x86: disable emulate.c REP optimization if introspection is active

Emulation for REP instructions is optimized to perform a single
write for all repeats in the current page if possible. However,
this interferes with a memory introspection application's ability
to detect suspect behaviour, since it will cause only one
mem_event to be sent per page touched.
This patch disables the optimization, gated on introspection
being active for the domain.

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index c0f47d2dfee2721bb0a31b1e7af7a7ee9d960998..14c184740be37cdec75169484bfdc095ac252686 100644 (file)
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -406,8 +406,13 @@ static int hvmemul_virtual_to_linear(
      * Clip repetitions to avoid overflow when multiplying by @bytes_per_rep.
      * The chosen maximum is very conservative but it's what we use in
      * hvmemul_linear_to_phys() so there is no point in using a larger value.
+     * If introspection has been enabled for this domain, *reps should be
+     * at most 1, since optimization might otherwise cause a single mem_event
+     * being triggered for repeated writes to a whole page.
      */
-    *reps = min_t(unsigned long, *reps, 4096);
+    *reps = min_t(unsigned long, *reps,
+                  unlikely(current->domain->arch.hvm_domain.introspection_enabled)
+                           ? 1 : 4096);
 
     reg = hvmemul_get_seg_reg(seg, hvmemul_ctxt);