> -----Original Message----- > From: kvm-owner@xxxxxxxxxxxxxxx [mailto:kvm-owner@xxxxxxxxxxxxxxx] On > Behalf Of Paolo Bonzini > Sent: Friday, March 28, 2014 2:23 PM > To: Zhang, Yang Z; Wu, Feng; gleb@xxxxxxxxxx; hpa@xxxxxxxxx; > kvm@xxxxxxxxxxxxxxx > Subject: Re: [PATCH 3/4] KVM: Add SMAP support when setting CR4 > > Il 28/03/2014 06:47, Zhang, Yang Z ha scritto: > >>> >> + smap = smap && u && !uf && > >>> >> + !((kvm_x86_ops->get_cpl(vcpu) < 3) && > >>> >> + ((kvm_x86_ops->get_rflags(vcpu) & > >>> >> + X86_EFLAGS_AC) == 1)); > >> > > >> > Unfortunately this doesn't work. > >> > > >> > The reason is that changing X86_EFLAGS_AC doesn't trigger > >> > update_permission_bitmask. So the value of CPL < 3 && AC = 1 must not > >> > be checked in update_permission_bitmask; instead, it must be included > >> > in the index into the permissions array. You can reuse the > >> > PFERR_RSVD_MASK bit, like > >> > > >> > smapf = pfec & PFERR_RSVD_MASK; > >> > ... > >> > smap = smap && smapf u && !uf; > >> > > >> > The VCPU can then be passed to permission_fault in order to get the > >> > value of the CPL and the AC bit. > > > > Is CPL check needed? Shouldn't it already have been covered by U bit? > > It is not needed but actually it is covered by !uf, I think. In my understanding it is needed, from Intel SDM: "Every access to a linear address is either a supervisor-mode access or a user-mode access. All accesses performed while the current privilege level (CPL) is less than 3 are supervisor-mode accesses. If CPL = 3, accesses are generally user-mode accesses. However, some operations implicitly access system data structures, and the resulting accesses to those data structures are supervisor-mode accesses regardless of CPL. Examples of such implicit supervisor accesses include the following: accesses to the global descriptor table (GDT) or local descriptor table (LDT) to load a segment descriptor; accesses to the interrupt descriptor table (IDT) when delivering an interrupt or exception; and accesses to the task-state segment (TSS) as part of a task switch or change of CPL." >From the above SDM, we can see supervisor-mode access can also happen when CPL equals 3. If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1. If CPL = 3, SMAP applies to all supervisor-mode data accesses (these are implicit supervisor accesses) regardless of the value of EFLAGS.AC. So when we check the value of EFLAGS.AC, we also need to check CPL, since AC bit only takes effect when CPL<3. U==1 means user-mode access are allowed, while !uf means it is a fault from Supervisor-mode access, I think both *u* and *uf* cannot reflect the value of CPL. Correct me if I am wrong. Thanks a lot! > > Paolo > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Thanks, Feng -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
