[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 04/11] nEPT: Do further permission check for sucessful translation.

To: xiantao.zhang@xxxxxxxxx
From: Tim Deegan <tim@xxxxxxx>
Date: Thu, 13 Dec 2012 15:47:31 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, keir@xxxxxxx, JBeulich@xxxxxxxx, eddie.dong@xxxxxxxxx, Xu Dongxiao <dongxiao.xu@xxxxxxxxx>, jun.nakajima@xxxxxxxxx
Delivery-date: Thu, 13 Dec 2012 15:47:46 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 01:57 +0800 on 11 Dec (1355191036), xiantao.zhang@xxxxxxxxx wrote:
> +static
> +bool_t nept_permission_check(uint32_t rwx_acc, uint32_t rwx_bits)
> +{
> +    if ( ((rwx_acc & 0x1) && !(rwx_bits & 0x1)) ||
> +        ((rwx_acc & 0x2) && !(rwx_bits & 0x2 )) ||
> +        ((rwx_acc & 0x4) && !(rwx_bits & 0x4 )) )
> +        return 0;

Ugh.  It would be nice to use human-readable names for these.
Or, since you know these are both <= 0x7, just test for
!(rwx_acc & ~rwx_bits).

Also, this should really be folded into the previous patch.

Cheers,

Tim.

> +
>  /* Translate a L2 guest address to L1 gpa via L1 EPT paging structure */
>  
>  int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga, 
> @@ -301,11 +311,17 @@ int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga,
>                  rwx_bits = gw.l4e.l4 & gw.l3e.l3  & 0x7;
>                  *page_order = 18;
>              }
> -            else
> +            else {
>                  gdprintk(XENLOG_ERR, "Uncorrect l1 entry!\n");
> -
> -            *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
> -            break;
> +                BUG();
> +            }
> +            if ( nept_permission_check(rwx_acc, rwx_bits) )
> +            {
> +                 *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
> +                 break;
> +            }
> +            rc = EPT_TRANSLATE_VIOLATION;
> +        /* Fall through to EPT violation if permission check fails. */
>          case EPT_TRANSLATE_VIOLATION:
>              *exit_qual = (*exit_qual & 0xffffffc0) | (rwx_bits << 3) | 
> rwx_acc;
>              *exit_reason = EXIT_REASON_EPT_VIOLATION;
> -- 
> 1.7.1
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 00/11] Add virtual EPT support Xen.
  - From: xiantao . zhang
- [Xen-devel] [PATCH 04/11] nEPT: Do further permission check for sucessful translation.
  - From: xiantao . zhang

Prev by Date: Re: [Xen-devel] [PATCH 03/11] nEPT: Implement guest ept's walker
Next by Date: Re: [Xen-devel] [PATCH 2/2] libxl: fix stale timeout event callback race
Previous by thread: [Xen-devel] [PATCH 04/11] nEPT: Do further permission check for sucessful translation.
Next by thread: [Xen-devel] [PATCH 07/11] nEPT: Sync PDPTR fields if L2 guest in PAE paging mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.