[PATCH] fix issue of accessing supervisor page from ring3 in vmx guest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Ling, Xiaofeng" <xiaofeng.ling@intel.com>
To: xen-devel <xen-devel@lists.xensource.com>
Subject: [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest
Date: Tue, 29 Nov 2005 15:31:17 +0800	[thread overview]
Message-ID: <438C03C5.8050703@intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1679 bytes --]

# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent  ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and
public code, it is already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>

diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c	Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c	Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
              domain_crash_synchronous();
          }

+        /* uer runlevel to access vilation error in guest? */
+        if ( unlikely((regs->error_code & 4) &&
+                      !(l1e_get_flags(gpte) & _PAGE_USER)))
+        {
+            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" 
PRIpte ")",
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
          if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
          {
              SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
      }
      else
      {
+        /* protection violation error(read) in guest? */
+        if ( unlikely((regs->error_code & 1) ))
+        {
+            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" 
PRIpte ")",
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
+
          if ( !l1pte_read_fault(d, &gpte, &spte) )
          {
              SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");

[-- Attachment #2: userwrfix.patch --]
[-- Type: text/x-patch, Size: 1671 bytes --]

# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent  ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and 
public code, it is already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>

diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c	Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c	Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
             domain_crash_synchronous();
         }
 
+        /* uer runlevel to access vilation error in guest? */
+        if ( unlikely((regs->error_code & 4) && 
+                      !(l1e_get_flags(gpte) & _PAGE_USER)))
+        {
+            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
         if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
     }
     else
     {
+        /* protection violation error(read) in guest? */
+        if ( unlikely((regs->error_code & 1) ))
+        {
+            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
+
         if ( !l1pte_read_fault(d, &gpte, &spte) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

                 reply	other threads:[~2005-11-29  7:31 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=438C03C5.8050703@intel.com \
    --to=xiaofeng.ling@intel.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.