>>> On 14.08.17 at 17:53, <ta...@tklengyel.com> wrote: > On Tue, Aug 8, 2017 at 2:27 AM, Alexandru Isaila <aisa...@bitdefender.com> > wrote: >> --- a/xen/arch/x86/hvm/hypercall.c >> +++ b/xen/arch/x86/hvm/hypercall.c >> @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs) >> /* Fallthrough to permission check. */ >> case 4: >> case 2: >> + if ( currd->arch.monitor.guest_request_userspace_enabled && >> + eax == __HYPERVISOR_hvm_op && >> + (mode == 8 ? regs->rdi : regs->ebx) == >> HVMOP_guest_request_vm_event ) >> + break; >> + > > So the CPL check happens after the monitor check, which means this > will trigger regardless if the hypercall is coming from userspace or > kernelspace. Since the monitor option specifically says userspace, > this should probably get moved into the block where CPL was checked.
What difference would this make? For CPL0 the hypercall is permitted anyway, and for CPL > 0 we specifically want to bypass the CPL check. Or are you saying you want to restrict the new check to just CPL3? Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
