Xen project Mailing List

[PATCH for-4.20] x86/emul: Fix emulation of RDSEED with older toolchains

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 15 May 2025 20:50:58 +0100

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>, "consulting @ bugseng . com" <consulting@xxxxxxxxxxx>

Delivery-date: Thu, 15 May 2025 19:51:24 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This is reported as a MISRA R16.3 (missing break) violation, but turns out to be substantially more complicated than expected. In commit a8fe4ec5320a ("x86emul: support RDRAND/RDSEED"), the switch() statement had a default case going to cannot_emulate, with both the case 6 and case 7 labels being fully within #ifdef HAVE_GAS_RD{RAND,SEED}. Therefore, when the toolchain didn't understand the RDRAND/RDSEED instructions, attempts to emulate them suffered #UD. (This is arguably a problem as there's no interlock to prevent RDRAND/RDSEED being advertied to the guest, but as instructions with only register encodings, they can only end up being emulated with VM Introspection is in use.) In commit 58f1bba44033 ("x86emul: support RDPID"), case 7 was taken outside of HAVE_GAS_RDSEED, meaning that emulating an RDSEED instruction no longer hit the default case when the toolchain was too old. Instead, it would fall out of the switch statment and be completed normally, behaving as a NOP to the guest. Retrofit a "return X86EMUL_UNIMPLEMENTED" in the case that the toolchain doesn't know the RDRAND instruction, matching how RDRAND work. Note that this has been fixed differently in Xen 4.21. Commit 05bf9f1f0f52 ("x86/emulate: Remove HAVE_AS_RDRAND and HAVE_AS_RDSEED") has removed the problematic condition due to the toolchain baseline upgrade. Fixes: 58f1bba44033 ("x86emul: support RDPID") Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> CC: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx> CC: consulting@xxxxxxxxxxx <consulting@xxxxxxxxxxx> This will unblock the staging-4.20 branch. I'm still concerned as to why this regression has shown up unexpected in the 4.20 branch. In 4.19, the rule isn't marked clean, hence why that passes. However, something changed in the Eclair environment to cause this to happen, and given how HAVE_AS_RDSEED works, it's apparently to do with probing the toolchain capabitilies, and now failing to probe correctly. --- xen/arch/x86/x86_emulate/0fc7.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_emulate/0fc7.c b/xen/arch/x86/x86_emulate/0fc7.c index 5268d5cafd7b..2b6b444bab94 100644 --- a/xen/arch/x86/x86_emulate/0fc7.c +++ b/xen/arch/x86/x86_emulate/0fc7.c @@ -102,6 +102,8 @@ int x86emul_0fc7(struct x86_emulate_state *s, if ( carry ) regs->eflags |= X86_EFLAGS_CF; break; +#else + return X86EMUL_UNIMPLEMENTED; #endif } } base-commit: 612cfd7215568fe8a7e8939dfcc4bf53d986e482 -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.