From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [PATCH] KVM: x86: Disallow hypercalls for guest callers in rings
 > 0
Date: Mon, 03 Aug 2009 09:04:53 -0500
Message-ID: <4A76EE85.1090404@codemonkey.ws>
References: <4A76EA7B.4080509@siemens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, kvm-devel <kvm@vger.kernel.org>
To: Jan Kiszka <jan.kiszka@siemens.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from rv-out-0506.google.com ([209.85.198.231]:52000 "EHLO
	rv-out-0506.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754985AbZHCOE5 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 3 Aug 2009 10:04:57 -0400
Received: by rv-out-0506.google.com with SMTP id f6so1043995rvb.1
        for <kvm@vger.kernel.org>; Mon, 03 Aug 2009 07:04:57 -0700 (PDT)
In-Reply-To: <4A76EA7B.4080509@siemens.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Jan Kiszka wrote:
> So far unprivileged guest callers running in ring 3 can issue, e.g., MMU
> hypercalls. Normally, such callers cannot provide any hand-crafted MMU
> command structure as it has to be passed by its physical address, but
> they can still crash the guest kernel by passing random addresses.
>
> To close the hole, this patch considers hypercalls valid only if issued
> from guest ring 0. This may still be relaxed on a per-hypercall base in
> the future once required.
>   

Actually, VT mandates that vmcalls can only be done from CPL=0.

SVM allows hypercalls from CPL>0 unfortunately.

Regards,

Anthony Liguori