From: Zhang Xiantao <xiantao.zhang@intel.com>
If permission check fails, inject EPT violation vmexit to guest.
Signed-off-by: Zhang Xiantao <xiantao.zhang@intel.com>
Signed-off-by: Xu Dongxiao<dongxiao.xu@intel.com>
---
xen/arch/x86/mm/hap/nested_ept.c | 24 ++++++++++++++++++++----
1 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/mm/hap/nested_ept.c b/xen/arch/x86/mm/hap/nested_ept.c
index da868e7..2d733a8 100644
--- a/xen/arch/x86/mm/hap/nested_ept.c
+++ b/xen/arch/x86/mm/hap/nested_ept.c
@@ -272,6 +272,16 @@ unmap:
return ret;
}
+static
+bool_t nept_permission_check(uint32_t rwx_acc, uint32_t rwx_bits)
+{
+ if ( ((rwx_acc & 0x1) && !(rwx_bits & 0x1)) ||
+ ((rwx_acc & 0x2) && !(rwx_bits & 0x2 )) ||
+ ((rwx_acc & 0x4) && !(rwx_bits & 0x4 )) )
+ return 0;
+ return 1;
+}
+
/* Translate a L2 guest address to L1 gpa via L1 EPT paging structure */
int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga,
@@ -301,11 +311,17 @@ int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga,
rwx_bits = gw.l4e.l4 & gw.l3e.l3 & 0x7;
*page_order = 18;
}
- else
+ else {
gdprintk(XENLOG_ERR, "Uncorrect l1 entry!\n");
-
- *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
- break;
+ BUG();
+ }
+ if ( nept_permission_check(rwx_acc, rwx_bits) )
+ {
+ *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
+ break;
+ }
+ rc = EPT_TRANSLATE_VIOLATION;
+ /* Fall through to EPT violation if permission check fails. */
case EPT_TRANSLATE_VIOLATION:
*exit_qual = (*exit_qual & 0xffffffc0) | (rwx_bits << 3) | rwx_acc;
*exit_reason = EXIT_REASON_EPT_VIOLATION;
--
1.7.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
If permission check fails, inject EPT violation vmexit to guest.
Signed-off-by: Zhang Xiantao <xiantao.zhang@intel.com>
Signed-off-by: Xu Dongxiao<dongxiao.xu@intel.com>
---
xen/arch/x86/mm/hap/nested_ept.c | 24 ++++++++++++++++++++----
1 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/mm/hap/nested_ept.c b/xen/arch/x86/mm/hap/nested_ept.c
index da868e7..2d733a8 100644
--- a/xen/arch/x86/mm/hap/nested_ept.c
+++ b/xen/arch/x86/mm/hap/nested_ept.c
@@ -272,6 +272,16 @@ unmap:
return ret;
}
+static
+bool_t nept_permission_check(uint32_t rwx_acc, uint32_t rwx_bits)
+{
+ if ( ((rwx_acc & 0x1) && !(rwx_bits & 0x1)) ||
+ ((rwx_acc & 0x2) && !(rwx_bits & 0x2 )) ||
+ ((rwx_acc & 0x4) && !(rwx_bits & 0x4 )) )
+ return 0;
+ return 1;
+}
+
/* Translate a L2 guest address to L1 gpa via L1 EPT paging structure */
int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga,
@@ -301,11 +311,17 @@ int nept_translate_l2ga(struct vcpu *v, paddr_t l2ga,
rwx_bits = gw.l4e.l4 & gw.l3e.l3 & 0x7;
*page_order = 18;
}
- else
+ else {
gdprintk(XENLOG_ERR, "Uncorrect l1 entry!\n");
-
- *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
- break;
+ BUG();
+ }
+ if ( nept_permission_check(rwx_acc, rwx_bits) )
+ {
+ *l1gfn = guest_l1e_get_paddr(gw.l1e) >> PAGE_SHIFT;
+ break;
+ }
+ rc = EPT_TRANSLATE_VIOLATION;
+ /* Fall through to EPT violation if permission check fails. */
case EPT_TRANSLATE_VIOLATION:
*exit_qual = (*exit_qual & 0xffffffc0) | (rwx_bits << 3) | rwx_acc;
*exit_reason = EXIT_REASON_EPT_VIOLATION;
--
1.7.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel