From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: Bisected Xen-unstable: "Segment register
 inaccessible for d1v0" when starting HVM guest on intel
Date: Wed, 2 Jul 2014 11:37:04 +0100
Message-ID: <53B3E0D0.4040503@citrix.com>
References: <1057886355.20140628222158@eikelenboom.it>
	<53B1A244020000780001EA4D@mail.emea.novell.com>
	<1081819750.20140630183750@eikelenboom.it>
	<53B19EEB.4060603@citrix.com>
	<E959C4978C3B6342920538CF579893F002065901@SHSMSX104.ccr.corp.intel.com>
	<53B27902020000780001ED8B@mail.emea.novell.com>
	<E959C4978C3B6342920538CF579893F002066468@SHSMSX104.ccr.corp.intel.com>
	<53B29E03020000780001EF03@mail.emea.novell.com>
	<E959C4978C3B6342920538CF579893F00206901C@SHSMSX104.ccr.corp.intel.com>
	<53B3CA8A020000780001F4B4@mail.emea.novell.com>
	<E959C4978C3B6342920538CF579893F002069E6D@SHSMSX104.ccr.corp.intel.com>
	<53B3D5D2020000780001F4F8@mail.emea.novell.com>
	<E959C4978C3B6342920538CF579893F00206A429@SHSMSX104.ccr.corp.intel.com>
	<53B3ECEE020000780001F61F@mail.emea.novell.com>
	<53B3D491.1080907@citrix.com>
	<53B3F324020000780001F66B@mail.emea.novell.com>
	<53B3D8CD.1050506@citrix.com>
	<53B3F603020000780001F687@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Andrew.Cooper3@citrix.com>) id 1X2HuY-0006gI-Sh
	for xen-devel@lists.xenproject.org; Wed, 02 Jul 2014 10:37:10 +0000
In-Reply-To: <53B3F603020000780001F687@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Sander Eikelenboom <linux@eikelenboom.it>, Feng Wu <feng.wu@intel.com>, "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 02/07/14 11:07, Jan Beulich wrote:
>>>> On 02.07.14 at 12:02, <andrew.cooper3@citrix.com> wrote:
>>> Just like copy_to_user() would produce -EFAULT for a hypercall
>>> when used on a non-present page or a non-canonical address, it
>>> should (and afaict will with how things are right now) similarly
>>> produce -EFAULT for an attempted access to a guest-accessible
>>> page when the current mode of the guest is supervisor.
>>>
>>> To me it is a logical extension to also fail accesses outside of
>>> hypercalls or emulation.
>> Consider an HVM guest with SMAP in effect, making a hypercall.  If a
>> guest handle points to guest userspace, Xen would be unable to ever
>> complete the hypercall without an -EFAULT.
>>
>> I don't think this is reasonable to fail.
> This is very reasonable to fail: Such an operation violates the SMAP
> guarantees. If the kernel wants to permit this, it needs to CLAC/STAC
> around the hypercall in its privcmd (or alike) driver.
>
> Jan
>

Hmm - I suppose.  At least this gives the guest operating system a choice.

~Andrew