ia64/xen-unstable

changeset 8115:d0ca851445e2

Fix vmx guest issue of allowing accessing supervisor page
from user level program.
In shadow fault, we need to check U/S bit in error code.
It is just a fix for shadow32.c, for x86_64 code and
public code, it is already handled.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
author kaf24@firebug.cl.cam.ac.uk
date Tue Nov 29 11:48:33 2005 +0100 (2005-11-29)
parents a1e99c0104cb
children 450c562b76aa
files xen/arch/x86/shadow32.c
line diff
     1.1 --- a/xen/arch/x86/shadow32.c	Tue Nov 29 11:42:21 2005 +0100
     1.2 +++ b/xen/arch/x86/shadow32.c	Tue Nov 29 11:48:33 2005 +0100
     1.3 @@ -2680,6 +2680,16 @@ int shadow_fault(unsigned long va, struc
     1.4              domain_crash_synchronous();
     1.5          }
     1.6  
     1.7 +        /* User access violation in guest? */
     1.8 +        if ( unlikely((regs->error_code & 4) && 
     1.9 +                      !(l1e_get_flags(gpte) & _PAGE_USER)))
    1.10 +        {
    1.11 +            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", 
    1.12 +                    l1e_get_intpte(gpte));
    1.13 +            goto fail;
    1.14 +
    1.15 +        }
    1.16 +
    1.17          if ( unlikely(!l1pte_write_fault(v, &gpte, &spte, va)) )
    1.18          {
    1.19              SH_VVLOG("shadow_fault - EXIT: l1pte_write_fault failed");
    1.20 @@ -2693,6 +2703,16 @@ int shadow_fault(unsigned long va, struc
    1.21      }
    1.22      else
    1.23      {
    1.24 +        /* Read-protection violation in guest? */
    1.25 +        if ( unlikely((regs->error_code & 1) ))
    1.26 +        {
    1.27 +            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", 
    1.28 +                    l1e_get_intpte(gpte));
    1.29 +            goto fail;
    1.30 +
    1.31 +        }
    1.32 +
    1.33 +
    1.34          if ( !l1pte_read_fault(d, &gpte, &spte) )
    1.35          {
    1.36              SH_VVLOG("shadow_fault - EXIT: l1pte_read_fault failed");