[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5] x86/hvm: Allow guest_request vm_events coming from userspace



>>> On 14.08.17 at 17:53, <tamas@xxxxxxxxxxxxx> wrote:
> On Tue, Aug 8, 2017 at 2:27 AM, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx> 
> wrote:
>> --- a/xen/arch/x86/hvm/hypercall.c
>> +++ b/xen/arch/x86/hvm/hypercall.c
>> @@ -155,6 +155,11 @@ int hvm_hypercall(struct cpu_user_regs *regs)
>>          /* Fallthrough to permission check. */
>>      case 4:
>>      case 2:
>> +        if ( currd->arch.monitor.guest_request_userspace_enabled &&
>> +            eax == __HYPERVISOR_hvm_op &&
>> +            (mode == 8 ? regs->rdi : regs->ebx) == 
>> HVMOP_guest_request_vm_event )
>> +            break;
>> +
> 
> So the CPL check happens after the monitor check, which means this
> will trigger regardless if the hypercall is coming from userspace or
> kernelspace. Since the monitor option specifically says userspace,
> this should probably get moved into the block where CPL was checked.

What difference would this make? For CPL0 the hypercall is
permitted anyway, and for CPL > 0 we specifically want to bypass
the CPL check. Or are you saying you want to restrict the new
check to just CPL3?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.