-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No CPL Checks for Privileged Instructions #28
Comments
yes, I found that most hypervisors have this problem. |
Well actually if you open the Intel Software Developer Manual Vol3 and go to section "25.1.1 Relative Priority of Faults and VM Exits" you could see that you will not receive VM exits on instructions which fail privilege checks - these will generate GP exceptions. |
Hi, Sorry for the delayed reply. Can you provide sample code and steps to confirm the issue? As @alexalexroro pointed out, my understanding is that privilege check takes place prior to VM-exit, and below code caused STATUS_PRIVILEGED_INSTRUCTION exception regardless of existence of HyperPlatform. It seemed to support my understanding.
|
It appears you're right on Intel systems. On AMD this is not always the case -- for example see https://bugzilla.redhat.com/show_bug.cgi?id=1284941. My bad :) |
No problem. I am rather curious how you found the bug report. This report made me think that I should not attempt to support AMD systems hastily. Seems straightforward; in fact, lots of details need to be aware of ;) |
I haven't tested it but it appears you don't do any privilege checks in VmmpHandleDrAccess. Refer to intel manual "25.1.3 Instructions That Cause VM Exits Conditionally":
Keep in mind that you should not advance the guest instruction pointer when injecting a #GP due to privilege level. You can verify this by writing a usermode program that uses an instruction such as "mov dr7, 400h". |
@esoterix Thanks for flagging this up. Fixed it along with other DR register access improvement with fedf722. Test code attached: Issue28.zip |
Hi,
Many exit handlers for privileged instructions, such as XSETBV, MSR, IN/OUT, do not do appropriate checks for CPL and/or IOPL. As such, with HyperPlatform running, guest user-mode code is allowed to bypass ring permissions.
The text was updated successfully, but these errors were encountered: