.quad 0x0000000000000000 /* 0x53 reserved */
.quad 0x0000000000000000 /* 0x5b reserved */
- .quad 0x00cfbb000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
- .quad 0x00cfb3000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
+ .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
+ .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
.quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
.quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
.ascii ",FEATURES=writable_page_tables"
.ascii "|writable_descriptor_tables"
.ascii "|auto_translated_physmap"
+ .ascii "|ring0_kernel"
#ifdef CONFIG_X86_PAE
.ascii ",PAE=yes"
#else
regs.xes = __USER_DS;
regs.orig_eax = -1;
regs.eip = (unsigned long) kernel_thread_helper;
- regs.xcs = __KERNEL_CS;
+ regs.xcs = GET_KERNEL_CS();
regs.eflags = X86_EFLAGS_IF | X86_EFLAGS_SF | X86_EFLAGS_PF | 0x2;
/* Ok, create the new process.. */
return eip + (seg << 4);
/* By far the most common cases. */
- if (likely(seg == __USER_CS || seg == __KERNEL_CS))
+ if (likely(seg == __USER_CS || seg == GET_KERNEL_CS()))
return eip;
/* Check the segment exists, is within the current LDT/GDT size,
switch (error_code & 3) {
default: /* 3: write, present */
#ifdef TEST_VERIFY_AREA
- if (regs->cs == KERNEL_CS)
+ if (regs->cs == GET_KERNEL_CS())
printk("WP fault at %08lx\n", regs->eip);
#endif
/* fall through */
#define GDT_ENTRY_KERNEL_BASE 12
#define GDT_ENTRY_KERNEL_CS (GDT_ENTRY_KERNEL_BASE + 0)
-#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS * 8 + 1)
+#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS * 8)
+#define GET_KERNEL_CS() (__KERNEL_CS | (xen_feature(XENFEAT_ring0_kernel)?0:1) )
#define GDT_ENTRY_KERNEL_DS (GDT_ENTRY_KERNEL_BASE + 1)
-#define __KERNEL_DS (GDT_ENTRY_KERNEL_DS * 8 + 1)
+#define __KERNEL_DS (GDT_ENTRY_KERNEL_DS * 8)
+#define GET_KERNEL_DS() (__KERNEL_DS | (xen_feature(XENFEAT_ring0_kernel)?0:1) )
#define GDT_ENTRY_TSS (GDT_ENTRY_KERNEL_BASE + 4)
#define GDT_ENTRY_LDT (GDT_ENTRY_KERNEL_BASE + 5)
*/
if ( !(c->flags & VGCF_HVM_GUEST) )
{
- if ( ((c->user_regs.ss & 3) == 0) ||
+ if ( !VALID_STACKSEL(c->user_regs.ss) ||
+ !VALID_STACKSEL(c->kernel_ss) ||
!VALID_CODESEL(c->user_regs.cs) )
return -EINVAL;
int nr = smp_processor_id();
struct tss_struct *t = &init_tss[nr];
- if ( (ss & 3) != 1 )
+ if ( !VALID_STACKSEL(ss) )
return -EPERM;
current->arch.guest_context.kernel_ss = ss;
{
unsigned long base, limit;
u32 a = d->a, b = d->b;
+ u16 cs = a>>16;
/* A not-present descriptor will always fault, so is safe. */
if ( !(b & _SEGMENT_P) )
* DPL 0 -- this would get the OS ring-0 privileges).
*/
if ( (b & _SEGMENT_DPL) == 0 )
- goto bad;
+ d->b = b = b | (0x01<<13); /* Force DPL == 1 */
if ( !(b & _SEGMENT_S) )
{
goto bad;
/* Can't allow far jump to a Xen-private segment. */
- if ( !VALID_CODESEL(a>>16) )
+ if ( !VALID_CODESEL(cs) )
goto bad;
+ /*
+ * VALID_CODESEL might have fixed up the RPL for us. So be sure to
+ * update the descriptor.
+ *
+ */
+ d->a &= 0x0000ffff;
+ d->a |= cs<<16;
+
/* Reserved bits must be zero. */
if ( (b & 0xe0) != 0 )
goto bad;
int check_descriptor(struct desc_struct *d)
{
u32 a = d->a, b = d->b;
+ u16 cs = a>>16;
/* A not-present descriptor will always fault, so is safe. */
if ( !(b & _SEGMENT_P) )
goto bad;
/* Can't allow far jump to a Xen-private segment. */
- if ( !VALID_CODESEL(a>>16) )
+ if ( !VALID_CODESEL(cs) )
goto bad;
+ /*
+ * VALID_CODESEL might have fixed up the RPL for us. So be sure to
+ * update the descriptor.
+ *
+ */
+ d->a &= 0x0000ffff;
+ d->a |= cs<<16;
+
/* Reserved bits must be zero. */
if ( (b & 0xe0) != 0 )
goto bad;
#define VALID_SEL(_s) \
(((((_s)>>3) < FIRST_RESERVED_GDT_ENTRY) || ((_s)&4)) && \
(((_s)&3) == GUEST_KERNEL_RPL))
-#define VALID_CODESEL(_s) ((_s) == FLAT_KERNEL_CS || VALID_SEL(_s))
+#define VALID_CODESEL(_s) ({ \
+ if ( ((_s) & 3) == 0 ) \
+ (_s) |= GUEST_KERNEL_RPL; \
+ (_s) == FLAT_KERNEL_CS || VALID_SEL(_s); })
+#define VALID_STACKSEL(_s) ({ \
+ if ( ((_s) & 3) == 0 ) \
+ (_s) |= GUEST_KERNEL_RPL; \
+ (_s) == FLAT_KERNEL_SS || VALID_SEL(_s); })
/* These are bitmasks for the high 32 bits of a descriptor table entry. */
#define _SEGMENT_TYPE (15<< 8)
#define XENFEAT_writable_page_tables 0
#define XENFEAT_writable_descriptor_tables 1
#define XENFEAT_auto_translated_physmap 2
+#define XENFEAT_ring0_kernel 3
#define XENFEAT_NR_SUBMAPS 1
projects / xen.git / commitdiff