From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ling, Xiaofeng" Subject: [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest Date: Tue, 29 Nov 2005 15:31:17 +0800 Message-ID: <438C03C5.8050703@intel.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------020701060203060502070105" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------020701060203060502070105 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit # HG changeset patch # User Xiaofeng Ling # Node ID b832c9f342065a84991b4fbf0e30749225995228 # Parent ff879b0ac94170c3b1354fa5e297684ecffb834f Fix vmx guest issue of allowing accessing supervisor page from user level program. In shadow fault, we need to check U/S bit in error code. It is just a fix for shadow32.c, for x86_64 code and public code, it is already handled. Signed-off-by: Xiaofeng Ling diff -r eb213ab53c9b xen/arch/x86/shadow32.c --- a/xen/arch/x86/shadow32.c Fri Nov 25 13:07:07 2005 +0800 +++ b/xen/arch/x86/shadow32.c Fri Nov 25 13:47:48 2005 +0800 @@ -2693,6 +2693,16 @@ domain_crash_synchronous(); } + /* uer runlevel to access vilation error in guest? */ + if ( unlikely((regs->error_code & 4) && + !(l1e_get_flags(gpte) & _PAGE_USER))) + { + SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", + l1e_get_intpte(gpte)); + goto fail; + + } + if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) ) { SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed"); @@ -2706,6 +2716,16 @@ } else { + /* protection violation error(read) in guest? */ + if ( unlikely((regs->error_code & 1) )) + { + SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", + l1e_get_intpte(gpte)); + goto fail; + + } + + if ( !l1pte_read_fault(d, &gpte, &spte) ) { SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed"); --------------020701060203060502070105 Content-Type: text/x-patch; name="userwrfix.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="userwrfix.patch" # HG changeset patch # User Xiaofeng Ling # Node ID b832c9f342065a84991b4fbf0e30749225995228 # Parent ff879b0ac94170c3b1354fa5e297684ecffb834f Fix vmx guest issue of allowing accessing supervisor page from user level program. In shadow fault, we need to check U/S bit in error code. It is just a fix for shadow32.c, for x86_64 code and public code, it is already handled. Signed-off-by: Xiaofeng Ling diff -r eb213ab53c9b xen/arch/x86/shadow32.c --- a/xen/arch/x86/shadow32.c Fri Nov 25 13:07:07 2005 +0800 +++ b/xen/arch/x86/shadow32.c Fri Nov 25 13:47:48 2005 +0800 @@ -2693,6 +2693,16 @@ domain_crash_synchronous(); } + /* uer runlevel to access vilation error in guest? */ + if ( unlikely((regs->error_code & 4) && + !(l1e_get_flags(gpte) & _PAGE_USER))) + { + SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", + l1e_get_intpte(gpte)); + goto fail; + + } + if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) ) { SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed"); @@ -2706,6 +2716,16 @@ } else { + /* protection violation error(read) in guest? */ + if ( unlikely((regs->error_code & 1) )) + { + SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", + l1e_get_intpte(gpte)); + goto fail; + + } + + if ( !l1pte_read_fault(d, &gpte, &spte) ) { SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed"); --------------020701060203060502070105 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------020701060203060502070105--