Re: [PATCH] KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.
From: Quentin Casasnovas <hidden>
Date: 2016-06-24 13:02:05
Also in:
kvm, lkml
From: Quentin Casasnovas <hidden>
Date: 2016-06-24 13:02:05
Also in:
kvm, lkml
On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote:
On 18/06/2016 11:01, Quentin Casasnovas wrote:quoted
Cross-checking the KVM/VMX VMREAD emulation code with the Intel Software Developper Manual Volume 3C - "VMREAD - Read Field from Virtual-Machine Control Structure", I found that we're enforcing that the destination operand is NOT located in a read-only data segment or any code segment when the L1 is in long mode - BUT that check should only happen when it is in protected mode. Shuffling the code a bit to make our emulation follow the specification allows me to boot a Xen dom0 in a nested KVM and start HVM L2 guests without problems.That's great, and I'm applying the patch, but it's also pretty weird. :) Do you have a pointer to Xen source code that does a VMREAD into a read-only data segment or a code segment?
It is indeed pretty weird. Looking at the Xen stack trace, it looks like the vmread is writing to an on-stack buffer, and surely it must be writable so I wonder if Xen might not be using an executable stack for some reason? That would be a bit scary so I'm surely missing something. Is there an easy way to know from my KVM host the different segment permission setup by the guest? Quentin