On 27.04.2017 13:25, Paolo Bonzini wrote: > > > On 27/04/2017 10:29, David Hildenbrand wrote: >>> arch/x86/kvm/vmx.c | 55 ++++++++---------------------------------------------- >>> 1 file changed, 8 insertions(+), 47 deletions(-) >> Nice! So we really only have to check vmxon / pointer / features for >> vmxon and for the others only vmxon. > > Still not good, CR4.VMXE has to be checked because we always run the > guest with CR4.VMXE set (see section 23.8 in the SDM). > > Paolo > >> Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> Looking at the pseudocode of VMXON (30-27) (and friends), it looks like the hardware performs the following checks before testing for non-root operation. (register operand) -> #UD (cr4.vmxe = 0) -> #UD (rflags.vm = 1) -> #UD (lma = 1) -> #UD (cs.l) -> #UD I was assuming cr4.vmxe might come from the read shadow, but as I learned shadows are only for MOV/SMSW executed in the guest. So you're of course right, VMXE would be always active for us. Check for (in VMX non-root operation) and triggering the VMexit is done before checking CPL > 0. So maybe also the CPL check also has to stay. I would really like to see a test case for that. And a brain dump of Paolo :) -- Thanks, David
