[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Bisected Xen-unstable: "Segment register inaccessible for d1v0" when starting HVM guest on intel

>>> On 02.07.14 at 15:15, <feng.wu@xxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> This being a PV extension to the base architecture, the hardware
>> specification is meaningless. What we need to do here is _extend_ what
>> the hardware has specified for those extra accesses. We have three
>> options basically:
>> 1) never do any checking on such accesses
>> 2) honor CPL and EFLAGS.AC
>> 3) always do the checking
>> The first one obviously is bad from a security POV. Since the third one is
>> more strict than the second and since I assume adding some override is
>> going to be the simpler change than altering the point in time when the
>> VMCS gets loaded during context switch (the suggestion of which no one
>> at all commented on so far), I'd prefer that one, but wouldn't mind
>> option 2 to be implemented instead.
> So here is my understanding for this:
> For option 2, we don't need to change the code in guest_walk_tables(), what 
> we
> should do is to adjust the time when VMCS gets loaded to make sure we can
> safely get guest SS for the two cases you mentioned previously in this 
> thread.
> For option 3, we need to pass some override for these cases to check SMAP
> unconditionally, so no need to get guest SS. Hence this issue will not 
> exist.
> Is this correct? Thanks a lot!

That's my understanding, so I hope it is correct.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.