From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Roedel, Joerg" Subject: Re: [PATCH 12/13] KVM: SVM: Add checks for IO instructions Date: Thu, 31 Mar 2011 09:14:41 +0200 Message-ID: <20110331071440.GQ2085@amd.com> References: <1301309210-11120-1-git-send-email-joerg.roedel@amd.com> <1301309210-11120-13-git-send-email-joerg.roedel@amd.com> <4D907EDC.1050607@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Cc: Marcelo Tosatti , "kvm@vger.kernel.org" To: Avi Kivity Return-path: Received: from va3ehsobe006.messaging.microsoft.com ([216.32.180.16]:6078 "EHLO VA3EHSOBE006.bigfish.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753081Ab1CaHOt (ORCPT ); Thu, 31 Mar 2011 03:14:49 -0400 Content-Disposition: inline In-Reply-To: <4D907EDC.1050607@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Mon, Mar 28, 2011 at 08:28:12AM -0400, Avi Kivity wrote: > The spec indicates we need to check the TSS and IOPL based permissions > before the intercept (vmx agrees). With the code as is, it happens > afterwards. > > One way to do this is to have an ExtraChecks bit in the opcode::flags. > Then opcode::u.xcheck->perms() is the pre-intercept check and > opcode::u.xcheck->execute() is the post-intercept execution. Should > work for monitor/mwait/rdtsc(p)/rdpmc/other crap x86 throws at us. Okay, as you suggested, I put these checks into the instruction emulator and let the hard work of implementing per-arch checks to the nested-vmx people ;) I doubt that this makes the opcode-tables more readable, but lets see :) Joerg -- AMD Operating System Research Center Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach General Managers: Alberto Bozzo, Andrew Bowd Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632