From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH] vm_event: Implement ARM SMC events Date: Wed, 13 Apr 2016 13:02:16 +0100 Message-ID: <570E3548.3040502@citrix.com> References: <1460404042-31179-1-git-send-email-tamas@tklengyel.com> <570CA910.8050404@bitdefender.com> <570D2135.1040204@arm.com> <570D2AC3.2040801@bitdefender.com> <570E0967.3070600@bitdefender.com> <570E1CD5.7000802@citrix.com> <570E2513.5060502@bitdefender.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9182626126111337903==" Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aqJZw-00043f-3F for xen-devel@lists.xenproject.org; Wed, 13 Apr 2016 12:07:28 +0000 In-Reply-To: <570E2513.5060502@bitdefender.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Corneliu ZUZU , Tamas K Lengyel Cc: Wei Liu , Keir Fraser , Razvan Cojocaru , Stefano Stabellini , Ian Jackson , Julien Grall , Jan Beulich , Xen-devel List-Id: xen-devel@lists.xenproject.org --===============9182626126111337903== Content-Type: multipart/alternative; boundary="------------090705050601090601050207" --------------090705050601090601050207 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On 13/04/16 11:53, Corneliu ZUZU wrote: > On 4/13/2016 1:17 PM, Andrew Cooper wrote: >> On 13/04/16 09:55, Corneliu ZUZU wrote: >>> >>> >>>> >>>> >>>> I would have to double check but AFAIK those >>>> instructions can't be >>>> configured to trap to the hypervisor directly. So while >>>> SMC was not >>>> intended to be a breakpoint, conceptually it's the >>>> closest thing we have >>>> an on ARM to the INT3 instruction when configured to >>>> trap to the VMM. >>>> >>>> >>>> >>>> Please see AArch32 HDCR.TDE and AArch64 MDCR_EL2.TDE bits. >>>> Since activating this bit would imply additional (in this >>>> context -unwanted-) traps, the performance hit of having this >>>> bit set might be significant. >>>> >>>> >>>> Right, actually I believe KVM already implemented this, I was just >>>> under the impression it was only for aarch64. As for performance >>>> overhead I'm not that worried about it, rather I need to make sure >>>> the presence of the monitoring can remain stealthy. I know on KVM >>>> for example this type of trapping renders the guest to be unable to >>>> use singlestepping, which would easily reveal the presence of the >>>> external monitor (see >>>> https://lists.cs.columbia.edu/pipermail/kvmarm/2015-May/014589.html). >>>> So this will need to be looked at carefully. >>> >>> That seems to apply to single-stepping only, which would be a >>> different matter. As for stealthiness or not limiting the guest, IMO >>> that shouldn't be a problem with BKPT/BRK, since I believe you can >>> inject the breakpoint exception into the guest as if no hypervisor >>> trap occured in between (of course, once you decide whether that >>> breakpoint is Xen's or guest-internal). But what about X86? How is >>> stealthiness achieved there? Is INT3 entirely not available for the >>> guest anymore when guest-debugging is enabled or are ALL INT3's >>> reported by Xen as software breakpoint vm-events? >> >> In x86, attaching a debugger to the domain causes #DB and #BP >> exceptions to be intercepted by Xen, rather than handled directly by >> the domain (actually, since XSA-156, #DB is intercepted under all >> circumstances, to avoid security issues). The debugger receives all >> debug events, and should filer the ones it has introduced vs the ones >> present from in-guest activities. >> >> ~Andrew >> >> (Whether this works or not is a separate matter, and largely depends >> on the debugger.) > > And after this filtering, I guess if the debug event proves to be > introduced by in-guest activities, the exception is reintroduced to > preserve transparency, correct? That is certainly the idea. > I'm curious if behind the scenes Xen also write-protects that page > such that the guest does not overwrite the INT3. Haha. I refer to my "Whether this works or not is a separate matter" statement. No-one has made a product feature out of external debugging of a guest, which means there are almost certainly logic holes and bugs. This write-protection looks like a prime issue which hasn't been considered. ~Andrew --------------090705050601090601050207 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit
On 13/04/16 11:53, Corneliu ZUZU wrote:
On 4/13/2016 1:17 PM, Andrew Cooper wrote:
On 13/04/16 09:55, Corneliu ZUZU wrote:




I would have to double check but AFAIK those instructions can't be
configured to trap to the hypervisor directly. So while SMC was not
intended to be a breakpoint, conceptually it's the closest thing we have
an on ARM to the INT3 instruction when configured to trap to the VMM.


 Please see AArch32 HDCR.TDE and AArch64 MDCR_EL2.TDE bits. Since activating this bit would imply additional (in this context -unwanted-) traps, the performance hit of having this bit set might be significant.

Right, actually I believe KVM already implemented this, I was just under the impression it was only for aarch64. As for performance overhead I'm not that worried about it, rather I need to make sure the presence of the monitoring can remain stealthy. I know on KVM for example this type of trapping renders the guest to be unable to use singlestepping, which would easily reveal the presence of the external monitor (see https://lists.cs.columbia.edu/pipermail/kvmarm/2015-May/014589.html). So this will need to be looked at carefully.

That seems to apply to single-stepping only, which would be a different matter. As for stealthiness or not limiting the guest, IMO that shouldn't be a problem with BKPT/BRK, since I believe you can inject the breakpoint exception into the guest as if no hypervisor trap occured in between (of course, once you decide whether that breakpoint is Xen's or guest-internal). But what about X86? How is stealthiness achieved there? Is INT3 entirely not available for the guest anymore when guest-debugging is enabled or are ALL INT3's reported by Xen as software breakpoint vm-events?

In x86, attaching a debugger to the domain causes #DB and #BP exceptions to be intercepted by Xen, rather than handled directly by the domain (actually, since XSA-156, #DB is intercepted under all circumstances, to avoid security issues).  The debugger receives all debug events, and should filer the ones it has introduced vs the ones present from in-guest activities.

~Andrew

(Whether this works or not is a separate matter, and largely depends on the debugger.)

And after this filtering, I guess if the debug event proves to be introduced by in-guest activities, the exception is reintroduced to preserve transparency, correct?

That is certainly the idea.

I'm curious if behind the scenes Xen also write-protects that page such that the guest does not overwrite the INT3.

Haha.  I refer to my "Whether this works or not is a separate matter" statement.

No-one has made a product feature out of external debugging of a guest, which means there are almost certainly logic holes and bugs.  This write-protection looks like a prime issue which hasn't been considered.

~Andrew
--------------090705050601090601050207-- --===============9182626126111337903== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y Zy94ZW4tZGV2ZWwK --===============9182626126111337903==--