Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
Il 26/05/2014 00:58, Wei Huang ha scritto: If so , my question: is there other special cases similar to task switch which can break patch 4? I don't think so. CPL can only change when SS is loaded, i.e. for inter-privilege transfers that aren't far calls or far jumps to a conforming code segment. I count only three such cases (protected mode int, protected mode iret, call gate), none of which is implemented in the KVM emulator. In fact, the emulator doesn't implement task gates either---luckily all information about the destination task is provided by the processor in the VMCB or VMCS. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
Il 26/05/2014 00:58, Wei Huang ha scritto: If so , my question: is there other special cases similar to task switch which can break patch 4? I don't think so. CPL can only change when SS is loaded, i.e. for inter-privilege transfers that aren't far calls or far jumps to a conforming code segment. I count only three such cases (protected mode int, protected mode iret, call gate), none of which is implemented in the KVM emulator. In fact, the emulator doesn't implement task gates either---luckily all information about the destination task is provided by the processor in the VMCB or VMCS. Paolo -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
> Another day, another CPL patch... > > It turns out that the simple approach of getting CPL from SS.DPL > broke x86/taskswitch2.flat. To fix that, already "imagine" that the > CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors > during task switches. This removes the hack where task switches call > kvm_set_rflags to override the VM flag (patch 2). My understanding about this problem is that during task switch, the CPL might be inconsistent with SS.DPL. This breaks the assumption of previous patch (i.e. patch 4). To fix this problem, we have to rely on CS.RPL to figure out CPL. If so , my question: is there other special cases similar to task switch which can break patch 4? > > While at it, add a new privilege test during task switches that is > missing. > > Patch 4 is the same as before. > > Paolo Bonzini (4): > KVM: x86: use new CS.RPL as CPL during task switch > KVM: x86: drop set_rflags callback > KVM: x86: check CS.DPL against RPL during task switch > KVM: x86: get CPL from SS.DPL > > arch/x86/include/asm/kvm_emulate.h | 1 - > arch/x86/include/asm/kvm_host.h| 1 - > arch/x86/kvm/emulate.c | 63 > ++ > arch/x86/kvm/svm.c | 35 + > arch/x86/kvm/vmx.c | 24 +++ > arch/x86/kvm/x86.c | 6 > 6 files changed, 54 insertions(+), 76 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
Another day, another CPL patch... It turns out that the simple approach of getting CPL from SS.DPL broke x86/taskswitch2.flat. To fix that, already imagine that the CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors during task switches. This removes the hack where task switches call kvm_set_rflags to override the VM flag (patch 2). My understanding about this problem is that during task switch, the CPL might be inconsistent with SS.DPL. This breaks the assumption of previous patch (i.e. patch 4). To fix this problem, we have to rely on CS.RPL to figure out CPL. If so , my question: is there other special cases similar to task switch which can break patch 4? While at it, add a new privilege test during task switches that is missing. Patch 4 is the same as before. Paolo Bonzini (4): KVM: x86: use new CS.RPL as CPL during task switch KVM: x86: drop set_rflags callback KVM: x86: check CS.DPL against RPL during task switch KVM: x86: get CPL from SS.DPL arch/x86/include/asm/kvm_emulate.h | 1 - arch/x86/include/asm/kvm_host.h| 1 - arch/x86/kvm/emulate.c | 63 ++ arch/x86/kvm/svm.c | 35 + arch/x86/kvm/vmx.c | 24 +++ arch/x86/kvm/x86.c | 6 6 files changed, 54 insertions(+), 76 deletions(-) -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
Another day, another CPL patch... It turns out that the simple approach of getting CPL from SS.DPL broke x86/taskswitch2.flat. To fix that, already "imagine" that the CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors during task switches. This removes the hack where task switches call kvm_set_rflags to override the VM flag (patch 2). While at it, add a new privilege test during task switches that is missing. Patch 4 is the same as before. Paolo Bonzini (4): KVM: x86: use new CS.RPL as CPL during task switch KVM: x86: drop set_rflags callback KVM: x86: check CS.DPL against RPL during task switch KVM: x86: get CPL from SS.DPL arch/x86/include/asm/kvm_emulate.h | 1 - arch/x86/include/asm/kvm_host.h| 1 - arch/x86/kvm/emulate.c | 63 ++ arch/x86/kvm/svm.c | 35 + arch/x86/kvm/vmx.c | 24 +++ arch/x86/kvm/x86.c | 6 6 files changed, 54 insertions(+), 76 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 0/4] KVM: x86: get CPL from SS.DPL
Another day, another CPL patch... It turns out that the simple approach of getting CPL from SS.DPL broke x86/taskswitch2.flat. To fix that, already imagine that the CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors during task switches. This removes the hack where task switches call kvm_set_rflags to override the VM flag (patch 2). While at it, add a new privilege test during task switches that is missing. Patch 4 is the same as before. Paolo Bonzini (4): KVM: x86: use new CS.RPL as CPL during task switch KVM: x86: drop set_rflags callback KVM: x86: check CS.DPL against RPL during task switch KVM: x86: get CPL from SS.DPL arch/x86/include/asm/kvm_emulate.h | 1 - arch/x86/include/asm/kvm_host.h| 1 - arch/x86/kvm/emulate.c | 63 ++ arch/x86/kvm/svm.c | 35 + arch/x86/kvm/vmx.c | 24 +++ arch/x86/kvm/x86.c | 6 6 files changed, 54 insertions(+), 76 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
