On 04/01/2018 01:16, Andy Lutomirski wrote: >> Note that the value I'm storing in HOST_FS_BASE and HOST_GS_BASE is >> only used if FS/GS selector is zero. If FS/GS selector is not >> zero, it is not used. Does that avoid this issue? >> > I'm not convinced that this is correct. It's not obviously a > security problem in the context of KVM, but a lot of state can leak > this way. > > My general preference would be to make the code obviously fully > reload the host state. I'll try to write a v3 that looks more obviously correct. Paolo
