|
From: | Paolo Bonzini |
Subject: | Re: [Qemu-devel] [PATCH] SMI handler should set the CPL to zero and save and restore it on rsm. |
Date: | Sun, 27 Apr 2014 16:29:25 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
Il 27/04/2014 14:22, Marcel Apfelbaum ha scritto:
On Sat, 2014-04-26 at 11:06 +0200, Paolo Bonzini wrote:Il 25/04/2014 19:17, Kevin O'Connor ha scritto:The current SMI interrupt handler is being run with the same CPL as the code it interrupts. If the existing code is running with CPL=3, then the SMI handler can cause spurious exceptions. The System Management Mode (SMM) should always run at the highest protection level.KVM computes the CPL as follows: if (CR0.PE == 0) return 0; if (!EFER.LMA && EFLAGS.VM) return 3; return CS.selector & 3;Hi Paolo, The above algorithm is correct only for the protected mode, right?
The CR0.PE == 0 case is for real mode.You're right that for the real->protected transition time CS.selector's low 3 bits can be anything, while CR0.PE is already 1 *and* CPL is still zero. Kevin's patch should handle this right for TCG, but there may be indeed a KVM bug looming.
For real-address mode is not correct (taken from the Intel Dev Manual and not from my limited knowledge). Why don't we use the value of the DPL field from SS which is always equal to the logical processor’s CPL?
The Intel manual says the CPL is "the protection level of the currently executing code segment".
CS.DPL is indeed != CPL for conforming code segments.
Of course, there is only a short period of time the processor is not on protected mode, but in this time is is possible that the CS segment selector is changed and the CPL with it... Any thoughts? Makes sense to change the way the KVM computes the CPL?
If it ain't broken... :) but perhaps it is broken. Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |