UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/arch/x86/kvm
History
Nadav Amit a7315d2f3c KVM: x86: Emulator performs privilege checks on __linearize 
When segment is accessed, real hardware does not perform any privilege level
checks.  In contrast, KVM emulator does. This causes some discrepencies from
real hardware. For instance, reading from readable code segment may fail due to
incorrect segment checks. In addition, it introduces unnecassary overhead.

To reference Intel SDM 5.5 ("Privilege Levels"): "Privilege levels are checked
when the segment selector of a segment descriptor is loaded into a segment
register." The SDM never mentions privilege level checks during memory access,
except for loading far pointers in section 5.10 ("Pointer Validation"). Those
are actually segment selector loads and are emulated in the similarily (i.e.,
regardless to __linearize checks).

This behavior was also checked using sysexit. A data-segment whose DPL=0 was
loaded, and after sysexit (CPL=3) it is still accessible.

Therefore, all the privilege level checks in __linearize are removed.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 		2014-11-19 18:17:58 +01:00
..
Kconfig KVM: Give IRQFD its own separate enabling Kconfig option 2014-08-05 14:26:28 +02:00
Makefile kvm: Add VFIO device 2013-10-30 19:02:03 +01:00
cpuid.c KVM: x86: Enable Intel AVX-512 for guest 2014-11-03 12:07:30 +01:00
cpuid.h KVM: x86: Warn if guest virtual address space is not 48-bits 2014-09-24 14:07:48 +02:00
emulate.c KVM: x86: Emulator performs privilege checks on __linearize 2014-11-19 18:17:58 +01:00
i8254.c KVM: x86: Improve thread safety in pit 2014-10-24 13:21:14 +02:00
i8254.h KVM: fold kvm_pit_timer into kvm_kpit_state 2012-08-01 00:21:07 -03:00
i8259.c KVM: inject ExtINT interrupt before APIC interrupts 2012-12-13 23:05:21 -02:00
irq.c KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use 2014-08-05 15:00:24 +02:00
irq.h KVM: switch to symbolic name for irq_states size 2012-07-20 16:12:16 -03:00
kvm_cache_regs.h KVM: MMU: Do not unconditionally read PDPTE from guest memory 2011-09-25 19:18:01 +03:00
lapic.c KVM: x86: Fix lost interrupt on irr_pending race 2014-11-17 12:16:20 +01:00
lapic.h KVM: x86: optimize some accesses to LVTT and SPIV 2014-11-03 12:07:32 +01:00
mmu.c kvm: x86: vmx: remove MMIO_MAX_GEN 2014-11-18 11:12:18 +01:00
mmu.h KVM: mmio: cleanup kvm_set_mmio_spte_mask 2014-09-03 10:04:10 +02:00
mmu_audit.c arch/x86: replace strict_strto calls 2014-08-08 15:57:28 -07:00
mmutrace.h x86/kvm: Resolve shadow warnings in macro expansion 2014-07-31 16:33:29 +02:00
paging_tmpl.h KVM: x86: Wrong assertion on paging_tmpl.h 2014-10-24 13:30:37 +02:00
pmu.c KVM: x86: Clarify PMU related features bit manipulation 2014-08-20 13:01:25 +02:00
svm.c kvm: svm: move WARN_ON in svm_adjust_tsc_offset 2014-11-13 11:56:11 +01:00
trace.h kvm: x86: add trace event for pvclock updates 2014-11-08 08:20:55 +01:00
tss.h KVM: x86: hardware task switching support 2008-04-27 12:00:39 +03:00
vmx.c kvm: x86: vmx: cleanup handle_ept_violation 2014-11-18 11:07:53 +01:00
x86.c kvm: svm: move WARN_ON in svm_adjust_tsc_offset 2014-11-13 11:56:11 +01:00
x86.h KVM: x86: Enable Intel AVX-512 for guest 2014-11-03 12:07:30 +01:00