From: Razvan Cojocaru Date: Tue, 4 Nov 2014 12:13:55 +0000 (+0100) Subject: x86: disable emulate.c REP optimization if introspection is active X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4108 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=413e9215ace59eb9d0dcbd00376e1029ec23c6ab;p=xen.git x86: disable emulate.c REP optimization if introspection is active Emulation for REP instructions is optimized to perform a single write for all repeats in the current page if possible. However, this interferes with a memory introspection application's ability to detect suspect behaviour, since it will cause only one mem_event to be sent per page touched. This patch disables the optimization, gated on introspection being active for the domain. Signed-off-by: Razvan Cojocaru --- diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c index c0f47d2dfe..14c184740b 100644 --- a/xen/arch/x86/hvm/emulate.c +++ b/xen/arch/x86/hvm/emulate.c @@ -406,8 +406,13 @@ static int hvmemul_virtual_to_linear( * Clip repetitions to avoid overflow when multiplying by @bytes_per_rep. * The chosen maximum is very conservative but it's what we use in * hvmemul_linear_to_phys() so there is no point in using a larger value. + * If introspection has been enabled for this domain, *reps should be + * at most 1, since optimization might otherwise cause a single mem_event + * being triggered for repeated writes to a whole page. */ - *reps = min_t(unsigned long, *reps, 4096); + *reps = min_t(unsigned long, *reps, + unlikely(current->domain->arch.hvm_domain.introspection_enabled) + ? 1 : 4096); reg = hvmemul_get_seg_reg(seg, hvmemul_ctxt);