, 01 Apr 2018 04:14:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oYWtos4S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753538AbeDALMc (ORCPT + 99 others); Sun, 1 Apr 2018 07:12:32 -0400 Received: from mail-ot0-f195.google.com ([74.125.82.195]:45907 "EHLO mail-ot0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753407AbeDALMa (ORCPT ); Sun, 1 Apr 2018 07:12:30 -0400 Received: by mail-ot0-f195.google.com with SMTP id h26-v6so13266275otj.12; Sun, 01 Apr 2018 04:12:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=R6FeEuiVaU2n2we6cqFjcyhXQRq/Px1vOJBA9x2R794=; b=oYWtos4S5Lqarcp/q0f5T0ONdiV0j/pD+Kc0Y9lk5wmJjAQBzs49fwyxDKbEmKAyus 7WNB8/cOnZhFRFXxB166sLIoQJlh+p50UEM0PN/lCohrmweLW1CrCthxxxGG6+FyIx7b pAGMIyiI2Te+PWx8/5FY5iIh1XJutwPrpUCu99MRj+5vRZe8MYZ0S0dP7PFVIOoAAm8L kxsR3y+Q2R7TSXM6+lGe6TTiCSjTcZfJYo5myD74vDcz5Dxi/GqPQ/BUsHQmKXabnR9y cEoGAMy2PMOlk3A6Mc/b6ylgbMOr3FqKKTEeamio0iyJFsMLwSjoDidg+Ex7qT2FTot3 3phw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=R6FeEuiVaU2n2we6cqFjcyhXQRq/Px1vOJBA9x2R794=; b=gsBgYuyWrcdtzRl3qBCSvBCwu0rVS2uXLa17Pl9GYXDlqvjPA7TW6DcHFvKz0BF4Xe ZYsZaPkKpDzZXCN+nkJYaCQ5oSTYILMEvMhb8iP2hbtjCAK5BMlwzR7xfuivhwB12XC8 JpI1/5KBLylgiEo8bfr6CcNjUjDNaCONR/y/go1VJ0Q0Wo8rp9FBh4XQHqLowX3U3Re5 /VsVUOQ4ap4BPNtmvWdSO6rdJ7Y11M1D89/l3DAug+M8uMta38QyJhkTNHRpUhbUg6Rr wSzyI2LTWOs0PlU+MjRpeu60Ib/52fFFelVtCrE+lTXtU+TooEXZj6OlT3ay2lKH796B z0jA== X-Gm-Message-State: ALQs6tD6EUNyB7TUXKbb1dBAaDXrhLN8BBiUuNSBVKR6bFH7WLhKkQGc AdQH7BUwr52M1Q2RyZ7NxF+lgsUKhofmhhJ9It8= X-Received: by 2002:a9d:2874:: with SMTP id h49-v6mr3545383otd.2.1522581149888; Sun, 01 Apr 2018 04:12:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.210.78 with HTTP; Sun, 1 Apr 2018 04:12:29 -0700 (PDT) In-Reply-To: <20180329212932.GA27107@flask> References: <1522198134-2709-1-git-send-email-wanpengli@tencent.com> <1522198134-2709-3-git-send-email-wanpengli@tencent.com> <20180329212932.GA27107@flask> From: Wanpeng Li Date: Sun, 1 Apr 2018 19:12:29 +0800 Message-ID: Subject: Re: [PATCH v3 2/2] KVM: X86: Add Force Emulation Prefix for "emulate the next instruction" To: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= Cc: LKML , kvm , Paolo Bonzini , Andrew Cooper , Konrad Rzeszutek Wilk , Liran Alon Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-03-30 5:29 GMT+08:00 Radim Kr=C4=8Dm=C3=A1=C5=99 : > 2018-03-27 17:48-0700, Wanpeng Li: >> From: Wanpeng Li >> >> There is no easy way to force KVM to run an instruction through the emul= ator >> (by design as that will expose the x86 emulator as a significant attack-= surface). >> However, we do wish to expose the x86 emulator in case we are testing it >> (e.g. via kvm-unit-tests). Therefore, this patch adds a "force emulation= prefix" >> that is designed to raise #UD which KVM will trap and it's #UD exit-hand= ler will >> match "force emulation prefix" to run instruction after prefix by the x8= 6 emulator. >> To not expose the x86 emulator by default, we add a module parameter tha= t should >> be off by default. >> >> A simple testcase here: >> >> #include >> #include >> >> #define HYPERVISOR_INFO 0x40000000 >> >> #define CPUID(idx, eax, ebx, ecx, edx) \ >> asm volatile (\ >> "ud2a; .ascii \"kvm\"; cpuid" \ >> :"=3Db" (*ebx), "=3Da" (*eax), "=3Dc" (*ecx), "=3Dd" (*edx) \ >> :"0"(idx) ); >> >> void main() >> { >> unsigned int eax, ebx, ecx, edx; >> char string[13]; >> >> CPUID(HYPERVISOR_INFO, &eax, &ebx, &ecx, &edx); >> *(unsigned int *)(string + 0) =3D ebx; >> *(unsigned int *)(string + 4) =3D ecx; >> *(unsigned int *)(string + 8) =3D edx; >> >> string[12] =3D 0; >> if (strncmp(string, "KVMKVMKVM\0\0\0", 12) =3D=3D 0) >> printf("kvm guest\n"); >> else >> printf("bare hardware\n"); >> } >> >> Suggested-by: Andrew Cooper >> Cc: Paolo Bonzini >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> Cc: Andrew Cooper >> Cc: Konrad Rzeszutek Wilk >> Cc: Liran Alon >> Signed-off-by: Wanpeng Li >> --- >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> @@ -146,6 +146,9 @@ bool __read_mostly enable_vmware_backdoor =3D false; >> module_param(enable_vmware_backdoor, bool, S_IRUGO); >> EXPORT_SYMBOL_GPL(enable_vmware_backdoor); >> >> +static bool __read_mostly force_emulation_prefix =3D false; >> +module_param(force_emulation_prefix, bool, S_IRUGO); >> + >> #define KVM_NR_SHARED_MSRS 16 >> >> struct kvm_shared_msrs_global { >> @@ -4843,8 +4846,21 @@ EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system); >> int handle_ud(struct kvm_vcpu *vcpu) >> { >> enum emulation_result er; >> + int emulation_type =3D EMULTYPE_TRAP_UD; >> + >> + if (force_emulation_prefix) { >> + char sig[5]; /* ud2; .ascii "kvm" */ >> + struct x86_exception e; >> + >> + kvm_read_guest_virt(&vcpu->arch.emulate_ctxt, >> + kvm_get_linear_rip(vcpu), sig, sizeof(sig)= , &e); >> + if (memcmp(sig, "\xf\xbkvm", sizeof(sig)) =3D=3D 0) { >> + emulation_type =3D 0; >> + kvm_rip_write(vcpu, kvm_rip_read(vcpu) + sizeof(si= g)); >> + } >> + } >> >> - er =3D emulate_instruction(vcpu, EMULTYPE_TRAP_UD); >> + er =3D emulate_instruction(vcpu, emulation_type); >> if (er =3D=3D EMULATE_USER_EXIT) >> return 0; >> if (er !=3D EMULATE_DONE) > > The code afterwards is going to inject an #UD if the emulation failed. > I think that preserving the cpu state and forwarding the emulation > failure to userspace would be more useful. The change would probably be > best as: > > if (memcmp(sig, "\xf\xbkvm", sizeof(sig)) =3D=3D 0) { > kvm_rip_write(vcpu, kvm_rip_read(vcpu) + sizeof(s= ig)); > return emulate_instruction(vcpu, 0) =3D=3D EMULAT= E_DONE; > } > > Looks great otherwise, thanks. Do it in v4. :) Regards, Wanpeng Li