Il 27/04/2014 14:22, Marcel Apfelbaum ha scritto:
On Sat, 2014-04-26 at 11:06 +0200, Paolo Bonzini wrote:
Il 25/04/2014 19:17, Kevin O'Connor ha scritto:
The current SMI interrupt handler is being run with the same CPL as
the code it interrupts.  If the existing code is running with CPL=3,
then the SMI handler can cause spurious exceptions.  The System
Management Mode (SMM) should always run at the highest protection
level.

KVM computes the CPL as follows:

if (CR0.PE == 0)
   return 0;

if (!EFER.LMA && EFLAGS.VM)
   return 3;

return CS.selector & 3;

Hi Paolo,

The above algorithm is correct only for the protected mode, right?

The CR0.PE == 0 case is for real mode.

You're right that for the real->protected transition time CS.selector's low 3 bits can be anything, while CR0.PE is already 1 *and* CPL is still zero. Kevin's patch should handle this right for TCG, but there may be indeed a KVM bug looming.

For real-address mode is not correct (taken from the Intel Dev Manual
and not from my limited knowledge).
Why don't we use the value of the DPL field from SS which is always
equal to the logical processor’s CPL?

The Intel manual says the CPL is "the protection level of the currently executing code segment".

CS.DPL is indeed != CPL for conforming code segments.

Of course, there is only a short period of time the processor is not on 
protected
mode, but in this time is is possible that the CS segment selector is changed
and the CPL with it...

Any thoughts? Makes sense to change the way the KVM computes the CPL?

If it ain't broken... :) but perhaps it is broken.

Paolo


Reply via email to