* [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest
@ 2005-11-29 7:31 Ling, Xiaofeng
0 siblings, 0 replies; only message in thread
From: Ling, Xiaofeng @ 2005-11-29 7:31 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1: Type: text/plain, Size: 1679 bytes --]
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and
public code, it is already handled.
Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
domain_crash_synchronous();
}
+ /* uer runlevel to access vilation error in guest? */
+ if ( unlikely((regs->error_code & 4) &&
+ !(l1e_get_flags(gpte) & _PAGE_USER)))
+ {
+ SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%"
PRIpte ")",
+ l1e_get_intpte(gpte));
+ goto fail;
+
+ }
+
if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
{
SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
}
else
{
+ /* protection violation error(read) in guest? */
+ if ( unlikely((regs->error_code & 1) ))
+ {
+ SH_VVLOG("shadow_fault - EXIT: read fault on super page (%"
PRIpte ")",
+ l1e_get_intpte(gpte));
+ goto fail;
+
+ }
+
+
if ( !l1pte_read_fault(d, &gpte, &spte) )
{
SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");
[-- Attachment #2: userwrfix.patch --]
[-- Type: text/x-patch, Size: 1671 bytes --]
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and
public code, it is already handled.
Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
domain_crash_synchronous();
}
+ /* uer runlevel to access vilation error in guest? */
+ if ( unlikely((regs->error_code & 4) &&
+ !(l1e_get_flags(gpte) & _PAGE_USER)))
+ {
+ SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")",
+ l1e_get_intpte(gpte));
+ goto fail;
+
+ }
+
if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
{
SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
}
else
{
+ /* protection violation error(read) in guest? */
+ if ( unlikely((regs->error_code & 1) ))
+ {
+ SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")",
+ l1e_get_intpte(gpte));
+ goto fail;
+
+ }
+
+
if ( !l1pte_read_fault(d, &gpte, &spte) )
{
SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-11-29 7:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-29 7:31 [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest Ling, Xiaofeng
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.