[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] x86/hvm: Always do SMAP check when updating runstate_guest(v)

>>> On 10.07.14 at 12:56, <tim@xxxxxxx> wrote:
> At 07:18 +0800 on 08 Jul (1404800297), Feng Wu wrote:
>> In the current implementation, we honor the guest's CPL and AC
>> to determain whether do the SMAP check or not for runstate_guest(v).
>> However, this doesn't work. The VMCS feild is invalid when we try
>> to get geust's SS by hvm_get_segment_register(), since the
>> right VMCS has not beed loaded for the current VCPU.
>> In this patch, we always do the SMAP check when updating
>> runstate_guest(v) for the guest when SMAP is enabled by it.
> Surely the correct behaviour is _not_ to do the check -- this is the
> context switch path in the _hypervisor_, not a guest-kernel operation.

But it is being "asked for" by the kernel, and hence should be treated
as implicit supervisor mode access just like e.g. descriptor table
accesses (see also the earlier discussion in the thread where the problem
got reported).


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.