git.baikalelectronics.ru Git - kernel.git/commit

author	Nadav Amit <namit@cs.technion.ac.il>
	Wed, 19 Nov 2014 15:43:10 +0000 (17:43 +0200)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Wed, 19 Nov 2014 17:17:58 +0000 (18:17 +0100)
commit	15bb3a550f5cf5c917e9c3132b6d89af20a93371
tree	24a94f85670a4803ea62993bf34ebebe5731f633	tree \| snapshot
parent	89f3982eb3fa09c8ab24a0427c967ec95f690538	commit \| diff

KVM: x86: Emulator performs privilege checks on __linearize

When segment is accessed, real hardware does not perform any privilege level
checks. In contrast, KVM emulator does. This causes some discrepencies from
real hardware. For instance, reading from readable code segment may fail due to
incorrect segment checks. In addition, it introduces unnecassary overhead.

To reference Intel SDM 5.5 ("Privilege Levels"): "Privilege levels are checked
when the segment selector of a segment descriptor is loaded into a segment
register." The SDM never mentions privilege level checks during memory access,
except for loading far pointers in section 5.10 ("Pointer Validation"). Those
are actually segment selector loads and are emulated in the similarily (i.e.,
regardless to __linearize checks).

This behavior was also checked using sysexit. A data-segment whose DPL=0 was
loaded, and after sysexit (CPL=3) it is still accessible.

Therefore, all the privilege level checks in __linearize are removed.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>