From patchwork Thu Feb 16 21:54:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Garnier X-Patchwork-Id: 9578427 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2374460209 for ; Thu, 16 Feb 2017 21:55:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1595328679 for ; Thu, 16 Feb 2017 21:55:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 09C3D2867B; Thu, 16 Feb 2017 21:55:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 4071428679 for ; Thu, 16 Feb 2017 21:55:19 +0000 (UTC) Received: (qmail 1467 invoked by uid 550); 16 Feb 2017 21:55:02 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 1381 invoked from network); 16 Feb 2017 21:55:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ogC2INpCBYPqHtDWFE4YVfEJxDcIqb2BRf9Uz8fxhI0=; b=NEK2m5kHDoEuC8MfRCnP2brgLv4tvIcHg+ry0kOAAiVVGc+6Paaokn3UQcVbAYZquO T9z2TeOAQOt81ZzcK/sa7RP6PETccGh/BkSIwaRot0T112PAbf+j6/mYZ5gGE/KiX6Hl lTXvOvJWsyzUEWNSjx6pqcgivJXbUYRvJ/nNJ8JISEGTnXE8NGn+IwaWgsZnryUdi8Ja 9lQlQWSCAiBIFNxbrVUQKZOQfEakeYnBGVE3b6atGdmJ+m6vQXWlDdEMjzR8gM5zTeF6 siiQrKUtFkU8f/9caDhpDNKRDWR/cx0V46btZ1eciHaYaSn9BFkZ2YByGQKoH56Kndp9 iwSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ogC2INpCBYPqHtDWFE4YVfEJxDcIqb2BRf9Uz8fxhI0=; b=bYgdTs/XfoxMunxJ0hvicfPyjXxLgauJcSx9o0qG4lT3rb06Ni0p1KZnqSAK2qRSId XAz8ZjgrE472K5kC0hogbTVvyWbfaw2fPkfTLnJaNElO1SC5IgXrQqpKzj8EspQavtVP RsTn7tAstH/hrqAe6TpSSexD1TT4mYoWBLO/Qt4JqDsWiCANgT9eLiYTqt30wjmEYnr/ dQ+H0XtaT/WjQ9T1hss73EpZh4q+CFbzOZ7a2HtWCSV9oCVYxBVMPuAqMl0K3WTYSfsO 8nSI1W0PUa25BfivfHcaClIQ4VdVppjn+nLFAsoCVxt2QDctjs0GK/EG6hrlGCpvEY3V A60g== X-Gm-Message-State: AMke39n/EPANIKV3leviA66BHpu2JcwV1BbhCBFRlXiVUKU8b6YYR439+TzVJ2qT1pVK9/Er X-Received: by 10.84.140.36 with SMTP id 33mr5631576pls.136.1487282089224; Thu, 16 Feb 2017 13:54:49 -0800 (PST) From: Thomas Garnier To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Jonathan Corbet , Thomas Garnier , Kees Cook , Lorenzo Stoakes , Juergen Gross , Andy Lutomirski , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Jiri Kosina , Matt Fleming , Ard Biesheuvel , Boris Ostrovsky , Rusty Russell , Borislav Petkov , Christian Borntraeger , Brian Gerst , He Chen , "Luis R . Rodriguez" , Stanislaw Gruszka , Arnd Bergmann , Peter Zijlstra , Dave Hansen , Vitaly Kuznetsov , Paul Gortmaker , Josh Poimboeuf , Tim Chen , Andi Kleen , Jiri Olsa , Michael Ellerman , Joerg Roedel , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Andy Lutomirski Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-pm@vger.kernel.org, linux-efi@vger.kernel.org, xen-devel@lists.xenproject.org, lguest@lists.ozlabs.org, kvm@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Thu, 16 Feb 2017 13:54:38 -0800 Message-Id: <20170216215438.126111-4-thgarnie@google.com> X-Mailer: git-send-email 2.11.0.483.g087da7b7c-goog In-Reply-To: <20170216215438.126111-1-thgarnie@google.com> References: <20170216215438.126111-1-thgarnie@google.com> Subject: [kernel-hardening] [PATCH v4 4/4] KVM: VMX: Simplify segment_base X-Virus-Scanned: ClamAV using ClamSMTP The KVM segment_base function is confusing. This patch replaces integers with appropriate flags, simplify constructs and add comments. Signed-off-by: Thomas Garnier --- Based on next-20170213 --- arch/x86/kvm/vmx.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 99167f20bc34..91e619269128 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2060,27 +2060,37 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) static unsigned long segment_base(u16 selector) { struct desc_struct *d; - unsigned long table_base; + struct desc_struct *table_base; unsigned long v; + u32 high32; - if (!(selector & ~3)) + if (!(selector & ~SEGMENT_RPL_MASK)) return 0; - table_base = get_current_gdt_rw_vaddr(); - - if (selector & 4) { /* from ldt */ + /* LDT selector */ + if ((selector & SEGMENT_TI_MASK) == SEGMENT_LDT) { u16 ldt_selector = kvm_read_ldt(); - if (!(ldt_selector & ~3)) + if (!(ldt_selector & ~SEGMENT_RPL_MASK)) return 0; - table_base = segment_base(ldt_selector); + table_base = (struct desc_struct *)segment_base(ldt_selector); + } else { + table_base = get_current_gdt_rw(); } - d = (struct desc_struct *)(table_base + (selector & ~7)); + + d = table_base + (selector >> 3); v = get_desc_base(d); #ifdef CONFIG_X86_64 - if (d->s == 0 && (d->type == 2 || d->type == 9 || d->type == 11)) - v |= ((unsigned long)((struct ldttss_desc64 *)d)->base3) << 32; + /* + * Extend the virtual address if we have a system descriptor entry for + * LDT or TSS (available or busy). + */ + if (d->s == 0 && (d->type == DESC_LDT || d->type == DESC_TSS || + d->type == 11/*Busy TSS */)) { + high32 = ((struct ldttss_desc64 *)d)->base3; + v |= (u64)high32 << 32; + } #endif return v; }