Re: [PATCH v3] x86emul/fuzz: add a state sanity checking function

[George Dunlap <george.dunlap@citrix.com>]

On 4/2/19 2:01 PM, Jan Beulich wrote:
> This is to accompany sanitize_input(). Just like for initial state we
> want to have state between two emulated insns sane, at least as far as
> assumptions in the main emulator go. Do minimal checking after segment
> register, CR, and MSR writes, and roll back to the old value in case of
> failure (raising #GP(0) at the same time).
> 
> In the particular case observed, a CR0 write clearing CR0.PE was
> followed by a VEX-encoded insn, which the decoder accepts based on
> guest address size, restricting things just outside of the 64-bit case
> (real and virtual modes don't allow VEX-encoded insns). Subsequently
> _get_fpu() would then assert that CR0.PE must be set (and EFLAGS.VM
> clear) when trying to invoke YMM, ZMM, or OPMASK state.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: George Dunlap <george.dunlap@citrix.com>

That said, I wonder if there's a way to avoid the duplication between
sanitize_input() and check_state().  Another option would be to rework
sanitize_input() (perhaps as sanizite_state()):
 * Accept a parameter saying whether to do optional changes (like
CANONICALIZE_MAYBE)
 * Return a boolean saying whether any state was in fact sanitized.

Then the current callers of check_state() could instead call
sanitize_state(), and throw an exception if it returns 1.  (Or some
variation thereof.)

Just a thought; I'm OK with checking this in as it is.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel