Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL

Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL

[Wei Huang]

> Another day, another CPL patch...
>
> It turns out that the simple approach of getting CPL from SS.DPL
> broke x86/taskswitch2.flat.  To fix that, already "imagine" that the
> CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors
> during task switches.  This removes the hack where task switches call
> kvm_set_rflags to override the VM flag (patch 2).

My understanding about this problem is that during task switch, the
CPL might be inconsistent with SS.DPL. This breaks the assumption
of previous patch (i.e. patch 4). To fix this problem, we have to rely
on CS.RPL to figure out CPL.

If so , my question: is there other special cases similar to task switch
which can break patch 4?

>
> While at it, add a new privilege test during task switches that is
> missing.
>
> Patch 4 is the same as before.
>
> Paolo Bonzini (4):
>   KVM: x86: use new CS.RPL as CPL during task switch
>   KVM: x86: drop set_rflags callback
>   KVM: x86: check CS.DPL against RPL during task switch
>   KVM: x86: get CPL from SS.DPL
>
>  arch/x86/include/asm/kvm_emulate.h |  1 -
>  arch/x86/include/asm/kvm_host.h    |  1 -
>  arch/x86/kvm/emulate.c             | 63 ++++++++++++++++++++++----------------
>  arch/x86/kvm/svm.c                 | 35 +++++++++------------
>  arch/x86/kvm/vmx.c                 | 24 +++------------
>  arch/x86/kvm/x86.c                 |  6 ----
>  6 files changed, 54 insertions(+), 76 deletions(-)

Re: [PATCH v2 0/4] KVM: x86: get CPL from SS.DPL

[Paolo Bonzini]

Il 26/05/2014 00:58, Wei Huang ha scritto:
> If so , my question: is there other special cases similar to task switch
> which can break patch 4?

I don't think so.  CPL can only change when SS is loaded, i.e. for 
inter-privilege transfers that aren't far calls or far jumps to a 
conforming code segment.

I count only three such cases (protected mode int, protected mode iret, 
call gate), none of which is implemented in the KVM emulator.  In fact, 
the emulator doesn't implement task gates either---luckily all 
information about the destination task is provided by the processor in 
the VMCB or VMCS.

Paolo

[PATCH v2 0/4] KVM: x86: get CPL from SS.DPL

[Paolo Bonzini]

Another day, another CPL patch...

It turns out that the simple approach of getting CPL from SS.DPL
broke x86/taskswitch2.flat.  To fix that, already "imagine" that the
CPL is CS.RPL, or 3 for VM86 tasks, while loading segment descriptors
during task switches.  This removes the hack where task switches call
kvm_set_rflags to override the VM flag (patch 2).

While at it, add a new privilege test during task switches that is
missing.

Patch 4 is the same as before.

Paolo Bonzini (4):
  KVM: x86: use new CS.RPL as CPL during task switch
  KVM: x86: drop set_rflags callback
  KVM: x86: check CS.DPL against RPL during task switch
  KVM: x86: get CPL from SS.DPL

 arch/x86/include/asm/kvm_emulate.h |  1 -
 arch/x86/include/asm/kvm_host.h    |  1 -
 arch/x86/kvm/emulate.c             | 63 ++++++++++++++++++++++----------------
 arch/x86/kvm/svm.c                 | 35 +++++++++------------
 arch/x86/kvm/vmx.c                 | 24 +++------------
 arch/x86/kvm/x86.c                 |  6 ----
 6 files changed, 54 insertions(+), 76 deletions(-)

-- 
1.8.3.1