[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace

To: "Tamas K Lengyel" <tamas@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 15 Aug 2017 02:06:45 -0600
Cc: Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "wei.liu2@xxxxxxxxxx" <wei.liu2@xxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>
Delivery-date: Tue, 15 Aug 2017 08:07:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 14.08.17 at 17:53, <tamas@xxxxxxxxxxxxx> wrote:
> On Tue, Aug 8, 2017 at 2:27 AM, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx> 
> wrote:
>> --- a/xen/arch/x86/hvm/hypercall.c
>> +++ b/xen/arch/x86/hvm/hypercall.c
>> @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs)
>>          /* Fallthrough to permission check. */
>>      case 4:
>>      case 2:
>> +        if ( currd->arch.monitor.guest_request_userspace_enabled &&
>> +            eax == __HYPERVISOR_hvm_op &&
>> +            (mode == 8 ? regs->rdi : regs->ebx) == 
>> HVMOP_guest_request_vm_event )
>> +            break;
>> +
> 
> So the CPL check happens after the monitor check, which means this
> will trigger regardless if the hypercall is coming from userspace or
> kernelspace. Since the monitor option specifically says userspace,
> this should probably get moved into the block where CPL was checked.

What difference would this make? For CPL0 the hypercall is
permitted anyway, and for CPL > 0 we specifically want to bypass
the CPL check. Or are you saying you want to restrict the new
check to just CPL3?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace
  - From: Tamas K Lengyel

References:
- [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace
  - From: Alexandru Isaila
- Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace
  - From: Tamas K Lengyel

Prev by Date: Re: [Xen-devel] [PATCH] xen: lift hypercall_cancel_continuation to sched.h
Next by Date: Re: [Xen-devel] [PATCH v7 2/9] mm: Place unscrubbed pages at the end of pagelist
Previous by thread: Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace
Next by thread: Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.