[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 04/11] nEPT: Do further permission check for sucessful translation.
At 01:57 +0800 on 11 Dec (1355191036), xiantao.zhang@xxxxxxxxx wrote: > +static > +bool_t nept_permission_check(uint32_t rwx_acc, uint32_t rwx_bits) > +{ > + if ( ((rwx_acc & 0x1) && !(rwx_bits & 0x1)) || > + ((rwx_acc & 0x2) && !(rwx_bits & 0x2 )) || > + ((rwx_acc & 0x4) && !(rwx_bits & 0x4 )) ) > + return 0; Ugh. It would be nice to use human-readable names for these. Or, since you know these are both <= 0x7, just test for !(rwx_acc & ~rwx_bits). Also, this should really be folded into the previous patch. Cheers, Tim. > + > /* Translate a L2 guest address to L1 gpa via L1 EPT paging structure */ > > int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga, > @@ -301,11 +311,17 @@ int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga, > rwx_bits = gw.l4e.l4 & gw.l3e.l3 & 0x7; > *page_order = 18; > } > - else > + else { > gdprintk(XENLOG_ERR, "Uncorrect l1 entry!\n"); > - > - *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT; > - break; > + BUG(); > + } > + if ( nept_permission_check(rwx_acc, rwx_bits) ) > + { > + *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT; > + break; > + } > + rc = EPT_TRANSLATE_VIOLATION; > + /* Fall through to EPT violation if permission check fails. */ > case EPT_TRANSLATE_VIOLATION: > *exit_qual = (*exit_qual & 0xffffffc0) | (rwx_bits << 3) | > rwx_acc; > *exit_reason = EXIT_REASON_EPT_VIOLATION; > -- > 1.7.1 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx > http://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |