[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJcbSZEkqFPVNzygmAjkyxNssZxnJTYBYuMbvjms+3ZGcCY_sQ@mail.gmail.com>
Date: Fri, 17 Feb 2017 14:01:29 -0800
From: Thomas Garnier <thgarnie@...gle.com>
To: Jim Mattson <jmattson@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>,
Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>,
Paul Gortmaker <paul.gortmaker@...driver.com>, Andy Lutomirski <luto@...capital.net>,
"Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
Jiri Kosina <jikos@...nel.org>, Matt Fleming <matt@...eblueprint.co.uk>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>, Rusty Russell <rusty@...tcorp.com.au>,
Peter Zijlstra <peterz@...radead.org>, Christian Borntraeger <borntraeger@...ibm.com>,
"Luis R . Rodriguez" <mcgrof@...nel.org>, He Chen <he.chen@...ux.intel.com>,
Brian Gerst <brgerst@...il.com>, Stanislaw Gruszka <sgruszka@...hat.com>, Arnd Bergmann <arnd@...db.de>,
Adam Buchbinder <adam.buchbinder@...il.com>, Dave Hansen <dave.hansen@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>, Josh Poimboeuf <jpoimboe@...hat.com>,
Tim Chen <tim.c.chen@...ux.intel.com>, Rik van Riel <riel@...hat.com>,
Andi Kleen <ak@...ux.intel.com>, Jiri Olsa <jolsa@...hat.com>,
Michael Ellerman <mpe@...erman.id.au>, Joerg Roedel <joro@...tes.org>,
Paolo Bonzini <pbonzini@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>,
"the arch/x86 maintainers" <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
kasan-dev <kasan-dev@...glegroups.com>, Linux PM list <linux-pm@...r.kernel.org>,
linux-efi@...r.kernel.org, xen-devel@...ts.xenproject.org,
lguest@...ts.ozlabs.org, kvm list <kvm@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v3 4/4] KVM: VMX: Simplify segment_base
On Fri, Feb 17, 2017 at 1:00 PM, Jim Mattson <jmattson@...gle.com> wrote:
> On Fri, Feb 17, 2017 at 12:11 PM, Thomas Garnier <thgarnie@...gle.com> wrote:
>> On Fri, Feb 17, 2017 at 9:49 AM, Jim Mattson <jmattson@...gle.com> wrote:
>>>
>>> Can we use the read-only GDT here? When expanding the virtual address
>>> for 64-bit system descriptors, isn't it sufficient to check (d->s == 0
>>> && d->type != 0)?
>>
>> We can use the readonly GDT but I think doesn't matter one or the
>> other here. We have to check specific types for LDT or TSS, other
>> values describe other entries (cf Intel volume 3, 3.5) (for example 14
>> & 15 on 64-bits are for trap & interrupt gates).
>
> According to volume 3 of the SDM, section 3.5.2:
>
> The following system descriptors expand to 16 bytes:
> — Call gate descriptors (see Section 5.8.3.1, “IA-32e Mode Call Gates”)
> — IDT gate descriptors (see Section 6.14.1, “64-Bit Mode IDT”)
> — LDT and TSS descriptors (see Section 7.2.3, “TSS Descriptor in 64-bit mode”).
>
> All legal system descriptor types (except for 0: Upper 8 bytes of an 16-byte
> descriptor) should get the high 32 bits of the base address from the next 8-byte
> descriptor.
>
Ok, then I will test an updated version next week.
>>
>>>
>>>
>>> On Tue, Feb 14, 2017 at 11:42 AM, Thomas Garnier <thgarnie@...gle.com> wrote:
>>> > The KVM segment_base function is confusing. This patch replaces integers
>>> > with appropriate flags, simplify constructs and add comments.
>>> >
>>> > Signed-off-by: Thomas Garnier <thgarnie@...gle.com>
>>> > ---
>>> > Based on next-20170213
>>> > ---
>>> > arch/x86/kvm/vmx.c | 26 ++++++++++++++++++--------
>>> > 1 file changed, 18 insertions(+), 8 deletions(-)
>>> >
>>> > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> > index 99167f20bc34..edb8326108dd 100644
>>> > --- a/arch/x86/kvm/vmx.c
>>> > +++ b/arch/x86/kvm/vmx.c
>>> > @@ -2062,25 +2062,35 @@ static unsigned long segment_base(u16 selector)
>>> > struct desc_struct *d;
>>> > unsigned long table_base;
>>> > unsigned long v;
>>> > + u32 high32;
>>> >
>>> > - if (!(selector & ~3))
>>> > + if (!(selector & ~SEGMENT_RPL_MASK))
>>> > return 0;
>>> >
>>> > - table_base = get_current_gdt_rw_vaddr();
>>> > -
>>> > - if (selector & 4) { /* from ldt */
>>> > + /* LDT selector */
>>> > + if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) {
>>> > u16 ldt_selector = kvm_read_ldt();
>>> >
>>> > - if (!(ldt_selector & ~3))
>>> > + if (!(ldt_selector & ~SEGMENT_RPL_MASK))
>>> > return 0;
>>> >
>>> > table_base = segment_base(ldt_selector);
>>> > + } else {
>>> > + table_base = get_current_gdt_rw_vaddr();
>>> > }
>>> > - d = (struct desc_struct *)(table_base + (selector & ~7));
>>> > +
>>> > + d = (struct desc_struct *)table_base + (selector >> 3);
>>> > v = get_desc_base(d);
>>> > #ifdef CONFIG_X86_64
>>> > - if (d->s == 0 && (d->type == 2 || d->type == 9 || d->type == 11))
>>> > - v |= ((unsigned long)((struct ldttss_desc64 *)d)->base3) << 32;
>>> > + /*
>>> > + * Extend the virtual address if we have a system descriptor entry for
>>> > + * LDT or TSS (available or busy).
>>> > + */
>>> > + if (d->s == 0 && (d->type == DESC_LDT || d->type == DESC_TSS ||
>>> > + d->type == 11/*Busy TSS */)) {
>>> > + high32 = ((struct ldttss_desc64 *)d)->base3;
>>> > + v |= (u64)high32 << 32;
>>> > + }
>>> > #endif
>>> > return v;
>>> > }
>>> > --
>>> > 2.11.0.483.g087da7b7c-goog
>>> >
>>
>>
>>
>>
>> --
>> Thomas
--
Thomas
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
