RE: [PATCH 3/4] KVM: Add SMAP support when setting CR4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: kvm-owner@xxxxxxxxxxxxxxx [mailto:kvm-owner@xxxxxxxxxxxxxxx] On
> Behalf Of Paolo Bonzini
> Sent: Friday, March 28, 2014 2:23 PM
> To: Zhang, Yang Z; Wu, Feng; gleb@xxxxxxxxxx; hpa@xxxxxxxxx;
> kvm@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH 3/4] KVM: Add SMAP support when setting CR4
> 
> Il 28/03/2014 06:47, Zhang, Yang Z ha scritto:
> >>> >> +				smap = smap && u && !uf &&
> >>> >> +					!((kvm_x86_ops->get_cpl(vcpu) < 3) &&
> >>> >> +					((kvm_x86_ops->get_rflags(vcpu) &
> >>> >> +					X86_EFLAGS_AC) == 1));
> >> >
> >> > Unfortunately this doesn't work.
> >> >
> >> > The reason is that changing X86_EFLAGS_AC doesn't trigger
> >> > update_permission_bitmask.  So the value of CPL < 3 && AC = 1 must not
> >> > be checked in update_permission_bitmask; instead, it must be included
> >> > in the index into the permissions array.  You can reuse the
> >> > PFERR_RSVD_MASK bit, like
> >> >
> >> > 	smapf = pfec & PFERR_RSVD_MASK;
> >> > 	...
> >> > 		smap = smap && smapf u && !uf;
> >> >
> >> > The VCPU can then be passed to permission_fault in order to get the
> >> > value of the CPL and the AC bit.
> >
> > Is CPL check needed? Shouldn't it already have been covered by U bit?
> 
> It is not needed but actually it is covered by !uf, I think.

In my understanding it is needed, from Intel SDM:

"Every access to a linear address is either a supervisor-mode access
or a user-mode access. All accesses performed while the current
privilege level (CPL) is less than 3 are supervisor-mode accesses.
If CPL = 3, accesses are generally user-mode accesses. However, some
operations implicitly access system data structures, and the resulting
accesses to those data structures are supervisor-mode accesses regardless
of CPL. Examples of such implicit supervisor accesses include the following:
accesses to the global descriptor table (GDT) or local descriptor table
(LDT) to load a segment descriptor; accesses to the interrupt descriptor
table (IDT) when delivering an interrupt or exception; and accesses to the
task-state segment (TSS) as part of a task switch or change of CPL."

>From the above SDM, we can see supervisor-mode access can also 
happen when CPL equals 3.

If CPL < 3, SMAP protections are disabled if EFLAGS.AC = 1. If CPL = 3, 
SMAP applies to all supervisor-mode data accesses (these are implicit
supervisor accesses) regardless of the value of EFLAGS.AC.

So when we check the value of EFLAGS.AC, we also need to check CPL, since AC
bit only takes effect when CPL<3.

U==1 means user-mode access are allowed, while !uf means it is a fault
from Supervisor-mode access, I think both *u* and *uf* cannot reflect the
value of CPL.

Correct me if I am wrong. Thanks a lot!

> 
> Paolo
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Thanks,
Feng
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux