[PULL,08/50] target/i386: Assert IOPL is 0 for user-only

Message ID	20210519183050.875453-9-richard.henderson@linaro.org
State	Accepted
Commit	0ab011cca08651349172187d574e2fb1316283ef
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Subject: [PULL 08/50] target/i386: Assert IOPL is 0 for user-only Date: Wed, 19 May 2021 13:30:08 -0500 Message-Id: <20210519183050.875453-9-richard.henderson@linaro.org> In-Reply-To: <20210519183050.875453-1-richard.henderson@linaro.org> References: <20210519183050.875453-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::32f; envelope-from=richard.henderson@linaro.org; helo=mail-ot1-x32f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: peter.maydell@linaro.org, Paolo Bonzini <pbonzini@redhat.com> Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	target/i386 translate cleanups \| expand [PULL,00/50] target/i386 translate cleanups [PULL,01/50] target/i386: Split out gen_exception_gpf [PULL,02/50] target/i386: Split out check_cpl0 [PULL,03/50] target/i386: Unify code paths for IRET [PULL,04/50] target/i386: Split out check_vm86_iopl [PULL,05/50] target/i386: Split out check_iopl [PULL,06/50] target/i386: Assert PE is set for user-only [PULL,07/50] target/i386: Assert CPL is 3 for user-only [PULL,08/50] target/i386: Assert IOPL is 0 for user-only [PULL,09/50] target/i386: Assert !VM86 for x86_64 user-only [PULL,10/50] target/i386: Assert CODE32 for x86_64 user-only [PULL,11/50] target/i386: Assert SS32 for x86_64 user-only [PULL,12/50] target/i386: Assert CODE64 for x86_64 user-only [PULL,13/50] target/i386: Assert LMA for x86_64 user-only [PULL,14/50] target/i386: Assert !ADDSEG for x86_64 user-only [PULL,15/50] target/i386: Introduce REX_PREFIX [PULL,16/50] target/i386: Tidy REX_B, REX_X definition [PULL,17/50] target/i386: Move rex_r into DisasContext [PULL,18/50] target/i386: Move rex_w into DisasContext [PULL,19/50] target/i386: Remove DisasContext.f_st as unused [PULL,20/50] target/i386: Reduce DisasContext.flags to uint32_t [PULL,21/50] target/i386: Reduce DisasContext.override to int8_t [PULL,22/50] target/i386: Reduce DisasContext.prefix to uint8_t [PULL,23/50] target/i386: Reduce DisasContext.vex_[lv] to uint8_t [PULL,24/50] target/i386: Reduce DisasContext popl_esp_hack and rip_offset to uint8_t [PULL,25/50] target/i386: Leave TF in DisasContext.flags [PULL,26/50] target/i386: Reduce DisasContext jmp_opt, repz_opt to bool [PULL,27/50] target/i386: Fix the comment for repz_opt [PULL,28/50] target/i386: Reorder DisasContext members [PULL,29/50] target/i386: Add stub generator for helper_set_dr [PULL,30/50] target/i386: Assert !SVME for user-only [PULL,31/50] target/i386: Assert !GUEST for user-only [PULL,32/50] target/i386: Implement skinit in translate.c [PULL,33/50] target/i386: Eliminate SVM helpers for user-only [PULL,34/50] target/i386: Mark some helpers as noreturn [PULL,35/50] target/i386: Simplify gen_debug usage [PULL,36/50] target/i386: Tidy svm_check_intercept from tcg [PULL,37/50] target/i386: Remove pc_start argument to gen_svm_check_intercept [PULL,38/50] target/i386: Remove user stub for cpu_vmexit [PULL,39/50] target/i386: Cleanup read_crN, write_crN, lmsw [PULL,40/50] target/i386: Pass env to do_pause and do_hlt [PULL,41/50] target/i386: Move invlpg, hlt, monitor, mwait to sysemu [PULL,42/50] target/i386: Unify invlpg, invlpga [PULL,43/50] target/i386: Inline user cpu_svm_check_intercept_param [PULL,44/50] target/i386: Eliminate user stubs for read/write_crN, rd/wrmsr [PULL,45/50] target/i386: Exit tb after wrmsr [PULL,46/50] target/i386: Tidy gen_check_io [PULL,47/50] target/i386: Pass in port to gen_check_io [PULL,48/50] target/i386: Create helper_check_io [PULL,49/50] target/i386: Move helper_check_io to sysemu [PULL,50/50] target/i386: Remove user-only i/o stubs

Message ID

20210519183050.875453-9-richard.henderson@linaro.org

State

Accepted

Commit

0ab011cca08651349172187d574e2fb1316283ef

Headers

Received-SPF: pass (google.com: domain of
	qemu-devel-bounces+patch=linaro.org@nongnu.org designates
	209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 08/50] target/i386: Assert IOPL is 0 for user-only
Date: Wed, 19 May 2021 13:30:08 -0500
Message-Id: <20210519183050.875453-9-richard.henderson@linaro.org>
In-Reply-To: <20210519183050.875453-1-richard.henderson@linaro.org>
References: <20210519183050.875453-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::32f;
	envelope-from=richard.henderson@linaro.org;
	helo=mail-ot1-x32f.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, Paolo Bonzini <pbonzini@redhat.com>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Series

target/i386 translate cleanups | expand

Commit Message

Richard Henderson May 19, 2021, 6:30 p.m. UTC

On real hardware, the linux kernel has the iopl(2) syscall which
can set IOPL to 3, to allow e.g. the xserver to briefly disable
interrupts while programming the graphics card.

However, QEMU cannot and does not implement this syscall, so the
IOPL is never changed from 0.  Which means that all of the checks
vs CPL <= IOPL are false for user-only.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Message-Id: <20210514151342.384376-9-richard.henderson@linaro.org>
---
 target/i386/tcg/translate.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

-- 
2.25.1

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 4c9194416d..b8cb7163ee 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -97,6 +97,7 @@  typedef struct DisasContext {
 
 #ifndef CONFIG_USER_ONLY
     uint8_t cpl;   /* code priv level */
+    uint8_t iopl;  /* i/o priv level */
 #endif
 
     int code32; /* 32 bit code segment */
@@ -116,7 +117,6 @@  typedef struct DisasContext {
     int addseg; /* non zero if either DS/ES/SS have a non zero base */
     int f_st;   /* currently unused */
     int vm86;   /* vm86 mode */
-    int iopl;
     int tf;     /* TF cpu flag */
     int jmp_opt; /* use direct block chaining for direct jumps */
     int repz_opt; /* optimize jumps within repz instructions */
@@ -153,9 +153,11 @@  typedef struct DisasContext {
 #ifdef CONFIG_USER_ONLY
 #define PE(S)     true
 #define CPL(S)    3
+#define IOPL(S)   0
 #else
 #define PE(S)     (((S)->flags & HF_PE_MASK) != 0)
 #define CPL(S)    ((S)->cpl)
+#define IOPL(S)   ((S)->iopl)
 #endif
 
 static void gen_eob(DisasContext *s);
@@ -629,7 +631,7 @@  static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip,
 {
     target_ulong next_eip;
 
-    if (PE(s) && (CPL(s) > s->iopl || s->vm86)) {
+    if (PE(s) && (CPL(s) > IOPL(s) || s->vm86)) {
         tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
         switch (ot) {
         case MO_8:
@@ -1307,7 +1309,7 @@  static bool check_cpl0(DisasContext *s)
 /* If vm86, check for iopl == 3; if not, raise #GP and return false. */
 static bool check_vm86_iopl(DisasContext *s)
 {
-    if (!s->vm86 || s->iopl == 3) {
+    if (!s->vm86 || IOPL(s) == 3) {
         return true;
     }
     gen_exception_gpf(s);
@@ -1317,7 +1319,7 @@  static bool check_vm86_iopl(DisasContext *s)
 /* Check for iopl allowing access; if not, raise #GP and return false. */
 static bool check_iopl(DisasContext *s)
 {
-    if (s->vm86 ? s->iopl == 3 : CPL(s) <= s->iopl) {
+    if (s->vm86 ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) {
         return true;
     }
     gen_exception_gpf(s);
@@ -6756,7 +6758,7 @@  static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
                                                           & 0xffff));
                 }
             } else {
-                if (CPL(s) <= s->iopl) {
+                if (CPL(s) <= IOPL(s)) {
                     if (dflag != MO_16) {
                         gen_helper_write_eflags(cpu_env, s->T0,
                                                 tcg_const_i32((TF_MASK |
@@ -8474,23 +8476,25 @@  static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
     CPUX86State *env = cpu->env_ptr;
     uint32_t flags = dc->base.tb->flags;
     int cpl = (flags >> HF_CPL_SHIFT) & 3;
+    int iopl = (flags >> IOPL_SHIFT) & 3;
 
     dc->cs_base = dc->base.tb->cs_base;
     dc->flags = flags;
 #ifndef CONFIG_USER_ONLY
     dc->cpl = cpl;
+    dc->iopl = iopl;
 #endif
 
     /* We make some simplifying assumptions; validate they're correct. */
     g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0));
     g_assert(CPL(dc) == cpl);
+    g_assert(IOPL(dc) == iopl);
 
     dc->code32 = (flags >> HF_CS32_SHIFT) & 1;
     dc->ss32 = (flags >> HF_SS32_SHIFT) & 1;
     dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1;
     dc->f_st = 0;
     dc->vm86 = (flags >> VM_SHIFT) & 1;
-    dc->iopl = (flags >> IOPL_SHIFT) & 3;
     dc->tf = (flags >> TF_SHIFT) & 1;
     dc->cc_op = CC_OP_DYNAMIC;
     dc->cc_op_dirty = false;

[PULL,08/50] target/i386: Assert IOPL is 0 for user-only

Commit Message

Patch