WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] fix issue of accessing supervisor page from ring3 in

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest
From: "Ling, Xiaofeng" <xiaofeng.ling@xxxxxxxxx>
Date: Tue, 29 Nov 2005 15:31:17 +0800
Delivery-date: Tue, 29 Nov 2005 07:33:48 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent  ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and
public code, it is already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>

diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c   Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c   Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
             domain_crash_synchronous();
         }

+        /* uer runlevel to access vilation error in guest? */
+        if ( unlikely((regs->error_code & 4) &&
+                      !(l1e_get_flags(gpte) & _PAGE_USER)))
+        {
+ SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")",
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
         if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
     }
     else
     {
+        /* protection violation error(read) in guest? */
+        if ( unlikely((regs->error_code & 1) ))
+        {
+ SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")",
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
+
         if ( !l1pte_read_fault(d, &gpte, &spte) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>
# Node ID b832c9f342065a84991b4fbf0e30749225995228
# Parent  ff879b0ac94170c3b1354fa5e297684ecffb834f
Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and 
public code, it is already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>

diff -r eb213ab53c9b xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c   Fri Nov 25 13:07:07 2005 +0800
+++ b/xen/arch/x86/shadow32.c   Fri Nov 25 13:47:48 2005 +0800
@@ -2693,6 +2693,16 @@
             domain_crash_synchronous();
         }
 
+        /* uer runlevel to access vilation error in guest? */
+        if ( unlikely((regs->error_code & 4) && 
+                      !(l1e_get_flags(gpte) & _PAGE_USER)))
+        {
+            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte 
")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
         if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
@@ -2706,6 +2716,16 @@
     }
     else
     {
+        /* protection violation error(read) in guest? */
+        if ( unlikely((regs->error_code & 1) ))
+        {
+            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte 
")", 
+                    l1e_get_intpte(gpte));
+            goto fail;
+
+        }
+
+
         if ( !l1pte_read_fault(d, &gpte, &spte) )
         {
             SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] fix issue of accessing supervisor page from ring3 in vmx guest, Ling, Xiaofeng <=