From: Paolo Bonzini <pbonzini@redhat.com>
To: Kevin O'Connor <kevin@koconnor.net>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 3/3] target-i386: get CPL from SS.DPL
Date: Fri, 16 May 2014 09:35:54 +0200 [thread overview]
Message-ID: <5375BFDA.10706@redhat.com> (raw)
In-Reply-To: <20140515183831.GA22225@morn.localdomain>
Il 15/05/2014 20:38, Kevin O'Connor ha scritto:
> On Thu, May 15, 2014 at 06:56:56PM +0200, Paolo Bonzini wrote:
>> CS.RPL is not equal to the CPL in the few instructions between
>> setting CR0.PE and reloading CS. We get this right in the common
>> case, because writes to CR0 do not modify the CPL, but it would
>> not be enough if an SMI comes exactly during that brief period.
>> Were this to happen, the RSM instruction would erroneously set
>> CPL to the low two bits of the real-mode selector; and if they are
>> not 00, the next instruction fetch cannot access the code segment
>> and causes a triple fault.
>>
>> However, SS.DPL *is* always equal to the CPL (except during task switches
>> as noted in the previous patch). In real processors (AMD only) there
>> is a weird case of SYSRET setting SS.DPL=SS.RPL from the STAR register
>> while forcing CPL=3, but we do not emulate that.
>
> It looks to me like there could be a couple of places in the code
> where cpu_x86_load_seg_cache(R_CS) is called, but
> cpu_x86_load_seg_cache(R_SS) may not be. In particular,
> helper_ret_protected() and cpu_x86_load_seg_cache_sipi(). Are these
> still okay?
Yes, helper_ret_protected() skips the SS load only if rpl == cpl (so if
CS.RPL == SS.DPL, and the invariant is respected).
cpu_x86_load_seg_cache_sipi() runs in real mode only.
Paolo
next prev parent reply other threads:[~2014-05-16 7:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-15 16:56 [Qemu-devel] [PATCH 0/3] target-i386: fix CPL computation Paolo Bonzini
2014-05-15 16:56 ` [Qemu-devel] [PATCH 1/3] target-i386: fix segment flags for SMM and VM86 mode Paolo Bonzini
2014-05-15 18:45 ` Kevin O'Connor
2014-05-16 7:33 ` Paolo Bonzini
2014-05-15 16:56 ` [Qemu-devel] [PATCH 2/3] target-i386: prepare CPL checks for next patch Paolo Bonzini
2014-05-15 16:56 ` [Qemu-devel] [PATCH 3/3] target-i386: get CPL from SS.DPL Paolo Bonzini
2014-05-15 18:38 ` Kevin O'Connor
2014-05-16 7:35 ` Paolo Bonzini [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-05-16 19:59 [Qemu-devel] [PATCH v2 0/3] target-i386: fix CPL computation Paolo Bonzini
2014-05-16 19:59 ` [Qemu-devel] [PATCH 3/3] target-i386: get CPL from SS.DPL Paolo Bonzini
2014-05-20 21:54 ` Kevin O'Connor
2014-05-21 11:13 ` Paolo Bonzini
2014-05-21 14:05 ` Kevin O'Connor
2014-05-21 14:18 ` Paolo Bonzini
2014-05-21 14:31 ` Kevin O'Connor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5375BFDA.10706@redhat.com \
--to=pbonzini@redhat.com \
--cc=kevin@koconnor.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.