|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Interrupt issues with hvm_emulate_one_vm_event()
On 05/26/17 18:38, Jan Beulich wrote: >>>> On 26.05.17 at 16:37, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >> On 05/26/17 17:29, Jan Beulich wrote: >>>>>> On 25.05.17 at 11:40, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >>>> I've noticed that, with pages marked NX and vm_event emulation, we can >>>> end up emulating an ud2, for which hvm_emulate_one() returns >>>> X86EMUL_EXCEPTION in hvm_emulate_one_vm_event(). >>> >>> Could you explain what would lead to emulation of UD2? >> >> If you mean in which cases does our engine mark pages NX, I'll have to >> ask and get back to you. If you mean why generally would an UD2 end up >> being the instruction where RIP causes an execute violation fault, I'll >> have to check. > > The question was more for the latter, as I don't understand what > good could come from executing UD2 intentionally, unless the > entity doing so knows there is an emulator around to do something > sensible with it. I owe you an answer here: I've spoken to my introspection engine colleague Andrei, and they purposefully put an UD2 there to terminate a malicious process (i.e. the exception is wanted). I've found this problem while stress-testing Xen 4.9 verifying another patch, using our in-house user-mode test applications, which simulate this sort of malicious behaviour. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |