Re: [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts

From:	Richard Henderson
Subject:	Re: [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts and call gates
Date:	Wed, 10 Jul 2024 08:57:20 -0700
User-agent:	Mozilla Thunderbird

On 7/9/24 23:29, Paolo Bonzini wrote:

This fixes a bug wherein i386/tcg assumed an interrupt return using
the CALL or JMP instructions were always going from kernel or user mode to
kernel mode, when using a call gate. This assumption is violated if
the call gate has a DPL that is greater than 0.

In addition, the stack accesses should count as explicit, not implicit
("kernel" in QEMU code), so that SMAP is not applied if DPL=3.

Analyzed-by: Robert R. Henry<rrh.henry@gmail.com>
Resolves:https://gitlab.com/qemu-project/qemu/-/issues/249
Signed-off-by: Paolo Bonzini<pbonzini@redhat.com>
---
  target/i386/tcg/seg_helper.c | 13 ++++++-------
  1 file changed, 6 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson <richard.henderson@linaro.org>


r~

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 02/10] target/i386/tcg: Allow IRET from user mode to user mode with SMAP, (continued)
- [PATCH 02/10] target/i386/tcg: Allow IRET from user mode to user mode with SMAP, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 02/10] target/i386/tcg: Allow IRET from user mode to user mode with SMAP, Richard Henderson, 2024/07/10
- [PATCH 01/10] target/i386/tcg: Remove SEG_ADDL, Paolo Bonzini, 2024/07/10
- [PATCH 03/10] target/i386/tcg: use PUSHL/PUSHW for error code, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 03/10] target/i386/tcg: use PUSHL/PUSHW for error code, Richard Henderson, 2024/07/10
- [PATCH 04/10] target/i386/tcg: Reorg push/pop within seg_helper.c, Paolo Bonzini, 2024/07/10
- [PATCH 05/10] target/i386/tcg: Introduce x86_mmu_index_{kernel_,}pl, Paolo Bonzini, 2024/07/10
- [PATCH 06/10] target/i386/tcg: Compute MMU index once, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 06/10] target/i386/tcg: Compute MMU index once, Richard Henderson, 2024/07/10
- [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts and call gates, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts and call gates, Richard Henderson <=
- [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task, Richard Henderson, 2024/07/10
- [PATCH 09/10] target/i386/tcg: use X86Access for TSS access, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 09/10] target/i386/tcg: use X86Access for TSS access, Richard Henderson, 2024/07/10
    - Re: [PATCH 09/10] target/i386/tcg: use X86Access for TSS access, Paolo Bonzini, 2024/07/10
    - Re: [PATCH 09/10] target/i386/tcg: use X86Access for TSS access, Paolo Bonzini, 2024/07/11
    - Re: [PATCH 09/10] target/i386/tcg: use X86Access for TSS access, Richard Henderson, 2024/07/11
- [PATCH 10/10] target/i386/tcg: save current task state before loading new one, Paolo Bonzini, 2024/07/10
  - Re: [PATCH 10/10] target/i386/tcg: save current task state before loading new one, Richard Henderson, 2024/07/10
- Re: [PATCH 00/10] target/i386/tcg: fixes for seg_helper.c, Robert Henry, 2024/07/10

Prev by Date: Re: [PATCH 06/10] target/i386/tcg: Compute MMU index once
Next by Date: Re: [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task
Previous by thread: [PATCH 07/10] target/i386/tcg: Use DPL-level accesses for interrupts and call gates
Next by thread: [PATCH 08/10] target/i386/tcg: check for correct busy state before switching to a new task
Index(es):
- Date
- Thread