Thread (6 messages) 6 messages, 2 authors, 2016-06-29

Re: [PATCH] KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.

From: Quentin Casasnovas <hidden>
Date: 2016-06-24 13:02:05
Also in: kvm, lkml

On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote:

On 18/06/2016 11:01, Quentin Casasnovas wrote:
quoted
Cross-checking the KVM/VMX VMREAD emulation code with the Intel Software
Developper Manual Volume 3C - "VMREAD - Read Field from Virtual-Machine
Control Structure", I found that we're enforcing that the destination
operand is NOT located in a read-only data segment or any code segment when
the L1 is in long mode - BUT that check should only happen when it is in
protected mode.

Shuffling the code a bit to make our emulation follow the specification
allows me to boot a Xen dom0 in a nested KVM and start HVM L2 guests
without problems.
That's great, and I'm applying the patch, but it's also pretty weird. :)
 Do you have a pointer to Xen source code that does a VMREAD into a
read-only data segment or a code segment?
It is indeed pretty weird.  Looking at the Xen stack trace, it looks like
the vmread is writing to an on-stack buffer, and surely it must be writable
so I wonder if Xen might not be using an executable stack for some reason?
That would be a bit scary so I'm surely missing something.

Is there an easy way to know from my KVM host the different segment
permission setup by the guest?

Quentin
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help