From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gleb Natapov Subject: Re: [PATCH 1/3] KVM: x86 emulator: Fix task switch privilege checks Date: Tue, 24 Jan 2012 16:16:30 +0200 Message-ID: <20120124141630.GD9571@redhat.com> References: <1327335048-31925-1-git-send-email-kwolf@redhat.com> <1327335048-31925-2-git-send-email-kwolf@redhat.com> <20120124140316.GD19255@amd.com> <4F1EBCF1.9050808@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Joerg Roedel , kvm@vger.kernel.org, yoshikawa.takuya@oss.ntt.co.jp, avi@redhat.com, mtosatti@redhat.com To: Kevin Wolf Return-path: Received: from mx1.redhat.com ([209.132.183.28]:43941 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755055Ab2AXOQg (ORCPT ); Tue, 24 Jan 2012 09:16:36 -0500 Content-Disposition: inline In-Reply-To: <4F1EBCF1.9050808@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Tue, Jan 24, 2012 at 03:15:13PM +0100, Kevin Wolf wrote: > Am 24.01.2012 15:03, schrieb Joerg Roedel: > > On Mon, Jan 23, 2012 at 05:10:46PM +0100, Kevin Wolf wrote: > >> This patch fixes the problem for VMX. For SVM, the logic used to > >> determine the source of the task switch is buggy, so we can't pass > >> useful information to the emulator there and just disable the check in > >> all cases. > > > > Actually, SVM isn't buggy :) For SVM you do not need to do any > > priviledge checks in software because the hardware already takes care of > > that. > > In other words, KVM only gets a task-switch intercept if the priviledges > > are all checked and correct. > > Okay, that's good to hear. The current code is still buggy because as > Gleb noted it checks against the TSS DPL. We need to disable that check > for SVM then. Also all checks for TASK_SWITCH_GATE indicate that > something is wrong because it will never happen. > Not necessary. Currently all checks for TASK_SWITCH_GATE also check for TASK_SWITCH_CALL, so I think you can fix SVM case in your patch by passing TASK_SWITCH_GATE instead of TASK_SWITCH_CALL to kvm_task_switch(). > Are you going to rewrite task_switch_interception() on top of this series? > > Kevin -- Gleb.