|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/stackframe/32: repair 32-bit Xen PV
On Thu, Oct 24, 2019 at 9:32 AM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: > > On 24/10/2019 17:11, Andy Lutomirski wrote: > >> +# define USER_SEGMENT_RPL_MASK (SEGMENT_RPL_MASK & ~1) > >> +#endif > >> + > >> .section .entry.text, "ax" > >> > >> /* > >> @@ -172,7 +183,7 @@ > >> ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI > >> .if \no_user_check == 0 > >> /* coming from usermode? */ > >> - testl $SEGMENT_RPL_MASK, PT_CS(%esp) > >> + testl $USER_SEGMENT_RPL_MASK, PT_CS(%esp) > > Shouldn't PT_CS(%esp) be 0 if we came from the kernel? I'm guessing > > the actual bug is in whatever code put 1 in here in the first place. > > Ring1 kernels (32bit) consistently see RPL1 everywhere under Xen. > > Back in the days of a 32bit Xen, int $0x80 really was wired directly > from ring 3 to 1, and didn't bounce through Xen. This isn't possible in > long mode, because all IDT gates are required to be 64bit code segments. > > Ring3 kernels (64bit) consistently see RPL0 everywhere under Xen, > because presumably this was less invasive when designing the ABI. > OK, gotcha. So I'm fine with this patch if you improve the comment and definition. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |