On 6/15/16 9:31 AM, Wei Liu wrote: > Originally hvm_fep was guarded by NDEBUG, which means it was only > available to debug builds. > > However there is value to have it for non-debug builds as well. User can > use that to run tests in setup that replicates production setup. > > Make it clear with a sync_console style warning that this option can't > be used in production setup. Update command line documentation > accordingly. Finally mark Xen as tainted when this option is enabled. > > Signed-off-by: Wei Liu > --- > Cc: Andrew Cooper > Cc: Jan Beulich > --- > docs/misc/xen-command-line.markdown | 8 ++++++-- > xen/arch/x86/hvm/hvm.c | 31 ++++++++++++++++++++++++++++--- > xen/common/kernel.c | 6 ++++-- > xen/include/asm-x86/hvm/hvm.h | 4 ---- > xen/include/xen/lib.h | 1 + > 5 files changed, 39 insertions(+), 11 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > index fed732c..dc53e24 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -878,8 +878,12 @@ Recognized in debug builds of the hypervisor only. > Allow use of the Forced Emulation Prefix in HVM guests, to allow emulation of > arbitrary instructions. > > -This option is intended for development purposes, and is only available in > -debug builds of the hypervisor. > +This option is intended for development and testing purposes. > + > +*Warning* > +As this feature opens up the instruction emulator to HVM guest, don't > +use this in production system. No security support is provided when > +this flag is set. > > ### hvm\_port80 > > `= ` > diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c > index 78db903..5bafaef 100644 > --- a/xen/arch/x86/hvm/hvm.c > +++ b/xen/arch/x86/hvm/hvm.c > @@ -37,6 +37,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -95,11 +96,9 @@ unsigned long __section(".bss.page_aligned") > static bool_t __initdata opt_hap_enabled = 1; > boolean_param("hap", opt_hap_enabled); > > -#ifndef opt_hvm_fep > /* Permit use of the Forced Emulation Prefix in HVM guests */ > -bool_t opt_hvm_fep; > +bool_t __read_mostly opt_hvm_fep; > boolean_param("hvm_fep", opt_hvm_fep); > -#endif > > /* Xen command-line option to enable altp2m */ > static bool_t __initdata opt_altp2m_enabled = 0; > @@ -182,6 +181,32 @@ static int __init hvm_enable(void) > if ( !opt_altp2m_enabled ) > hvm_funcs.altp2m_supported = 0; > > + if ( opt_hvm_fep ) > + { > + unsigned i, j; > + > + printk("**********************************************\n"); > + printk("******* WARNING: HVM FORCED EMULATION PREFIX IS PERMITTED\n"); > + printk("******* This option is *ONLY* intended to aid debugging " > + "and testing of Xen\n"); > + printk("******* that HVM guest can enter instruction emulator " > + "with UD instruction.\n"); > + printk("******* It has implication on the security of the system.\n"); > + printk("******* Please *DO NOT* use this in production.\n"); > + printk("**********************************************\n"); > + add_taint(TAINT_HVM_FEP); > + for ( i = 0; i < 3; i++ ) > + { > + printk("%d... ", 3-i); > + for ( j = 0; j < 100; j++ ) > + { > + process_pending_softirqs(); > + mdelay(10); > + } > + } > + printk("\n"); > + } > + > /* > * Allow direct access to the PC debug ports 0x80 and 0xed (they are > * often used for I/O delays, but the vmexits simply slow things down). > diff --git a/xen/common/kernel.c b/xen/common/kernel.c > index dae7e35..5bf77aa 100644 > --- a/xen/common/kernel.c > +++ b/xen/common/kernel.c > @@ -175,6 +175,7 @@ int __init parse_bool(const char *s) > * 'M' - Machine had a machine check experience. > * 'B' - System has hit bad_page. > * 'C' - Console output is synchronous. > + * 'H' - HVM forced emulation prefix is permitted. > * > * The string is overwritten by the next call to print_taint(). > */ > @@ -182,11 +183,12 @@ char *print_tainted(char *str) > { > if ( tainted ) > { > - snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c", > + snprintf(str, TAINT_STRING_MAX_LEN, "Tainted: %c%c%c%c%c", > tainted & TAINT_UNSAFE_SMP ? 'S' : ' ', > tainted & TAINT_MACHINE_CHECK ? 'M' : ' ', > tainted & TAINT_BAD_PAGE ? 'B' : ' ', > - tainted & TAINT_SYNC_CONSOLE ? 'C' : ' '); > + tainted & TAINT_SYNC_CONSOLE ? 'C' : ' ', > + tainted & TAINT_HVM_FEP ? 'H' : ' '); > } > else > { > diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h > index f486ee9..217112d 100644 > --- a/xen/include/asm-x86/hvm/hvm.h > +++ b/xen/include/asm-x86/hvm/hvm.h > @@ -27,12 +27,8 @@ > #include > #include > > -#ifndef NDEBUG > /* Permit use of the Forced Emulation Prefix in HVM guests */ > extern bool_t opt_hvm_fep; > -#else > -#define opt_hvm_fep 0 > -#endif Please instead add this as a Kconfig option and you can default it to enabled. > > /* Interrupt acknowledgement sources. */ > enum hvm_intsrc { > diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h > index 1c652bb..b1b0fb2 100644 > --- a/xen/include/xen/lib.h > +++ b/xen/include/xen/lib.h > @@ -142,6 +142,7 @@ uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c); > #define TAINT_BAD_PAGE (1<<2) > #define TAINT_SYNC_CONSOLE (1<<3) > #define TAINT_ERROR_INJECT (1<<4) > +#define TAINT_HVM_FEP (1<<5) > extern int tainted; > #define TAINT_STRING_MAX_LEN 20 > extern char *print_tainted(char *str); > -- Doug Goldstein