On Mon, Oct 13, 2014 at 02:15:43AM +0300, Nadav Amit wrote: > > > On 10/12/14 3:12 PM, Paolo Bonzini wrote: > > Il 12/10/2014 08:57, Nadav Amit ha scritto: > >> Looks good. I’ll give it a try but it is hard to give a definitive > >> answer, since the emulator is still bug-ridden. > > > > Yes, we need to write unit tests for this, especially the conforming > > case. A bit of a pain to get kvm-unit-tests in ring 3 (access.flat > > does it), but I'll give it a shot. > > > > Paolo > > > > I think the problem might be even more fundamental. > According to the SDM, the privilege level checks (CPL/DPL/RPL) are only performed when the segment is loaded; I see no reference to privilege checks when data is accessed. > You should be able to load a segment with DPL=0 while you are in CPL=0, then change CPL to 3 and still access the segment (obviously, it is not the best practice). > > In that case, all the privilege checks in __linearize are redundant and for some extent incorrect. > Obviously, I am afraid to submit a patch that removes them, since if the privilege checks of __linearize are needed in certain case, this may introduce security problem. > > Do you agree? > 3a78a4f46302bfc83602a53dfa4dcbe76a7a1f5f removed RPL check from __linearize already, so you are probably right, but better verify it on real HW. -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html