Re: [PATCH 12/13] KVM: SVM: Add checks for IO instructions

["Roedel, Joerg" <Joerg.Roedel@amd.com>]

On Thu, Mar 31, 2011 at 05:18:28AM -0400, Avi Kivity wrote:
> On 03/31/2011 09:14 AM, Roedel, Joerg wrote:
> > On Mon, Mar 28, 2011 at 08:28:12AM -0400, Avi Kivity wrote:
> > >  The spec indicates we need to check the TSS and IOPL based permissions
> > >  before the intercept (vmx agrees).  With the code as is, it happens
> > >  afterwards.
> > >
> > >  One way to do this is to have an ExtraChecks bit in the opcode::flags.
> > >  Then opcode::u.xcheck->perms() is the pre-intercept check and
> > >  opcode::u.xcheck->execute() is the post-intercept execution.  Should
> > >  work for monitor/mwait/rdtsc(p)/rdpmc/other crap x86 throws at us.
> >
> > Okay, as you suggested, I put these checks into the instruction emulator
> > and let the hard work of implementing per-arch checks to the nested-vmx
> > people ;)
> > I doubt that this makes the opcode-tables more readable, but lets see :)
> 
> I think we're miscommunicating.  I'm talking about x86 checks, not virt 
> vendor specific checks.

The place of the intercept check may be vendor specific. I havn't looked
at the Intel spec, though. But there are probably differences.

> For example, the flow for IOIO would be:
> 
>    #UD check (lock prefix)
>    PE/IOPL/CPL/VM check
>    TSS bitmap check (can cause #PF)
>    Intercept check
>    Operand segment check
>    Possible #PF
>    Execution
> 
> We need to make sure the TSS bitmap check happens before the intercept, 
> so we need to split ->execute() into two.

Right. For the generic case, how about factor out the checks (for the
POST_EX intercept case) into a seperate excp_check-callback (similar to the
execute-callback) and execute it before the post-exception-intercept
check?

	Joerg

-- 
AMD Operating System Research Center

Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach
General Managers: Alberto Bozzo, Andrew Bowd
Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632