Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALMp9eT_G_Mhsk1k7Xc8L+bnpFwTUoC=ae4LhB1ppqKynKEQ9g@mail.gmail.com>
Date: Fri, 17 Feb 2017 09:49:42 -0800
From: Jim Mattson <jmattson@...gle.com>
To: Thomas Garnier <thgarnie@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	"H . Peter Anvin" <hpa@...or.com>, Andrey Ryabinin <aryabinin@...tuozzo.com>, 
	Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>, 
	Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>, 
	Paul Gortmaker <paul.gortmaker@...driver.com>, Andy Lutomirski <luto@...capital.net>, 
	"Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, 
	Jiri Kosina <jikos@...nel.org>, Matt Fleming <matt@...eblueprint.co.uk>, 
	Ard Biesheuvel <ard.biesheuvel@...aro.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, 
	Juergen Gross <jgross@...e.com>, Rusty Russell <rusty@...tcorp.com.au>, 
	Peter Zijlstra <peterz@...radead.org>, Christian Borntraeger <borntraeger@...ibm.com>, 
	"Luis R . Rodriguez" <mcgrof@...nel.org>, He Chen <he.chen@...ux.intel.com>, 
	Brian Gerst <brgerst@...il.com>, Stanislaw Gruszka <sgruszka@...hat.com>, Arnd Bergmann <arnd@...db.de>, 
	Adam Buchbinder <adam.buchbinder@...il.com>, Dave Hansen <dave.hansen@...el.com>, 
	Vitaly Kuznetsov <vkuznets@...hat.com>, Josh Poimboeuf <jpoimboe@...hat.com>, 
	Tim Chen <tim.c.chen@...ux.intel.com>, Rik van Riel <riel@...hat.com>, 
	Andi Kleen <ak@...ux.intel.com>, Jiri Olsa <jolsa@...hat.com>, 
	Michael Ellerman <mpe@...erman.id.au>, Joerg Roedel <joro@...tes.org>, 
	Paolo Bonzini <pbonzini@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, 
	x86@...nel.org, linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com, 
	linux-pm@...r.kernel.org, linux-efi@...r.kernel.org, 
	xen-devel@...ts.xenproject.org, lguest@...ts.ozlabs.org, kvm@...r.kernel.org, 
	kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v3 4/4] KVM: VMX: Simplify segment_base

Can we use the read-only GDT here? When expanding the virtual address
for 64-bit system descriptors, isn't it sufficient to check (d->s == 0
&& d->type != 0)?

On Tue, Feb 14, 2017 at 11:42 AM, Thomas Garnier <thgarnie@...gle.com> wrote:
> The KVM segment_base function is confusing. This patch replaces integers
> with appropriate flags, simplify constructs and add comments.
>
> Signed-off-by: Thomas Garnier <thgarnie@...gle.com>
> ---
> Based on next-20170213
> ---
>  arch/x86/kvm/vmx.c | 26 ++++++++++++++++++--------
>  1 file changed, 18 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 99167f20bc34..edb8326108dd 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -2062,25 +2062,35 @@ static unsigned long segment_base(u16 selector)
>         struct desc_struct *d;
>         unsigned long table_base;
>         unsigned long v;
> +       u32 high32;
>
> -       if (!(selector & ~3))
> +       if (!(selector & ~SEGMENT_RPL_MASK))
>                 return 0;
>
> -       table_base = get_current_gdt_rw_vaddr();
> -
> -       if (selector & 4) {           /* from ldt */
> +       /* LDT selector */
> +       if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) {
>                 u16 ldt_selector = kvm_read_ldt();
>
> -               if (!(ldt_selector & ~3))
> +               if (!(ldt_selector & ~SEGMENT_RPL_MASK))
>                         return 0;
>
>                 table_base = segment_base(ldt_selector);
> +       } else {
> +               table_base = get_current_gdt_rw_vaddr();
>         }
> -       d = (struct desc_struct *)(table_base + (selector & ~7));
> +
> +       d = (struct desc_struct *)table_base + (selector >> 3);
>         v = get_desc_base(d);
>  #ifdef CONFIG_X86_64
> -       if (d->s == 0 && (d->type == 2 || d->type == 9 || d->type == 11))
> -               v |= ((unsigned long)((struct ldttss_desc64 *)d)->base3) << 32;
> +       /*
> +        * Extend the virtual address if we have a system descriptor entry for
> +        * LDT or TSS (available or busy).
> +        */
> +       if (d->s == 0 && (d->type == DESC_LDT || d->type == DESC_TSS ||
> +                         d->type == 11/*Busy TSS */)) {
> +               high32 = ((struct ldttss_desc64 *)d)->base3;
> +               v |= (u64)high32 << 32;
> +       }
>  #endif
>         return v;
>  }
> --
> 2.11.0.483.g087da7b7c-goog
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.