From: Alexander Graf <agraf@suse.de>
To: kvm-ppc@vger.kernel.org
Cc: linuxppc-dev@ozlabs.org, paulus@samba.org, kvm@vger.kernel.org
Subject: [PATCH 03/10] KVM: PPC: Check privilege level on SPRs
Date: Tue, 9 Aug 2011 18:31:41 +0200 [thread overview]
Message-ID: <1312907508-14599-4-git-send-email-agraf@suse.de> (raw)
In-Reply-To: <1312907508-14599-1-git-send-email-agraf@suse.de>
We have 3 privilege levels: problem state, supervisor state and hypervisor
state. Each of them can access different SPRs, so we need to check on every
SPR if it's accessible in the respective mode.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
arch/powerpc/kvm/book3s_emulate.c | 25 +++++++++++++++++++++++++
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/arch/powerpc/kvm/book3s_emulate.c b/arch/powerpc/kvm/book3s_emulate.c
index 4668465..bf0ddcd 100644
--- a/arch/powerpc/kvm/book3s_emulate.c
+++ b/arch/powerpc/kvm/book3s_emulate.c
@@ -63,6 +63,25 @@
* function pointers, so let's just disable the define. */
#undef mfsrin
+enum priv_level {
+ PRIV_PROBLEM = 0,
+ PRIV_SUPER = 1,
+ PRIV_HYPER = 2,
+};
+
+static bool spr_allowed(struct kvm_vcpu *vcpu, enum priv_level level)
+{
+ /* PAPR VMs only access supervisor SPRs */
+ if (vcpu->arch.papr_enabled && (level > PRIV_SUPER))
+ return false;
+
+ /* Limit user space to its own small SPR set */
+ if ((vcpu->arch.shared->msr & MSR_PR) && level > PRIV_PROBLEM)
+ return false;
+
+ return true;
+}
+
int kvmppc_core_emulate_op(struct kvm_run *run, struct kvm_vcpu *vcpu,
unsigned int inst, int *advance)
{
@@ -296,6 +315,8 @@ int kvmppc_core_emulate_mtspr(struct kvm_vcpu *vcpu, int sprn, int rs)
switch (sprn) {
case SPRN_SDR1:
+ if (!spr_allowed(vcpu, PRIV_HYPER))
+ goto unprivileged;
to_book3s(vcpu)->sdr1 = spr_val;
break;
case SPRN_DSISR:
@@ -390,6 +411,7 @@ int kvmppc_core_emulate_mtspr(struct kvm_vcpu *vcpu, int sprn, int rs)
case SPRN_PMC4_GEKKO:
case SPRN_WPAR_GEKKO:
break;
+unprivileged:
default:
printk(KERN_INFO "KVM: invalid SPR write: %d\n", sprn);
#ifndef DEBUG_SPR
@@ -421,6 +443,8 @@ int kvmppc_core_emulate_mfspr(struct kvm_vcpu *vcpu, int sprn, int rt)
break;
}
case SPRN_SDR1:
+ if (!spr_allowed(vcpu, PRIV_HYPER))
+ goto unprivileged;
kvmppc_set_gpr(vcpu, rt, to_book3s(vcpu)->sdr1);
break;
case SPRN_DSISR:
@@ -476,6 +500,7 @@ int kvmppc_core_emulate_mfspr(struct kvm_vcpu *vcpu, int sprn, int rt)
kvmppc_set_gpr(vcpu, rt, 0);
break;
default:
+unprivileged:
printk(KERN_INFO "KVM: invalid SPR read: %d\n", sprn);
#ifndef DEBUG_SPR
emulated = EMULATE_FAIL;
--
1.6.0.2
next prev parent reply other threads:[~2011-08-09 16:32 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-09 16:31 [PATCH 00/10] PAPR virtualization on PR KVM Alexander Graf
2011-08-09 16:31 ` [PATCH 01/10] KVM: PPC: move compute_tlbie_rb to book3s common header Alexander Graf
2011-11-08 17:08 ` [PATCH] KVM: PPC: move compute_tlbie_rb to book3s_64 " Andreas Schwab
2011-11-11 16:03 ` Alexander Graf
2011-08-09 16:31 ` [PATCH 02/10] KVM: PPC: Add papr_enabled flag Alexander Graf
2011-08-09 16:31 ` Alexander Graf [this message]
2011-08-09 16:31 ` [PATCH 04/10] KVM: PPC: Interpret SDR1 as HVA in PAPR mode Alexander Graf
2011-08-09 16:31 ` [PATCH 05/10] KVM: PPC: Read out syscall instruction on trap Alexander Graf
2011-08-09 16:31 ` [PATCH 06/10] KVM: PPC: Add support for explicit HIOR setting Alexander Graf
2011-08-09 16:31 ` [PATCH 07/10] KVM: PPC: Add PAPR hypercall code for PR mode Alexander Graf
2011-08-09 16:40 ` Avi Kivity
2011-08-09 16:46 ` Alexander Graf
2011-08-09 16:49 ` Avi Kivity
2011-08-09 16:51 ` Alexander Graf
2011-08-09 17:01 ` Avi Kivity
2011-08-09 22:02 ` Benjamin Herrenschmidt
2011-08-12 3:35 ` David Gibson
2011-08-12 5:38 ` Alexander Graf
2011-08-12 7:43 ` David Gibson
2011-08-12 8:09 ` Alexander Graf
2011-08-09 16:31 ` [PATCH 08/10] KVM: PPC: Stub emulate CFAR and PURR SPRs Alexander Graf
2011-08-09 16:31 ` [PATCH 09/10] KVM: PPC: Support SC1 hypercalls for PAPR in PR mode Alexander Graf
2011-08-12 3:33 ` David Gibson
2011-08-12 5:35 ` Alexander Graf
2011-08-12 7:43 ` David Gibson
2011-08-12 8:07 ` Alexander Graf
2011-11-08 17:17 ` [PATCH] KVM: PPC: protect use of kvmppc_h_pr Andreas Schwab
2011-11-11 16:03 ` Alexander Graf
2011-08-09 16:31 ` [PATCH 10/10] KVM: PPC: Enable the PAPR CAP for Book3S Alexander Graf
2011-08-10 4:42 ` Paul Mackerras
2011-08-10 7:59 ` Alexander Graf
2011-08-10 12:26 ` Paul Mackerras
2011-08-10 12:29 ` Alexander Graf
2011-08-09 16:42 ` [PATCH 00/10] PAPR virtualization on PR KVM Avi Kivity
2011-08-09 16:49 ` Alexander Graf
2011-08-10 12:31 ` [PATCH 11/10] KVM: PPC: Add sanity checking to vcpu_run Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1312907508-14599-4-git-send-email-agraf@suse.de \
--to=agraf@suse.de \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).