From patchwork Thu Sep 20 07:08:41 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gibson X-Patchwork-Id: 185348 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 7C01C2C0078 for ; Thu, 20 Sep 2012 17:08:38 +1000 (EST) Received: from localhost ([::1]:41724 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TEasG-0008QV-Cw for incoming@patchwork.ozlabs.org; Thu, 20 Sep 2012 03:08:36 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60357) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TEarx-00088P-Tc for qemu-devel@nongnu.org; Thu, 20 Sep 2012 03:08:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TEars-0004ho-2G for qemu-devel@nongnu.org; Thu, 20 Sep 2012 03:08:17 -0400 Received: from ozlabs.org ([203.10.76.45]:38242) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TEarr-0004hI-N8; Thu, 20 Sep 2012 03:08:11 -0400 Received: by ozlabs.org (Postfix, from userid 1007) id ACDA52C0078; Thu, 20 Sep 2012 17:08:07 +1000 (EST) From: David Gibson To: agraf@suse.de Date: Thu, 20 Sep 2012 17:08:41 +1000 Message-Id: <1348124922-24263-2-git-send-email-david@gibson.dropbear.id.au> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1348124922-24263-1-git-send-email-david@gibson.dropbear.id.au> References: <1348124922-24263-1-git-send-email-david@gibson.dropbear.id.au> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 203.10.76.45 Cc: David Gibson , qemu-ppc@nongnu.org, qemu-devel@nongnu.org, qemu-stable@nongnu.org Subject: [Qemu-devel] [PATCH 1/2] pseries: Synchronize qemu and KVM state on hypercalls X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Currently the KVM exit path for PAPR hypercalls does not synchronize the qemu cpu state with the KVM state. Mostly this works, because the actual hypercall arguments and return values are explicitly passed through the kvm_run structure. However, the hypercall path includes a privilege check, to ensure that only the guest kernel can invoke hypercalls, not the guest userspace. Because of the lack of sync, this privilege check will use an out of date copy of the MSR, which could lead either to guest userspace being able to invoke hypercalls (a security hole for the guest) or to the guest kernel being incorrectly refused privilege leading to various other failures. This patch fixes the bug by forcing a synchronization on the hypercall exit path. This does mean we have a potentially quite expensive get and set of the state, however performance critical hypercalls are generally already implemented inside KVM so this probably won't matter. If it is a performance problem we can optimize it later by having the kernel perform the privilege check. That will need a new capability, however, since qemu will still need the privilege check for older kernels. Signed-off-by: David Gibson --- target-ppc/kvm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 546c116..78a47fb 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -813,6 +813,7 @@ int kvm_arch_handle_exit(CPUPPCState *env, struct kvm_run *run) #ifdef CONFIG_PSERIES case KVM_EXIT_PAPR_HCALL: dprintf("handle PAPR hypercall\n"); + cpu_synchronize_state(env); run->papr_hcall.ret = spapr_hypercall(env, run->papr_hcall.nr, run->papr_hcall.args); ret = 0;