On 2014-06-30 17:01, Paolo Bonzini wrote: > Il 29/06/2014 17:12, Jan Kiszka ha scritto: >> From: Jan Kiszka <jan.kiszka@xxxxxxxxxxx> >> >> We import the CPL via SS.DPL since ae9fedc793. However, we fail to >> export it this way so far. This caused spurious guest crashes, e.g. of >> Linux when accessing the vmport from guest user space which triggered >> register saving/restoring to/from host user space. >> >> Signed-off-by: Jan Kiszka <jan.kiszka@xxxxxxxxxxx> >> --- >> >> Just in time for the next match :D >> >> arch/x86/kvm/svm.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c >> index ec8366c..b5e994a 100644 >> --- a/arch/x86/kvm/svm.c >> +++ b/arch/x86/kvm/svm.c >> @@ -1462,6 +1462,7 @@ static void svm_get_segment(struct kvm_vcpu *vcpu, >> */ >> if (var->unusable) >> var->db = 0; >> + var->dpl = to_svm(vcpu)->vmcb->save.cpl; >> break; >> } >> } >> > > Thanks. In theory this is not necessary, the SS.DPL should be the same > as the CPL according to the manuals (the manual say that the SS.DPL > "should match" the CPL, and that's the only reason why I included the > import in ae9fedc793). But apparently this is not the case. 15.5.1: "When examining segment attributes after a #VMEXIT: [...] • Retrieve the CPL from the CPL field in the VMCB, not from any segment DPL." Jan
Attachment:
signature.asc
Description: OpenPGP digital signature
