• Liran Alon's avatar
    KVM: x86: Emulate only IN/OUT instructions when accessing VMware backdoor · 04789b66
    Liran Alon authored
    Access to VMware backdoor ports is done by one of the IN/OUT/INS/OUTS
    instructions. These ports must be allowed access even if TSS I/O
    permission bitmap don't allow it.
    
    To handle this, VMX/SVM will be changed in future commits
    to intercept #GP which was raised by such access and
    handle it by calling x86 emulator to emulate instruction.
    If it was one of these instructions, the x86 emulator already handles
    it correctly (Since commit "KVM: x86: Always allow access to VMware
    backdoor I/O ports") by not checking these ports against TSS I/O
    permission bitmap.
    
    One may wonder why checking for specific instructions is necessary
    as we can just forward all #GPs to the x86 emulator.
    There are multiple reasons for doing so:
    
    1. We don't want the x86 emulator to be reached easily
    by guest by just executing an instruction that raises #GP as that
    exposes the x86 emulator as a bigger attack surface.
    
    2. The x86 emulator is incomplete and therefore certain instructions
    that can cause #GP cannot be emulated. Such an example is "INT x"
    (opcode 0xcd) which reaches emulate_int() which can only emulate
    the instruction if vCPU is in real-mode.
    Signed-off-by: default avatarLiran Alon <liran.alon@oracle.com>
    Reviewed-by: default avatarNikita Leshenko <nikita.leshchenko@oracle.com>
    Reviewed-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Reviewed-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    04789b66
x86.c 238 KB